Privacy Shield Notice

EU-U.S. & Swiss-U.S. Privacy Shield Notice

Effective Date: May 15, 2017

Dovetail Software (“Dovetail”) has adopted this Privacy Shield Policy (“Policy”) to establish and maintain an adequate level of Personal Data privacy protection. This Policy applies to the processing of Personal Data that Dovetail obtains from Customers located in the European Union and Switzerland.  

Dovetail complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from Customers in the European Union member countries and Switzerland to the United States, respectively. Dovetail has self-certified to the US Department of Commerce that it adheres to the Privacy Shield Privacy Principles (“Principles”) of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability. If there is any conflict between the policies in this privacy policy and the Principles, the Principles shall govern.

To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov.  To view our certification page, please visit https://www.privacyshield.gov/list.

Types of Personal Data collected

Dovetail provides an online web application service (“Service”) known as the Dovetail Employee Engagement Suite that our customers use to operate the human resource case management aspect of their business. In providing this service, Dovetail processes data our customers submit to our services or instruct us to process on their behalves. While Dovetail’s customers decide what data to submit, it typically includes information about their employees, and organization.

Purposes of collection and use

Dovetail processes data submitted by customers for the purpose of providing Dovetail’s Service to our customers. To fulfill these purposes, Dovetail may access the data to provide the services, to correct and address technical or service problems, or to follow instructions of the Dovetail customer who submitted the data, or in response to contractual requirements.

Commitment to subject to the Principles

We are subject to the Principles for all European personal data that we receive from individuals or companies in the EEA in reliance on the Privacy Shield. We also receive some data in reliance on other compliance mechanisms, including data processing agreements based on the EU Standard or “Model” Contractual Clauses.

Inquiries and complaints

In compliance with the Privacy Shield Principles, Dovetail commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Dovetail at  privacy@dovetailsoftware.com or by regular mail address to:

Dovetail Software

ATTN: Privacy

11044 Research Blvd. Suite A-210
Austin, TX 78759

United States

Dovetail will respond within 45 days.

Type of third parties to which we disclose personal data and purposes

Dovetail uses a limited number of third-party service providers to assist us in providing services to our customers. These third party providers provide security, networking, computing and data storage services. These third parties process and store personal data in the course of providing their services. Dovetail remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Dovetail proves that it is not responsible for the event giving rise to the damage.

Your rights to access, to limit use, and to limit disclosure

EU and Swiss individuals have rights to access personal data about them, and to limit use and disclosure of their personal data. With our Privacy Shield certification, Dovetail has committed to respect those rights. If you wish to request access, to limit use, or to limit disclosure, please provide the name of the Dovetail customer who submitted your data to our services. We will refer your request to that customer, and will support them as needed in responding to your request.

Independent dispute resolution body

Dovetail has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning human resources and non-human resources data transferred from the EU and Switzerland.

Dovetail will comply with the advice given by data protection authorities and take necessary steps to remediate any non-compliance with the Privacy Shield Principles.  To locate the appropriate authorities, please visit: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm or  https://www.edoeb.admin.ch/?lang=en.

Investigatory and enforcement powers of the FTC

Dovetail is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. Dovetail also is committed to cooperating with EEA data protection authorities.

Arbitration

If you are located in the EEA and have exhausted all other means to resolve your concern regarding a potential violation of Dovetail’s obligations under the Privacy Shield Principles, you may seek resolution via binding arbitration. For additional information about the arbitration process please visit the Privacy Shield website: https://www.privacyshield.gov

Requirement to disclose

Dovetail may disclose personal data in special cases when we have a good faith belief that such action is necessary to: (a) conform to legal requirements or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements; (b) protect and defend our rights or property; (c) enforce Service Terms and Conditions; or (d) act to protect the interests of our users or others.

Liability

If a third party service provider providing services on Dovetail’s behalf processes personal data from the EEA in a manner inconsistent with the Privacy Shield Principles, Dovetail will be liable unless we can prove that we are not responsible for the event giving rise to the damages.