RedLock’s EU-U.S. Privacy Shield Framework Statement
Effective Date: January 1, 2018
RedLock has certified certain of our services, for which we act as a data processor, under the EU-U.S. Privacy Shield (the certification can be found here).
RedLock Inc. adheres to the principles of the EU-U.S. Privacy Shield Framework with respect to personal data submitted by RedLock’s customers in reliance on the Privacy Shield to the RedLock Cloud 360™ platform.
RedLock provides online services that our customers use to monitor the security of their cloud platforms. In providing these services, RedLock processes data our customers provide us access to, or instruct us to process on their behalves. While RedLock’s customers decide what data to share, it typically includes information about the administrators of their cloud services (such as usernames, email, and IP addresses), system configurations, and network traffic. Purposes of data processing: RedLock processes data submitted by customers for the purpose of providing RedLock’s online services to our customers. To fulfill these purposes, RedLock may access the data to provide the services, to correct and address technical or service problems, or to follow instructions of the RedLock customer who submitted the data, or in response to contractual requirements.
EU EMPLOYEE DATA:
We may process human resources data of our existing, potential or former employees from the EU to enable our employment relationship under the EU-U.S. Privacy Shield Framework. We commit to cooperate with European data protection authorities, including with respect to the Supplemental Principles, with regard to human resources data transferred from the EU in the context of our employment relationship, and to comply with the advice given by such authorities with respect to such data.
INQUIRIES AND COMPLAINTS:
If you believe that we maintain copies of your personal data within the scope of the Privacy Shields, you may direct any inquiries to firstname.lastname@example.org. We will respond to your inquiry within 45 days of receipt and verification of your identity. If we fail to respond during that time, or if we don’t address your concern, you may contact Verasafe, our U.S.-based third party dispute resolution provider, for disputes relating to our compliance (free of charge) at https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/. If neither we nor Verasafe are able to resolve your complaint, as a last resort you may engage in binding arbitration through the Privacy Shield Panel.
THIRD PARTIES WHO MAY RECEIVE PERSONAL DATA:
We may use a limited number of third party service providers to assist us in providing services to our customers or to meet internal business needs. These providers may provide services such as hosted data-centers, billing systems, contract and account management, customer support, relationship management and other technical operations. These third parties may access, process, or store personal data in the course of providing their services. We maintain contracts with these third parties to restrict their access, use, and disclosure of personal data in compliance with our Privacy Shield obligations, and we may be liable for such parties if they fail to meet these obligations.
RIGHTS TO ACCESS AND LIMIT USE OF DATA:
Individuals located in the EU, EEA, or Switzerland, if applicable, have rights to access personal data about them, and to limit the use and disclosure of such data. We take our privacy obligations extremely seriously, and have committed to respect these rights. Because our personnel have limited ability to access data submitted to us by our customers, if you wish to request access to, or to limit use or disclosure of data, please provide the name of the party who submitted your data to our services, and state whether it was yourself or a third party. We will refer your request to that third party, if appropriate, and reasonably support them in responding to your request.
ENFORCEMENT AND REQUIRED DISCLOSURE:
Our commitments under the Privacy Shields are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. We may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Under such circumstances, we may be prohibited by law, court order or other legal process from providing notice of disclosure.