The services we provide require us to collect, store and process data. When doing so, we are committed to ensuring the protection and security of all data pertaining to our customers, prospects, suppliers, business partners and employees.
We want our company’s name to stand for setting the highest possible standard in data protection. As a globally operating corporation we view it as our duty to meet, and when possible exceed, requirements of all applicable laws and regulations and industry standards as well as implement the industry’s best practices.
As part of the overall compliance effort, and particularly as part of the participation in the US-EU Privacy Shield and US-Swiss Privacy Shield, we are committed to comply with the Privacy Principles pertaining to (1) Notice, (2) Data Integrity and Purpose Limitation, (3) Choice, (4) Security, (5) Access, (6) Accountability for Onward Transfer, and (7) Recourse, Enforcement and Liability. Detailed explanation of these Principles can be found on the US-EU Privacy Shield website at https://www.privacyshield.gov .
Our managers and employees are obligated to adhere to the ITC Global Data Protection Policy and observe all applicable data protection laws and regulations.
DEFINITIONS. Throughout this Notice we use the terms “Personal Information” and “Sensitive Personal Information”. The meaning of those terms may vary depending on the jurisdiction. For the purposes of the ITC Global Data Protection Policy and this Notice the following definitions will apply to those terms:
"Personal Information" means any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.
"Sensitive Personal Information" means personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information pertaining to the sex life of the individual.
INFORMATION WE COLLECT AND HOW WE USE IT. In order to provide the service offerings, it is sometimes necessary for us to collect certain Personal Information about users of such service offerings, including, but not limited to, account user name, IP address (local and public), session information and other usage data. It is important to note that some of this Personal Information may be provided to us by our service partners. To the extent necessary for management of the service offerings and statistical purposes, we may retain collected Personal Information for a limited period of time, after which time the information will be discarded or destroyed. Where possible, any such retained Personal Information will be stripped of personal identifiers and rendered anonymous.
Customer billing and carriage of communications traffic associated with some of the service offerings may be conducted by one or more of our service partners, e.g., a user’s home Internet service provider or an airline’s wireless Internet service provider. As a result, an end user’s customer relationship is with such service provider. In most cases we do not maintain a direct customer relationship with end users of the service, and do not collect, retain or have access to a user’s account information, including personal information.
PRIVACY SHIELD. ITC Global, Inc. participates in the Privacy Shield framework. Our certification with the Privacy Shield may be verified by accessing the Privacy Shield List at https://www.privacyshield.gov/Registration# .
PRIVACY SHIELD PRINCIPLES. We comply with the seven Privacy Principles established by the Privacy Shield:
1. NOTICE. By providing this Notice we inform you about (1) our participation in the Privacy Shield and provide above a link to the Privacy Shield List, (2) the types of personal data we collect and the adherence of all our business units, subsidiaries and affiliates to the Principles, (3) our commitment to treat all personal data received from the EU in reliance on the Privacy Shield in accordance with the Principles, (4) the purposes for which it collects and uses personal information, (5) how to contact us with any inquiries or complaints, including any relevant establishment in the EU that can respond to such inquiries or complaints, (6) the type or identity of third parties to which we disclose personal information, and the purposes for which we do so, (7) the right of individuals to access their personal data, (8) the choices and means we offer individuals for limiting the use and disclosure of their personal data, and (9) the independent dispute resolution body designated to address complaints and provide appropriate and free-of-charge recourse, (10) being subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission, the U.S. Department of Transportation or any other U.S. authorized statutory body, (11) your right, under certain conditions, to invoke binding arbitration, (12) our requirement to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, and (13) our liability in cases of onward transfers to third parties.
2. CHOICE. We offer you the opportunity to choose (opt out) whether your personal information is (1) to be disclosed to a third party or (2) to be used for a purpose that is materially different from the purpose for which it was originally collected or subsequently authorized by you. If this option is not offered to you automatically when the information is collected please contact us at the contact information provided below.
Please note that in some cases it is not necessary to provide choice when disclosure is made to a third party that is acting as an agent to perform tasks on behalf of and under the instructions of the organization. However, we will always enter into a contract with the agent.
For sensitive personal information, we will obtain the affirmative express consent (“opt-in”) from you if such information is to be (1) disclosed to a third party or (2) used for a purpose other than those for which it was originally collected or subsequently authorized by you through the exercise of opt-in choice. In addition, we should treat as sensitive any personal information received from a third party where the third party identifies and treats it as sensitive.
3. ACCOUNTABILITY FOR ONWARD TRANSFER. To transfer personal information to a third party acting as a controller, we comply with the Notice and Choice Principles. We enter into a contract with the third-party controller that provides that such data may only be processed for limited and specified purposes consistent with the consent provided by you and that the recipient will provide the same level of protection as the Principles.
To transfer personal data to a third party acting as an agent, we: (1) transfer such data only for limited and specified purposes; (2) ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Principles; (3) take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with the our obligations under the Principles; (4) upon notice, take reasonable and appropriate steps to stop and remediate unauthorized processing; and (5) provide a summary or a representative copy of the relevant privacy provisions of its contract with that agent to the Privacy Shield organization upon request.
4. SECURITY. We have in place reasonable and appropriate measures to protect the Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the personal data.
5. DATA INTEGRITY AND PURPOSE LIMITATION. Our processing of Personal Information is limited to the information that is relevant for the purposes of processing. We do not process Personal Information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you. To the extent necessary for those purposes, we take reasonable steps to ensure that personal data is reliable for its intended use, accurate, complete, and current. We will adhere to the Principles for as long as it retains such information.
6. ACCESS. We will provide you with access to your Personal Information that we hold and you will be able to correct, amend, or delete that information where it is inaccurate, or has been processed in violation of the Principles, except where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than you would be violated.
7. RECOURSE, ENFORCEMENT AND LIABILITY. Effective privacy protection must include robust mechanisms for assuring compliance with the Principles, recourse for individuals who are affected by non-compliance with the Principles, and consequences for the organization when the Principles are not followed. Therefore, our Policy provides for: (1) readily available independent recourse mechanisms by which your complaints and disputes will be investigated and expeditiously resolved at no cost to you and by reference to the Principles, and damages awarded where the applicable law or private-sector initiatives so provide; (2) follow-up procedures for verifying that the attestations and assertions we make about our privacy practices are true and that privacy practices have been implemented as presented and, in particular, with regard to cases of noncompliance; and (3) obligations to remedy problems arising out of our failure to comply with the Principles and compliance with any sanctions assessed against us.
ITC GLOBAL RECOURSE MECHANISM. Any questions or concerns regarding the use or disclosure of personal information should be directed to address listed in the Contact section of this notice, below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information by reference to the principles contained in this Policy. For complaints that cannot be resolved directly between us and you, we have agreed to participate in the following dispute resolution procedures in the investigation and resolution of complaints to resolve disputes pursuant to the Privacy Shield Principles: (1) for disputes involving employment-related personal information received by us from the EEA, we have agreed to cooperate with the data protection authorities in the EEA and to participate in the dispute resolution procedures of the panel established by the European data protection authorities; (2) for disputes involving all other personal information received by us from the EEA, we have agreed to use International Centre for Dispute Resolution, a division of the American Arbitration Association dispute resolution (“ICDR/AAA”). Individuals who submit a question or concern to us and who do not receive acknowledgment of the inquiry or who think their question or concern has not been satisfactorily addressed should then contact the ICDR/AAA on the Internet (http://www.icdr.org), by mail, phone or by fax. The website lists the addresses, phone/fax number for your location. Inquiries by mail or fax should identify ITC Global, Inc. as the company to which a concern or question has been submitted, and include a description of the privacy concern, the name of the individual submitting the inquiry, and whether ICDR/AAA may share the details of the inquiry with us. ICDR/AAA will act as a liaison to our company to resolve these disputes. The dispute resolution process shall be conducted in English. Please note that we are also subject to the jurisdiction of the U.S. Federal Trade Commission and other U.S. government agencies.
Last revised: 13 April 2017. ©2017 ITC Global, Inc. All rights reserved.