This policy applies to all personal information knowingly received and processed by the Company in the United States from the European Economic Area including, but not limited to, personal information collected from the Company’s business customers concerning their employees and/or customers in the context of the services the Company performs for its clients.
“The Company” means ZippyYum, its predecessors, and successors.
“Personal information” means information that identifies or reasonably may identify a natural person. Personal information does not include anonymized information or aggregate information to the extent an individual’s identity cannot reasonably be derived from such information. In addition, the Company reserves all rights to use public information or information as to which an individual has given explicit consent for use, consistent with the Privacy Shield Framework.
“Agent” means any third party that processes, collects, or uses personal information pursuant to the instructions of, and solely for the benefit of, the Company, or to which the Company discloses personal information for use on its behalf.
“Sensitive personal information” means personal information that reveals a natural person’s race, ethnic origin, political opinions, religious or philosophical beliefs, criminal record, or trade union membership, or that concerns a natural person’s sex life or health.
The privacy principles in this policy are based on and shall be interpreted in a manner not inconsistent with the Privacy Shield Framework.
The Company is contracted by its clients to process their employees’ and/or customers’ personal data for the purpose of business process outsourcing functions such as assistance with software functionality, development and support. During that process, information collected may include personal information about an individual. This information is collected to facilitate the Company’s client’s human resources information management and computer systems functionality in an efficient, organized, and comprehensive matter. The Company is not responsible for the content of the information it collects, which may include personal information, nor is it responsible for the way its clients treat their employees’ and customers’ personal information.
The Company generally does not collect information directly from individuals within the EEA. It merely acts as a data processor for its clients. If the Company does collect information directly from individuals within the EEA, it will offer such individuals the choice to opt out of having their personal information disclosed to a third party that is not an agent or used for a purpose other than for which it was collected originally. Similarly, to the extent required by the Privacy Shield Framework, the Company will offer individuals the choice to opt in to having their sensitive personal information disclosed to a third party that is not an agent or used for a purpose other than for which it was collected originally.
The Company will obtain reasonable assurances from its agents that they will safeguard personal information knowingly collected by the Company concerning individuals residing in the EEA consistently with this policy and the Privacy Shield Framework. Examples of appropriate assurances may include (1) a contract obliging the agent to afford a level of protection to the personal information that is at least equivalent to the Privacy Shield Framework, (2) Privacy Shield certification by the agent, or (3) the agent being subject to EU Directive 95/46/EC or other law providing an adequate level of privacy protection.
The Company also may disclose personal information for other purposes or to other third parties when an individual has consented to or requested such disclosure. Please be aware that the Company may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. The Company is liable for appropriate onward transfers of personal data to third parties.