The European Union (“EU”) adopted Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (“EU Directive”), which requires EU member countries to adopt laws protecting personal data collected within their borders. Switzerland adopted the Swiss Federal Data Protection Act (“SFDPA”) and the Data Protection Ordinance (“DPO”), which regulate all acts of personal data processing. In accordance with Article 2a of the EU Directive, and the SFDPA and DPO, personal data includes any information relating to an identified or identifiable natural person (“Personal Data”). The EU Directive, SFDPA and DPO allow the transfer of Personal Data only to countries that have data protection laws deemed “adequate” under the respective legal frameworks. The US Department of Commerce has agreed on the requirements to enable US Companies to satisfy the mandate under EU law and Swiss law that adequate protection be given to Personal Data transferred from the EU or Switzerland to the US. For EU and Swiss citizens’ Personal Data, these requirements are memorialized in the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework, respectively.
Policy Applicability and Enforcement Authority
Business of CDS
CDS provides electronic discovery support services to law firms, corporate clients and government agencies that are parties to various types of litigation, investigations and regulatory proceedings. All data CDS collects is kept pursuant to strict privacy and confidentiality protocols. It is CDS’ practice to enter into confidentiality and non-disclosure agreements to protect data, including Personal Data, received in connection with all client engagements.
CDS commits to comply with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework, as set forth by the US Department of Commerce for the collection, use and retention of Personal Data from European Union member countries and Switzerland, respectively. Accordingly, CDS has certified that it complies with each of the seven Privacy Shield Principles of Notice; Choice; Accountability for Onward Transfer; Security; Data Integrity and Purpose Limitation; Access; and Recourse, Enforcement and Liability. In the event of any conflict between the provisions of this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the EU-US and Swiss-US Privacy Shield programs, and to view CDS’ certification pages, please visit http://www.privacyshield.gov.
Collection and Disclosure of Personal Data from the Site, and from the European Union and Switzerland
Users may interact with the Site without disclosing any Personal Data to CDS. However, we may require certain Personal Data, including a user’s name, business address, and business e-mail or business telephone details when a user (i) chooses to send CDS a message via the Site or (ii) downloads information contained in the Site. CDS subscribes to the following internet privacy principles in connection with these two scenarios:
- CDS may utilize the Personal Data a user provides to market its products and services to the user
- CDS has strict policies in place to protect the security and confidentiality of all user Personal Data we receive
- All users have the right to discontinue receiving commercial email from CDS at any time
- CDS does not share or sell user information to third parties
- CDS does not automatically log Personal Data from users of the Site
- CDS does not collect information about users of the Site from other sources
CDS may collect EU or Swiss citizens’ Personal Data during the course of providing electronic discovery support services to clients under the EU-US Privacy Shield and the Swiss-US Privacy Shield programs, respectively. Types of Personal Data CDS may collect include names, mailing and e-mail addresses, identification numbers, and data related to an individual’s physical, physiological, mental, economic, political, religious, cultural or social identity.
CDS limits disclosure of Personal Data to employees and other EU-US Privacy Shield and Swiss-US Privacy Shield participants that have a specific business purpose for collecting, maintaining and processing such Personal Data. CDS may disclose Personal Data as required by law, regulation or the rules of practice of a governmental or quasi-governmental body. CDS may also disclose Personal Data to law enforcement officials in response to a lawful request made pursuant to national security interests or law enforcement requirements. Though we do not currently anticipate a change in our ownership, in the event of a sale of the company or a significant portion of its assets, CDS may disclose or transfer Personal Data to a purchasing party that is EU-US Privacy Shield-compliant and/or Swiss-US Privacy Shield-compliant, as applicable.
CDS acknowledges its potential liability in cases of its onward transfer of Personal Data to third parties that do not meet the criteria set forth in the immediately preceding paragraph. You have the right to opt-out of any Onward Transfer of your personal data to a third party or if your Personal Data is to be used for a purpose different from the purpose for which it was originally collected. You have the right to opt-in to allow collection of sensitive Personal Data (e.g., data relating to your racial or ethnic origin, political opinions, religious beliefs, health, sexual preference, criminal convictions, etc.).
Limitations on Use and Disclosure of Personal Data
CDS limits access to Personal Data to those persons in CDS’ organization, or agents of CDS, that have a specific business purpose for maintaining and processing such Personal Data. Individuals who have been granted access to Personal Data are aware of their responsibilities to protect the security, confidentiality and integrity of that information and have been provided training and instruction on how to do so. CDS takes appropriate measures to protect the security of Personal Data in order to ensure it is only accessed for its intended use. Personal data is protected from loss, misuse and unauthorized access.
Inquiries and Complaints
In compliance with the EU-US and Swiss-US Privacy Shield Principles, CDS commits to respond to inquiries and resolve complaints about your privacy and our collection or use of your Personal Data. Note that you have the right to access, correct or delete your Personal Data processed by CDS. Any European Union citizen or Swiss individual with inquiries or complaints regarding this Policy and/or his or her Personal Data should first contact the following CDS representative:
Dino E. Medina, Esq.
CDS has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint. There is no cost to you to utilize the BBB EU PRIVACY SHIELD complaint resolution process.
As a last resort, privacy complaints that remain unresolved after pursuing these and other channels may be subject to binding arbitration before the Privacy Shield Panel created jointly by the US Department of Commerce and the European Commission. The Privacy Shield Panel (which consists of one or three arbitrators, as agreed by the parties) has the authority to impose individual-specific, non-monetary equitable relief (e.g., access, correction, deletion, or return of the individual’s data in question) necessary to remedy the violation of the Privacy Shield Principles solely with respect to the individual. These are the only powers of the Privacy Shield Panel with respect to remedies. In considering remedies, the Privacy Shield Panel is required to consider other remedies that have already been imposed by other mechanisms under the EU-US and Swiss-US Privacy Shield, respectively. No monetary damages, costs, fees, or other economic remedies are available, and each party bears its own attorney’s fees.
CDS may amend this Policy from time-to-time by posting a revised Policy on the Site, which is located at http://www.cdslegal.com. CDS will only amend this Policy in a manner consistent with the requirements of the EU-US and the Swiss-US Privacy Shield and other applicable law. This policy was updated on April 21, 2017.