Statement of Policy
eTERA Consulting (“eTERA”) ensures strict compliance with the EU-US Privacy Shield and the Swiss-US Privacy Shield Frameworks (hereafter collectively “Privacy Shield”) for the collection, use, and retention of personal data and information transferred from European Union (EU), European Economic Area (EEA), and Switzerland to the United States, respectively.
This Policy applies strictly with respect to personal data that eTERA has received from the EU, EEA and/or Switzerland. Personal data referred to by this Policy is data that is:
- information relating to an identified, or identifiable, natural person, within the scope of EU Directive 95/46/EC, the EU General Data Protection Regulation, and the Swiss Federal Act of Data Protection;
- received in the context of a client engagement pursuant to an electronic discovery or technical services agreement; or,
- collected from job applicants, contractors or employees (subject to eTERA’s Privacy Shield Human Resources Policy); or,
eTERA has self-certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.
A list of Active Privacy Shield Participants can be found at: https://www.privacyshield.gov/list.
“Processing of personal data” as referred to by this Policy means any operation or set of operations which is performed upon personal data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.
“Personal data” referred to by this Policy is any information relating to an identified, or identifiable, natural person, within the scope of EU Directive 95/46/EC, the EU General Data Protection Regulation, and the Swiss Federal Act of Data Protection.
TYPES OF PERSONAL DATA AND REASONS FOR COLLECTION
PERSONAL DATA RECEIVED IN THE CONTEXT OF A CLIENT ENGAGEMENT
eTERA provides electronic discovery consulting and technical services to client law firms, as well as directly to corporations who are parties to various types of legal and litigation proceedings. Under most circumstances, eTERA does not collect personal data for processing directly from the party in possession, but receives the data for processing from counsel under an agreement to hold such data under strict rules of confidentiality and privacy.
Types of personal data typically included in data collections include, but are not limited to: name, address, telephone number(s), email address, job titles, employment information, etc. Personal data is most often contained within email and other enterprise applications or accounts of individuals in the employ of the parties to litigation.
Any subsequent processing and/or storage of personal data in connection with a client engagement (processing by eTERA consists, typically, of the extraction and formatting of data for review in a document review system) is completed specifically according to client instructions. eTERA never uses data for a purpose other than the purpose for which it was provided to eTERA.
PERSONAL DATA COLLECTED FROM JOB APPLICANTS, CONTRACTORS, AND EMPLOYEES
eTERA collects personal data of job applicants, independent contractors, and direct employees in the EU, EEA and/or Switzerland, typically in the context of temporary consulting arrangements or for managed document review services. “Job applicant” refers to any current or former applicant for employment with eTERA, whether as an independent contractor or direct employee. The policy is valid for all job applicants, regardless of whether or not such job applicant ultimately was engaged with eTERA or not.
Types of personal data collected typically include: name, address, telephone number(s), residency status and/or nationality, bank account details, job titles, and education and work history (collectively, “HR Data”). For more information regarding HR data specifically, please refer to eTERA’s Privacy Shield Human Resources Policy.
PERSONAL DATA RECEIVED FROM THE ETERA WEBSITE
eTERA may collect personal data upon an individual’s access and use of eTERA’s website. Our web server automatically collects a limited amount of standard and personal information essential to the operation and evaluation of the eTERA Consulting web site. This information includes:
• The page from which the individual arrives.
• The date and time of the individual’s page request.
• The IP address the individual’s computer is using to receive information.
• The type and version of the browser.
• The name and size of any files requested.
This information helps us assess our information services and is used only for this purpose. It is not used to identify individuals who come to the web site. Moreover, none of this information is disclosed to other companies or individuals.
The only information collected that is used to identify you is information you give voluntarily. When you submit a question or comment, or sign up to receive updates, you may be asked for your name, e-mail address, or other information. This information is only used to process and respond to your question or request, or to provide the e-mail update service. This information is not disclosed except to authorized personnel who need it to answer your question or who manage the e-mail update list.
The personal information you submit is secure once it reaches our server. In transit between your computer and the server, however, it may not be secure.
COMMITMENT TO PRIVACY SHIELD PRINCIPLES
NOTICE AND CHOICE
In the event that a client engagement involves a transfer of personal data from the EU, EEA, and/or Switzerland to eTERA in the United States, the relevant clients are responsible for providing appropriate notice, where required, to the individuals whose personal data may be transferred to eTERA, including providing individuals with certain choices with respect to the use or disclosure of their personal data, and obtaining any requisite consent. When specifically authorized by counsel or client to do so, or in limited instances where eTERA collects personal information directly from individuals in the EU, EEA, or Switzerland, eTERA will inform affected individuals about the purposes for which it collects and uses personal information about them, how to contact the organization with any inquiries or complaints, the types of third parties to which it may disclose the information, and any choices and means that eTERA may offer individuals for limiting the data’s use and disclosure.
ACCOUNTABILITY FOR ONWARD TRANSFER
eTERA does not typically transfer personal data to third parties, unless necessary in the context of employment, required by law, or when eTERA is lawfully directed to transfer data to a third party by a law firm or corporation, in the context of a client engagement. To the extent that eTERA does not plan to transfer personal information to third parties, the provision regarding liability for the actions of agent processors does not apply.
Where the transfer of personal data to any third party may be necessary, eTERA shall enter into a written agreement with that third party agent to provide at least the same level of personal data protection, confidentiality and security as is maintained by eTERA. Moreover, eTERA shall remain responsible and liable under the Privacy Shield if the third-party agents that it engages to collect, process or store personal data on its behalf do so in a manner inconsistent with Privacy Shield Principles.
eTERA considers security to be of the utmost importance, and undertakes every reasonable precaution to protect all data and information in any context, including from loss, misuse, unauthorized access, disclosure, tampering, alteration and destruction. eTERA has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the information in its possession.
DATA INTEGRITY AND PURPOSE LIMITATION
eTERA uses personal information only in a manner that is compatible with the purpose for which it was collected or subsequently authorized by the individual. eTERA takes reasonable steps to ensure that personal information is reliable for its intended use, accurate, complete and current. Before eTERA will use personal data for a purpose that is materially different than the purpose for which it was collected or later authorized, eTERA will provide the individual with notice and an opportunity to opt out.
eTERA will grant individuals reasonable access to review the personal data that eTERA holds about them, as well as take reasonable steps to correct, amend or delete that information so long as it is consistent with applicable law and professional standards.
eTERA will respond to all individual access requests within 45 days.
eTERA may limit or deny access to personal data when, in the circumstances, the burden or expense of providing such access is disproportionate to the risks to the individual’s privacy, or when the rights of persons other than the person requesting access would be violated.
Requests to update or remove information may be made by contacting firstname.lastname@example.org (see further contact information below).
RECOURSE, ENFORCEMENT, AND LIABILITY
eTERA commits to resolve complaints about privacy and its collection or processing of personal information in compliance with the EU-US and Swiss-US Privacy Shield Principles. Individuals with inquiries or complaints regarding eTERA’s Privacy Shield policy should first contact eTERA at: email@example.com. eTERA will respond to all individual complaints within 45 days.
If an issue cannot be resolved by eTERA’s internal dispute resolution mechanism, eTERA has chosen JAMS to be its independent recourse mechanism for Privacy Shield and the Swiss Federal Act of Data Protection. eTERA agrees to be bound by any decision of JAMS. Individuals may contact JAMS at https://www.jamsadr.com/eu-us-privacy-shield to obtain more information or file a complaint. More information about JAMS is available at http://www.jamsadr.com. The services of JAMS are provided at no cost to you.
In the event that eTERA or JAMS determines that eTERA did not comply with this Privacy Shield Policy, eTERA will take appropriate steps to address any adverse effects and to promote future compliance. Under certain circumstances, individuals may invoke binding arbitration before the Privacy Shield Panel for residual claims not otherwise resolved. Additional information about binding arbitration under the Privacy Shield Principles can be found at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
eTERA will conduct an annual self-assessment to ensure that this policy is published and disseminated within eTERA and on its Web site, that it is being adhered to and that it conforms to the Privacy Shield Principles set forth above. In addition, eTERA has deployed internal auditing measures to monitor its compliance with the Principles and to address all questions or complaints. eTERA will also self-certify annually with the U.S. Department of Commerce as being in full compliance with the Principles.
The Federal Trade Commission has jurisdiction over eTERA’s compliance with the Privacy Shield.
ETERA CONSULTING CONTACT INFORMATION
Individuals may raise any questions, concerns or complaints regarding their personal data directly with eTERA by contacting eTERA’s Operations Manager for the EU and Switzerland, Ryan Costello, whose contact information is as follows:
eTERA Consulting 1100 17th Street, NW Suite 605
Washington, D.C. 20036
eTERA may amend this Policy, from time to time, by posting a revised Policy on its Web site at www.eteraconsulting.com. eTERA will only amend this Policy in a manner consistent with the requirements of the Privacy Shield Principles as set forth above.