Privacy Shield Notice

EU-U.S. & Swiss-U.S. Privacy Shield Notice

Effective Date: May 15, 2017

Dovetail Software (“Dovetail”) has adopted this Privacy Shield Policy (“Policy”) to establish and maintain an adequate level of Personal Data privacy protection. This Policy applies to the processing of Personal Data that Dovetail obtains from Customers located in the European Union and Switzerland.  

Dovetail complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from Customers in the European Union member countries and Switzerland to the United States, respectively. Dovetail has self-certified to the US Department of Commerce that it adheres to the Privacy Shield Privacy Principles (“Principles”) of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability. If there is any conflict between the policies in this privacy policy and the Principles, the Principles shall govern.

To learn more about the Privacy Shield program, please visit  To view our certification page, please visit

Types of Personal Data collected

Dovetail provides an online web application service (“Service”) known as the Dovetail Employee Engagement Suite that our customers use to operate the human resource case management aspect of their business. In providing this service, Dovetail processes data our customers submit to our services or instruct us to process on their behalves. While Dovetail’s customers decide what data to submit, it typically includes information about their employees, and organization.

Purposes of collection and use

Dovetail processes data submitted by customers for the purpose of providing Dovetail’s Service to our customers. To fulfill these purposes, Dovetail may access the data to provide the services, to correct and address technical or service problems, or to follow instructions of the Dovetail customer who submitted the data, or in response to contractual requirements.

Commitment to subject to the Principles

We are subject to the Principles for all European personal data that we receive from individuals or companies in the EEA in reliance on the Privacy Shield. We also receive some data in reliance on other compliance mechanisms, including data processing agreements based on the EU Standard or “Model” Contractual Clauses.

Inquiries and complaints

In compliance with the Privacy Shield Principles, Dovetail commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Dovetail at or by regular mail address to:

Dovetail Software
ATTN: Privacy
13809 Research Blvd.
Suite 500
Austin, TX 78750

Dovetail will respond within 45 days.

Type of third parties to which we disclose personal data and purposes

Dovetail uses a limited number of third-party service providers to assist us in providing services to our customers. These third party providers provide security, networking, computing and data storage services. These third parties process and store personal data in the course of providing their services. Dovetail remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Dovetail proves that it is not responsible for the event giving rise to the damage.

Your rights to access, to limit use, and to limit disclosure

Dovetail Software acknowledges the right of EU and Swiss individuals to access their personal data pursuant to the Privacy Shield and will grant individuals reasonable access to personal information it received pursuant to these Principles. In addition, Dovetail will take reasonable steps to permit individuals to correct, amend, or delete such information that is demonstrated to be inaccurate or incomplete. An individual may request to access his or her information, or otherwise correct, amend, or delete his or her information pursuant to the EU-U.S. and Swiss-U.S. Privacy Shield Principles by contacting us at

Independent dispute resolution body

Dovetail has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning human resources and non-human resources data transferred from the EU and Switzerland.

Dovetail will comply with the advice given by data protection authorities and take necessary steps to remediate any non-compliance with the Privacy Shield Principles.  To locate the appropriate authorities, please visit: or

Investigatory and enforcement powers of the FTC

Dovetail is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. Dovetail also is committed to cooperating with EEA data protection authorities.


If you are located in the EEA and have exhausted all other means to resolve your concern regarding a potential violation of Dovetail’s obligations under the Privacy Shield Principles, you may seek resolution via binding arbitration. For additional information about the arbitration process please visit the Privacy Shield website:

Requirement to disclose

Dovetail may disclose personal data in special cases when we have a good faith belief that such action is necessary to: (a) conform to legal requirements or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements; (b) protect and defend our rights or property; (c) enforce Service Terms and Conditions; or (d) act to protect the interests of our users or others.


If a third party service provider providing services on Dovetail’s behalf processes personal data from the EEA in a manner inconsistent with the Privacy Shield Principles, Dovetail will be liable unless we can prove that we are not responsible for the event giving rise to the damages.