Safe Harbor Privacy Policy

Planet Data Safe Harbor Privacy Policy

Planet Data Solutions, Inc. complies with the U.S.-EU Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. The company has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view the company’s certification, please visit
Safe Harbor Site

At Planet Data Solutions Inc (“Planet Data”) we recognize the importance of privacy to our clients and we strive to safeguard the personal information we collect and use. This Safe Harbor Privacy Policy (“Policy”) sets out the privacy principles that Planet Data follows in relation to any personal information transferred from the European Union (“EU”) to the United States (“US”).

Scope

This Policy applies to all personal information received by Planet Data from the EU in electronic format or in structured manual filing systems. In most cases, the data we receive will relate to our clients and their business activities and may include personal information about our clients’ employees, business contacts, customers and any other individuals with whom our clients have dealings. When we collect and process personal information provided to us by our clients we do so as a “data processor” acting on the instructions of our clients. Planet Data does not actively collect personal information from individuals in the EU. Planet Data’s possession and use of personal information is largely incidental to our primary task of providing electronic discovery services to our clients.

Definintions

Certain words and phrases are defined within this Policy. In addition, the words set out below have the following meaning:

    “EEA” means the 25 European member states, plus Norway, Iceland and Liechtenstein;
    “EU Directive” means the EU directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
    “Personal information” means any information or set of information that identifies an individual, or could be used by or on behalf of Planet Data to identify an individual. Personal information does not include data that is encoded or is anonymous.
    “Sensitive personal information” means information about an individual’s medical or health condition, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or sex life. In addition, Planet Data will also treat as sensitive any personal information received from a third party where the third party treats and identifies it as sensitive and has notified us of this fact.

Safe Harbor Privacy Principles

The privacy principles in this Policy are based on the Safe Harbor Principles which were agreed between the United States Department of Commerce and the European Commission. Adherence by Planet Data to these Safe Harbor Principles will provide the necessary level of protection required by the EU Directive in respect of transfers of personal information to countries outside the EEA.

Planet Data’s adherence to these principles may be limited in certain circumstances, in particular:

    (a) where there is a conflicting or overriding legal obligation;
    (b) to the extent expressly permitted by any applicable law, rule or regulation; or
    (c) where Planet Data receives personal information as a “data processor” acting on the instructions of a client. As Planet Data will be receiving personal information from the EU merely for processing, it will not be required to apply the Notice, Choice, Data Integrity and Access principles to that information . The client will remain responsible for the personal information and its processing in accordance with EU law.

Notice

Where Planet Data obtains personal information from individuals in the EU, it will inform them of:

    the purposes for which it collects and uses their personal information
    the types of third parties (if any) to which Planet Data discloses that information, and
    the choices and means, if any, that Planet Data offers individuals for limiting the use and disclosure of their personal information.

Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to Planet Data, or as soon as practicable thereafter, and in any event before Planet Data uses such information for a purpose other than that for which it was originally collected or processed by the transferring organisation, or discloses it for the first time to a third party.

If Planet Data receives personal information from its subsidiaries, affiliates, clients or other entities in the EU, it will use and disclose such information in accordance with the notices provided by such entities and the consents or choices made by the individuals to whom such personal information relates.

Choice

Planet Data will offer individuals the opportunity to choose (opt-out) whether their personal information is (a) to be disclosed to a third party (unless that disclosure is allowed or required by contract), or (b) to be used for a purpose that is incompatible with the purpose for which that information was originally collected or subsequently authorized by the individual.

For sensitive personal information, Planet Data will give individuals the opportunity to give explicit consent (opt-in) to the disclosure of the information to a third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.

Planet Data will provide individuals with clear and conspicuous, readily available and affordable mechanisms to exercise their choices.

Onward Transfers

Planet Data will obtain assurances from its agents that they will safeguard personal information consistently with this Policy. An “agent” is any third party that collects or uses personal information in order to perform tasks on behalf of Planet Data. Examples of appropriate assurances that may be provided by agents include:

    contractual assurances to provide the same level of protection as required by the Safe Harbor Principles
    being subject to the EU Directive
    certifying with the Safe Harbor or
    being located in a country that has been deemed to provide an adequate level of protection by the European Commission (eg Canada or Switzerland).

Where Planet Data has knowledge that an agent is using or disclosing personal information in a manner contrary to this Policy, Planet Data will take reasonable steps to prevent or stop the use or disclosure.

Security

Planet Data will take reasonable precautions to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.

Data Integrity

Planet Data will use personal information only in ways that are relevant and compatible with the purposes for which that information was collected or subsequently authorized by the individual. Planet Data will take reasonable steps to ensure that personal information is reliable for its intended use, accurate, complete and current.

Access

Upon request, Planet Data will grant individuals reasonable access to personal information that it holds about them. In addition, Planet Data will take reasonable steps to permit individuals to correct, amend, or delete information that is shown to be inaccurate or incomplete.

Enforcement

Planet Data will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy. Any employee that Planet Data determines is in violation of this Policy will be subject to disciplinary action up to and including termination of employment.

The Federal Trade Commission has jurisdiction to hear any claims of unfair or deceptive practices or violations of laws or regulations governing privacy.

Dispute Resolution

Any questions or concerns regarding the use or disclosure of personal information should be directed to the Planet Data Privacy Office at the address given below. Planet Data will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy. For complaints that cannot be resolved between Planet Data and the complainant, Planet Data agrees to cooperate with data protection authorities located in the EU (or their authorized representatives) and participate in any dispute resolution procedures established by such authorities pursuant to the Safe Harbor Principles.

Planet Data supports industry self-regulation as a flexible means for keeping pace with emerging privacy issues.

Contact Information

Please refer all questions or comments regarding this Policy:

Planet Data
Att: Laura Marques
555 Taxter Road
Suite 150
Elmsford, NY 10523
914-593-6900

info@planetds.com

This Safe Harbor Policy is available from Planet Data Safe Harbor Privacy Policy

Changes To This Safe Harbor Policy

This Policy may be amended from time to time, consistent with the requirements of the Safe Harbor Principles. A notice will be posted on the Planet Data web page at Planet Data Site whenever this Safe Harbor Privacy Policy is changed in any material way.


The effective date of this Safe Harbor Policy is: September 30, 2006