Privacy Shield Notice
EU-U.S. & Swiss-U.S. Privacy Shield Notice
Effective Date: May 15, 2017
Dovetail Software (“Dovetail”) has adopted this Privacy Shield Policy (“Policy”) to establish and maintain an adequate level of Personal Data privacy protection. This Policy applies to the processing of Personal Data that Dovetail obtains from Customers located in the European Union and Switzerland.
Types of Personal Data collected
Dovetail provides an online web application service (“Service”) known as the Dovetail Employee Engagement Suite that our customers use to operate the human resource case management aspect of their business. In providing this service, Dovetail processes data our customers submit to our services or instruct us to process on their behalves. While Dovetail’s customers decide what data to submit, it typically includes information about their employees, and organization.
Purposes of collection and use
Dovetail processes data submitted by customers for the purpose of providing Dovetail’s Service to our customers. To fulfill these purposes, Dovetail may access the data to provide the services, to correct and address technical or service problems, or to follow instructions of the Dovetail customer who submitted the data, or in response to contractual requirements.
Commitment to subject to the Principles
We are subject to the Principles for all European personal data that we receive from individuals or companies in the EEA in reliance on the Privacy Shield. We also receive some data in reliance on other compliance mechanisms, including data processing agreements based on the EU Standard or “Model” Contractual Clauses.
Inquiries and complaints
In compliance with the Privacy Shield Principles, Dovetail commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Dovetail at firstname.lastname@example.org or by regular mail address to:
11044 Research Blvd. Suite A-210
Austin, TX 78759
Dovetail will respond within 45 days.
Type of third parties to which we disclose personal data and purposes
Dovetail uses a limited number of third-party service providers to assist us in providing services to our customers. These third party providers provide security, networking, computing and data storage services. These third parties process and store personal data in the course of providing their services. Dovetail remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Dovetail proves that it is not responsible for the event giving rise to the damage.
Your rights to access, to limit use, and to limit disclosure
EU and Swiss individuals have rights to access personal data about them, and to limit use and disclosure of their personal data. With our Privacy Shield certification, Dovetail has committed to respect those rights. If you wish to request access, to limit use, or to limit disclosure, please provide the name of the Dovetail customer who submitted your data to our services. We will refer your request to that customer, and will support them as needed in responding to your request.
Independent dispute resolution body
Dovetail has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning human resources and non-human resources data transferred from the EU and Switzerland.
Dovetail will comply with the advice given by data protection authorities and take necessary steps to remediate any non-compliance with the Privacy Shield Principles. To locate the appropriate authorities, please visit: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm or https://www.edoeb.admin.ch/?lang=en.
Investigatory and enforcement powers of the FTC
Dovetail is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. Dovetail also is committed to cooperating with EEA data protection authorities.
If you are located in the EEA and have exhausted all other means to resolve your concern regarding a potential violation of Dovetail’s obligations under the Privacy Shield Principles, you may seek resolution via binding arbitration. For additional information about the arbitration process please visit the Privacy Shield website: https://www.privacyshield.gov
Requirement to disclose
Dovetail may disclose personal data in special cases when we have a good faith belief that such action is necessary to: (a) conform to legal requirements or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements; (b) protect and defend our rights or property; (c) enforce Service Terms and Conditions; or (d) act to protect the interests of our users or others.
If a third party service provider providing services on Dovetail’s behalf processes personal data from the EEA in a manner inconsistent with the Privacy Shield Principles, Dovetail will be liable unless we can prove that we are not responsible for the event giving rise to the damages.