General Data Protection Regulation (GDPR) and EU-U.S. Privacy Shield Framework
Updated: June 28, 2018
This Policy Addresses:
- A. Personal Data Collected
- B. Anaqua's Use of PD -- General
- C. Licensee's Use of PD -- Software
- D. Licensee's Use of PD -- Hosting Services
- E. Client Services
- F. Other Services
- G. Enhancement of the Customer Experience
- H. Information Disclosed to Third Parties
- I. On-Line Information
- J. Security Measures
- K. Links
- L. Policy Updates
- M. Security Breaches
- N. Contact Us and Opt Out
- O. EU-U.S. Privacy Shield Framework and GDPR
A. Personal Data Collected
As a general principle, Anaqua limits the information collected about you to only what is needed for conducting our business, including the offering of products and services by us or by third parties that might be of interest to you. “Personal Data” (PD) means any information that identifies you directly or indirectly, including, without limitation, by reference to your name, e-mail address, login ID and other contact or location data or to one of more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity. You may choose to provide PD to Anaqua in a number of ways: in person, telephonically, by mobile app, by email or electronically via our websites. Examples of how you may share PD with us include: requesting a brochure or product information, issuing a RFP, ordering software or services from us, responding to Anaqua surveys, attending Anaqua-sponsored events or conferences, or applying for a job. We may also obtain PD from third parties (for example, credit agencies or background checks).
General Examples of PD are:
- Name (including company name for business customers)
- E-mail address
- Credit card number, financial/bank account number or wire transfer information, including routing numbers and instructions
- Passwords or personal identification codes (PINs)
- Date of birth
- Social Security number or other government identification number
- Employee number
- Professional employment information
- Company contact information for business customers
- Mailing address
- Telephone number
- IP Address allowing you to access our internet services
Anaqua may compile or aggregate PD from numerous customers or Web visitors to collect data about groups of customers or potential customers or categories of service. Anaqua does not consider this “aggregate” information as PD because the aggregated information does not contain the PD of any individual customer or Web visitor.
B. Anaqua's use of Personal Data -- General
Anaqua uses PD to provide products and services to meet our customers' needs, including new products or services. Anaqua may share PD with any Anaqua-affiliated company, and these companies are subject to the terms of this Policy and to our Outsourcing Partners and third parties as addressed below.
Where we use suppliers, service providers and consultants (“Outsourcing Partners”) in connection with our business activities, they may have access to your information which they will process on our behalf.
Anaqua uses employee PD to communicate with and manage our employees.
Anaqua retains PD only as long as is necessary for Anaqua to comply with business, tax and legal requirements. For customers, partners, vendors and employees, this retention period is likely to be the entire time you are our customer or employee or otherwise have a relationship with us, depending on the type of PD. After our relationship is terminated we will keep your PD for a reasonable period, to maintain our records in accordance with the law and our legitimate business needs. We may keep an anonymized form of your PD, which will no longer refer to you, for statistical purposes without time limits, to the extent that we have a legitimate and lawful reason to do so.
Anaqua commits to cooperate with EU data protection authorities and comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship.
C. Licensees' use of Personal Data -- Software
Anaqua’s licensees can use our Software products to collect PD from their employees, affiliates, law firms and agents. The collection, access, administration and storage of this PD is under the control of our licensees, with generally no involvement or access by Anaqua personnel. An occasional exception to this statement is if a client provides Anaqua access to their Anaqua software, usually for the purposes of diagnosing and fixing a software program error.
D. Licensees' use of Personal Data -- Hosting Services
Anaqua Licensees contract with Anaqua to provide hosting services for their Anaqua software. When we do so, we always utilize a data center that is at least SSAE 16 compliant, and whose practices and infrastructure comply with the EU-U.S. Privacy Shield Framework regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Anaqua participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. Anaqua is committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List. https://www.privacyshield.gov/list.
Anaqua is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Anaqua complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Anaqua is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Anaqua may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
Our licensees have the responsibility for collecting and storing PD in the Anaqua software that we host for them. Anaqua technical support employees may have occasional access to the Licensee-collected PD. This access in incidental to the Anaqua employees' performance of their IT-related duties for the technical maintenance and backup of the hosting environment. Backups of Licensee’s data are always encrypted..
E. Client Services
F. Other Services
G. Enhancement of the Customer Experience
Because we appreciate the trust you have placed in us, we continually look for ways to enhance your customer experience, both on our web site and with our software products. We customarily host an annual user Conference, and obtain PD in connection with that event. From time-to-time, we may notify you about an Anaqua product or service using the information you have provided to us either in person, telephonically or electronically by visiting our websites, including information you provide to use our services. We strive to limit our offers to those we think you would benefit from and appreciate receiving. We want every contact you have with us to be a positive experience. If you prefer not to receive these Anaqua value-added services, offers and opportunities, just contact us at DataPrivacyOfficer@Anaqua.com.
Anaqua complies with all applicable laws and regulations regarding “Do Not Call” Lists. Generally, Anaqua is allowed to contact its customers, even if the customers are registered with federal or state Do Not Call Lists, because of our relationship with you. Anaqua will, of course, honor any request to remove your name from our telephone, mail or e-mail solicitation lists and will delete your information from existing files within a reasonable time period. Just contact us at DataPrivacyOfficer@Anaqua.com.
H. Information Disclosed to Third Parties
Anaqua does not sell PD of its customers to third parties. In limited circumstances, Anaqua may provide PD to third parties:
- To assist us in developing, promoting, establishing, maintaining and/or providing Anaqua-related products and services to you, including joint marketing efforts or promotions, but PD may not be used by the third parties for any other purpose;
- To assist us in establishing accounts, billing, collecting payment, enforcing the Terms and Conditions or the Acceptable Use Policy of our Anaqua services where permitted by law, and protecting or enforcing our rights or property or the services of our other customers from fraudulent, abusive, or unlawful use by you of our services;/li>
- To comply, when required by law, with court or administrative orders, civil or criminal subpoenas, warrants from law enforcement agencies, federal or state regulatory requirements, mandatory governmental audits, 911 reporting requirements, grand jury investigations, civil or criminal governmental investigations or as otherwise required by law, rule or regulation;
- To appropriate law enforcement, 911 centers or emergency services when Anaqua, in good faith, believes the disclosure is necessary to protect a person, Anaqua property or the public from an immediate threat of serious harm;
- In the event that we sell or buy any business or assets in which case we may disclose your Personal Data to the seller or buyer of such business or assets, or if Anaqua or substantially all of its assets are acquired by a third party, in which case Personal Data held by it about its customers will of course be one of the transferred assets; and/or
- With your consent.
I. On-Line Information
J. Security Measures
Anaqua uses security techniques designed to protect your information from unauthorized access, including firewalls and access control procedures. We have security measures in place to protect against the loss, misuse and alteration of information under our control, or information that is processed by our software and under the control of our licensees. For example, when you use Anaqua software over the Internet, the information exchange between you and the Anaqua software is encrypted using the Secure Sockets Layer (SSL) protocol.
All Anaqua employees are bound by obligations of confidentilaity. Further, Anaqua’s employee guidelines state that Anaqua employees must abide by all state and federal laws and regulations in the performance of their job duties.
Our policies also limit access to PD to only those employees, contractors, agents or representatives that require the information to perform their jobs or assist Anaqua with providing products and services to you.
Further Anaqua Inc. complies with and is ISO 27001 certified.
L. Policy Updates
M. Security Breaches
While our goal is to prevent any unauthorized disclosure of PD, Anaqua cannot guarantee that an unauthorized disclosure will not occur. We will make reasonable efforts to contact you if we determine that security breach has occurred, and that there is a reasonable risk of identity theft or as otherwise required by law.
N. Contact Us
In compliance with the Privacy Shield Principles and the GDPR, Anaqua commits to resolve issues and complaints about our collection or use of your personal information. EU, UK and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Anaqua at: 617 927-5820 or DataPrivacyOfficer@Anaqua.com; or write to us at Anaqua, Inc., ATTN: Privacy Officer, 31 St James Ave, Suite 1100, Boston, MA 02116 USA.
Further, if you would like us to stop sending you marketing communications you may email us at DataPrivacyOfficer@Anaqua.com, please include a copy of the communication you received to help facilitate a timely and accurate removal.
Anaqua has further committed to refer unresolved Privacy Shield complaints to TrustArc, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.trustarc.com/ for more information or to file a complaint. The services of TrustArc are provided at no cost to you.
If you have questions, concerns, or complaints about this Policy or Anaqua’s privacy practices, please contact an Anaqua customer care representative; email us at DataPrivacyOfficer@Anaqua.com; or write to us at Anaqua, Inc., ATTN: Privacy Officer, 31 St James Ave, Suite 1100, Boston, MA 02116 USA. We will respond to your inquiries in a timely manner.
O. EU-U.S. Privacy Shield Framework and GDPR
Anaqua complies with the EU-U.S. Privacy Shield Framework and GDPR regarding the collection, use, and retention of personal information from European Union member countries, Switzerland and the UK. Anaqua has certified that it adheres to such Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. Dispute Resolution. For complaints that cannot be resolved between Anaqua and the user, such disputes will be processed through its partner Trustarc https://feedback-form.truste.com/watchdog/request.