For over 22 years, respecting and protecting our clients’ confidential data and privacy has been vital to our business. By sharing our Confidentiality Statement, we trust that our clients will better understand how we keep client information confidential while using it to provide services and products. Other privacy requirements or policies may apply to individual Compass Consulting clients, as required.
Employees may, during the course of his/her services hereunder, have access to, and acquire knowledge from, material, data, systems and other information of or with respect to Compass Consulting or any of its Clients which may not be accessible or known to the general public. Any knowledge acquired by the Employee from such material, data, systems or information or otherwise through its engagement hereunder shall not be used, published or divulged by Employee in connection with any services rendered by Employee to any other person, firm or corporation, or in any other manner or connection whatsoever. The provisions of this paragraph shall survive the termination of this Agreement.
Compass Information Technology, Inc. Safe Harbor Policy
Compass Information Technology, Inc. complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Compass Information Technology, Inc. has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Compass Consulting’s certification, please visit http://www.export.gov/safeharbor/
“Sensitive Personal Information” means personal information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership or that concerns an individual’s health.
Company shall inform an individual of the purpose for which it collects and uses the Personal Information and the types of non-agent third parties to which the Company discloses or may disclose that Information. Company shall provide the individual with the choice and means for limiting the use and disclosure of their Personal Information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Information to the Company, or as soon as practicable thereafter, and in any event before the Company uses or discloses the Information for a purpose other than for which it was originally collected.
The Company will offer individuals the opportunity to choose (opt out) whether their Personal Information is (1) to be disclosed to a third party or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For Sensitive Personal Information, the Company will give individuals the opportunity to affirmatively or explicitly (opt out) consent to the disclosure of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Company shall treat Sensitive Personal Information received from an individual the same as the individual would treat and identify it as Sensitive Personal Information.
Prior to disclosing Personal Information to a third party, Company shall notify the individual of such disclosure and allow the individual the choice (opt out) of such disclosure. Company shall ensure that any third party for which Personal Information may be disclosed subscribes to the Principles or are subject to law providing the same level of privacy protection as is required by the Principles and agree in writing to provide an adequate level of privacy protection.
Company shall take reasonable steps to protect the Information from loss, misuse and unauthorized access, disclosure, alteration and destruction. Company has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the Information from loss, misuse, unauthorized access or disclosure, alteration or destruction. Company cannot guarantee the security of Information on or transmitted via the Internet.
Company shall only process Personal Information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, Company shall take reasonable steps to ensure that Personal Information is accurate, complete, current and reliable for its intended use.
Company shall allow an individual access to their Personal Information and allow the individual to correct, amend or delete inaccurate information, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated.
The Company has further committed to refer unresolved privacy complaints under the US-EU and US-Swiss Safe Harbor Principles to an independent dispute resolution mechanism, the BBB EU SAFE HARBOR, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit the BBB EU SAFE HARBOR web site at https://www.bbb.org/en/us for more information and to file a complaint.
Information Subject to Other Policies
Questions, comments or complaints regarding the Company’s EU-U.S. Privacy Shield policy or data collection and processing practices can be mailed or emailed to:
Compass Information Technology, Inc.
Attn: Legal Department
5235 Mission Oaks Blvd., #344
Camarillo, CA 93012
Effective date: May 1, 2018