Data Privacy Framework Notice

EU-U.S. & Swiss-U.S. Data Privacy Framework Notice

Effective Date: August 18th, 2023

Dovetail Software (“Dovetail”) has adopted this Data Privacy Framework Policy (“Policy”) to establish and maintain an adequate level of Personal Data privacy protection. This Policy applies to the processing of Personal Data that Dovetail obtains from Customers located in the European Union and Switzerland.  

Dovetail complies with the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from Customers in the European Union member countries and the United Kingdom and Switzerland to the United States, respectively. Dovetail has self-certified to the US Department of Commerce that it adheres to the Data Privacy Framework Principles (“Principles”) of notice, the choices and means Dovetail Software offers individuals for limiting the use and disclosure of their personal data, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability. If there is any conflict between the policies in this privacy policy and the Principles, the Principles shall govern.

To learn more about the Data Privacy Framework program, please visit https://www.dataprivacyframework.gov/.  To view our certification page, please click here.

Types of Personal Data collected

Dovetail provides an online web application service (“Service”) known as the Dovetail Employee Engagement Suite that our customers use to operate the human resource case management aspect of their business. In providing this service, Dovetail processes data our customers submit to our services or instruct us to process on their behalves. While Dovetail’s customers decide what data to submit, it typically includes information about their employees, and organization.

Purposes of collection and use

Dovetail processes data submitted by customers for the purpose of providing Dovetail’s Service to our customers. To fulfill these purposes, Dovetail may access the data to provide the services, to correct and address technical or service problems, or to follow instructions of the Dovetail customer who submitted the data, or in response to contractual requirements.

Choice

If Personal Data covered by this Data Privacy Framework Statement is to be used for a new purpose that is materially different from that for which the Personal Data was originally collected or subsequently authorized, or is to be disclosed to a non-agent third party, Dovetail Software will provide its customers with an opportunity to choose whether to have their Personal Data so used or disclosed.

If Sensitive Personal Data covered by this Data Privacy Framework Statement is to be used for a new purpose that is different from that for which the Personal Data was originally collected or subsequently authorized, or is to be disclosed to a third party, Dovetail Software will obtain the customer's consent prior to such use or disclosure.

To opt out of such uses or disclosures of Personal Data or Sensitive Personal Data, please contact your employer who provided the data to Dovetail Software, or see "Inquiries and complaints" below to assert your data privacy rights.

Commitment to subject to the Principles

We are subject to the Principles for all European personal data that we receive from individuals or companies in the EEA in reliance on the Data Privacy Framework. We also receive some data in reliance on other compliance mechanisms, including data processing agreements based on the EU Standard or “Model” Contractual Clauses.

Inquiries and complaints

In compliance with the Data Privacy Framework Principles, Dovetail commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Data Privacy Framework policy should first contact Dovetail at  privacy@dovetailsoftware.com or by regular mail address to:

Dovetail Software
ATTN: Privacy
13809 Research Blvd.
Suite 500
Austin, TX 78750

Dovetail will respond within 45 days.

Type of third parties to which we disclose personal data and purposes

Dovetail uses a limited number of third-party service providers to assist us in providing services to our customers. These third party providers provide security, networking, computing and data storage services. These third parties process and store personal data in the course of providing their services. Dovetail remains responsible and liable under the Data Privacy Framework Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Dovetail proves that it is not responsible for the event giving rise to the damage.

Your rights to access, to limit use, and to limit disclosure

Dovetail Software acknowledges the right of EU and Swiss individuals to access their personal data pursuant to the Data Privacy Framework and will grant individuals reasonable access to personal information it received pursuant to these Principles. In addition, Dovetail will take reasonable steps to permit individuals to correct, amend, or delete such information that is demonstrated to be inaccurate or incomplete. An individual may request to access his or her information, or otherwise correct, amend, or delete his or her information pursuant to the EU-U.S. and Swiss-U.S. Data Privacy Framework Principles by contacting us at privacy@dovetailsoftware.com.

Independent dispute resolution body

Dovetail has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Data Privacy Framework complaints concerning human resources and non-human resources data transferred from the EU and Switzerland.

Dovetail will comply with the advice given by data protection authorities and take necessary steps to remediate any non-compliance with the Data Privacy Framework Principles.  To locate the appropriate authorities, please visit: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm or  https://www.edoeb.admin.ch/?lang=en.

Investigatory and enforcement powers of the FTC

Dovetail is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. Dovetail also is committed to cooperating with EEA data protection authorities.

Arbitration

If you are located in the EEA and have exhausted all other means to resolve your concern regarding a potential violation of Dovetail’s obligations under the Data Privacy Framework Principles, you may seek resolution via binding arbitration. For additional information about the arbitration process please visit the Data Privacy Framework website: https://www.dataprivacyframework.gov/ 

Requirement to disclose

Dovetail may disclose personal data in special cases when we have a good faith belief that such action is necessary to: (a) conform to legal requirements or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements; (b) protect and defend our rights or property; (c) enforce Service Terms and Conditions; or (d) act to protect the interests of our users or others.

Liability

If a third party service provider providing services on Dovetail’s behalf processes personal data from the EEA in a manner inconsistent with the Data Privacy Framework Principles, Dovetail will be liable unless we can prove that we are not responsible for the event giving rise to the damages.