Last Updated Date: 27 July 2020 Last Reviewed Date: 10 July 2020
Overview This document aims to provide you with information on Civicom® policy regarding the use of data received through the course of business and interaction with Civicom, as well as the steps we take to protect your privacy. In the normal course of business, Civicom may collect both Personal Information about you and non-Personal Information associated with you. We may update this notice from time to time. We ask you to check this notice regularly to ensure you are aware of the most updated version.
- To retain your preferences for pop ups and advertisements;
- To obtain details about your device and browser so the display can adapt to your screen size and layout content to fit your browser;
- To improve our services with usage information about our website, such as the number and frequency of visitors and the pages you visit, your geographical location, referral source, and length of visit; and
- To collect company IP addresses to follow up potential leads, we are not able to identify any individual visitors with this information. We use KickFire for this, you can read more about their service here: www.id.kickfire.com
1. EU–U.S. Privacy Shield and Swiss–U.S. Privacy Shield Civicom participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss–U.S. Privacy Shield Framework. Civicom is committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List at https://www.privacyshield.gov. Civicom is responsible for the processing of personal data it receives under the Privacy Shield Framework and subsequent transfers to a third party acting as an agent on its behalf. Civicom complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions. With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Civicom is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Civicom may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. You may direct any inquiries or complaints related to our Privacy Shield compliance to GDPR[at]civi[dot]com. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, you may contact our U.S.-based third party dispute resolution provider (free of charge) at: https://thedma.org/resources/consumer-resources/privacyshield-consumers/ Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. As part of the Privacy Shield Frameworks, the U.S. State Department Senior Coordinator serves as the Ombudsperson to facilitate the processing of requests relating to national security access to data transmitted from the EU and Switzerland to the U.S.
In light of the United Kingdom’s exit from the European Union, Civicom commits to extend adherence to Privacy Shield principles to Personal Information sent to and from the United Kingdom. To view Civicom’s certification, please visit https://www.privacyshield.gov/list
2. HIPAA Compliance The Health Insurance Portability and Accountability Act of 1996 (HIPAA) as amended, including by the Health Information Technology for Economic and Clinical Health Act (HITECH), is a United States federal law regulating the US healthcare system, with its primary purpose to protect the privacy and security of health and medical information, known as Protected Health Information (PHI). For more information about HIPAA, see here: https://www.hhs.gov/hipaa/ . Certain Civicom clients are in the health care sector and as such, Civicom is acting as a Business Associate of Covered Entities as defined under HIPAA. Accordingly, Civicom will readily review and accept Business Associate Agreements with clients and partners to govern and ensure that PHI shared with us will not be compromised. Civicom is committed to confidentiality and the protection of health information for individuals, clients, customers and partners. We ensure that privacy and security of their health information is protected in all forms, with particular care in controlling the confidentiality, storage and access to electronic Protected Health Information. We have achieved this by implementing security standards, administrative, technical, and physical safeguards, organizational requirements, and requirements for documentation, policies and procedures. Our standards are maintained and improved by continuous review and audit of internal processes and business agreements, with the aid of external consultants and specialized staff dedicated to data privacy. Any complaints concerning Civicom’s privacy policies and procedures or Civicom’s compliance with such policies and procedures should be made to our Data Protection Officer, Jennifer Morehead at jennifer.morehead[at]civi[dot]com. Civicom provides training to all members of its workforce on policies and procedures with respect to PHI, as necessary and appropriate for them to carry out their job responsibilities. Processing of data is kept to a minimum and will not be excessive in relation to a declared and specified purpose. 3. Choice We offer individuals the opportunity to opt out (choose) whether their Personal Information is to be disclosed to a third party acting as a controller or processor, as well as to opt out (choose) whether their Personal Information will be used for a purpose that is materially different from the purpose for which it was originally collected or which they subsequently sanctioned for use. We require, or when acting on behalf of a client, or as a facilitator we require, written confirmation (opt in) from individuals that we are able to disclose their Sensitive Personal Information to a third party acting as either a controller or processor. We will provide individuals reasonable and clear mechanisms for individuals to exercise their choices. For purposes of this understanding Personal Information includes first and last name, phone number, email and/or physical address and phone number. Sensitive Personal Information includes health care, genetic or biometric data, information regarding religious beliefs, race, ethnicity, union memberships, and sexual behavior or orientation. 4. Security of Personal Information We are committed to protecting your privacy and have implemented reasonable administrative, technical, and physical security controls to secure your Personal Information. If a password is provided to help protect your projects and Personal Information, it is your responsibility to keep your password confidential. 5. Where Civicom Stores My Personal Information We use a variety of security technologies and procedures to help protect your Personal Information from unauthorized access, use or disclosure. Your Personal Information and files are stored in our servers and those hosted by our authorized third-party storage providers. We secure the Personal Information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. If you have any questions about the security of your Personal Information, you can contact us at privacy[at]civi[dot]com. 6. Access to My Personal Information
Civicom recognizes the right of individuals to access their Personal Information. As an account holder, you have the ability to view or edit your Personal Information online or cancel your account. If you have an online account with Civicom, you can view or edit your Personal Information online or cancel your account at any time. If you do not have an online account but are our client or customer, you may contact us by way of your Account Manager or by contacting us at privacy[at]civi[dot]com in order to edit your information or cancel your account with us. If you are not a customer or client, but would like to change your mind about receiving information from Civicom you also can contact us at privacy[at]civi[dot]com to have your information changed or removed. As an EU/Swiss natural person, you have the additional option to reach us to modify your information, review the information we have on file about you, or request that your information be removed from our system by emailing us at GDPR[at]civi[dot]com. In the case where we are your data processor and not your data controller, you may need to contact your data controller to request to see or change your Personal Information with us. The above paragraphs on access to your Personal Information are subject to our need to comply with our legal obligations or contractual agreements. For requests for changes or deletions of personally identifiable information, we reserve the right to validate your identity and/or to charge you an adequate handling fee before providing access to data, except as required by the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. 7. Third Party Service Providers and Clients Civicom uses third party service providers to deliver some of our services. We may share your Personal Information with our third-party service providers to fulfill their obligations to us on your behalf. These service providers include:
- Market research partners such as recruiters, transcribers, translators, moderators and end clients;
- Market research technology and/or platform providers; and
- Webinar platform and audio conferencing storage providers.
9. We Do Not Sell Your Personal Information In line with our obligations for transparency under the GDPR and other data privacy regulations such as the California Consumer Privacy Act (CCPA), Civicom does not sell your personal information for any reason. Civicom is fully prepared to agree to CCPA compliance in our capacity as vendors. How Civicom Uses the Information It Collects If you contact us by phone for information or assistance with our Services, we may ask you to provide your contact information in order to serve you. By providing this information freely, you have granted us the right to use it to facilitate your call experience and provide our Services to you. We may use information that was collected from you for a number of reasons:
- Google (Gmail/GSuite): Berkeley County, South Carolina; Council Bluffs, Iowa; Douglas County, Georgia; Jackson County, Alabama; Lenoir, North Carolina; Mayes County, Oklahoma; Montgomery County, Tennessee; Quilicura, Chile; The Dalles, Oregon; Changhua County; Taiwan; Singapore; Dublin, Ireland; Eemshaven, Netherlands; Fredericia, Denmark; Hamina, Finland; St Ghislain, Belgium.
- Amazon (AWS): Northern Virginia, USA; Ohio, USA; Oregon, USA.
- CoSo Cloud (Adobe Connect): New Jersey, USA.
- To respond to demo requests, pricing inquiries, and questions about our Services
- To address reports of technical issues
- To provide you with Services requested
- For billing purposes
- To conform to legal requirements or comply with legal process
- To protect or defend the rights and property of Civicom
- To enforce the Terms of Service Agreement
- To protect the rights of our account holders or others
- For normal business operations
- To improve our Services
- For any other purpose disclosed by us when you provide the information
- For shipping and handling required to deliver our Services to you
- When we have any reason, in good faith, to believe that disclosure is necessary to prevent or respond to fraud, defend our websites and mobile apps against attacks, or protect the property and safety of Civicom, our employees, customers, or the public
- If we merge with another company, if all or a portion of our assets are acquired by another company, or if we sell a Civicom website, mobile app, or business unit, you may receive emails directly from a person who is assigned to you as an Account Manager in the course of our relationship with you. You may elect to not respond to these emails or to inform the Account Manager that you no longer wish to be contacted by replying via email to the person who corresponded with you.