Socure respects individual privacy and values the trust of Consumers and our Customers. This policy is designed to ensure that we collect, use, disclose and transfer data in a manner consistent with the laws of the countries in which we do business.
In order to legally transfer consumer information from third-parties in the European Union or Switzerland to us in the United States, we must treat transferred Consumer information consistent with European and Swiss privacy principles. This policy describes how we will comply with European Union and Swiss privacy law.
This policy applies to any Consumer information that we receive from our Customers in Europe and Switzerland.
A full list of Privacy Shield participants and their assigned dispute providers can be found on the Department of Commerce website at: https://www.privacyshield.gov/list
European Union and Swiss privacy law
The Privacy Principles are:
a. Notice – To the extent we collect or maintain Personal Data, we will inform Consumers, through our Customers or other reasonable means,
b. Choice – We will take reasonable steps to ensure that our Customers provide Consumers with the opportunity to choose (opt-out of) whether we may use their Personal Data for any purpose not disclosed to the Consumer when the data is collected. To the extent that Socure collects or maintains Personal Data directly, we will ensure that Customers are provided with the same choice to opt-out of uses of their Personal Data not disclosed when the data is collected.
For Sensitive Personal Data, we will take reasonable steps to ensure that our Customers obtain adequate consent for our uses of the data. To the extent that Socure collects or maintains Sensitive Personal Data directly, we will ensure that Customers are provided with the same choice to opt-in to uses of their Personal Data not disclosed when the data is collected.
Where Socure provides Consumers with choices regarding their Personal Data, Consumers must be provided with user-friendly mechanisms to exercise their choices.
c. Onward Transfers – We must obtain contractual or other enforceable assurances from third-parties that they will safeguard Personal Data consistently with this Policy prior to transferring any Consumer information. These transfers are used only for limited and specific purposes. Where we have knowledge that a third-party is using or disclosing Personal Data in a manner contrary to this Policy, we will take reasonable steps to prevent or stop the use or disclosure.
d. Security – We will take reasonable precautions to secure and protect Personal Data in its possession from loss, misuse, unauthorized access, disclosure, alteration, and destruction.
e. Data Integrity – Personal Data must be used only in ways that are compatible with the purposes for which it was collected, or subsequently authorized by the Consumer. We must take reasonable steps to ensure that the Personal Data processed is necessary for our intended use, and is accurate, complete, and current.
f. Access and Correction – Where we collect or maintain Personal Data, we will provide Consumers reasonable access to their Personal Data. In addition, we will take reasonable steps to permit Consumers to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete.
g. Recourse, Enforcement, and Liability – Our privacy policies include both a process for Consumers to submit requests or complaints and information on how to appeal an adverse decision to JAMS (http://www.jamsadr.com) for resolution by an independent adjudicator. For EU and Swiss citizens, if after contacting Socure then the independent adjudicator neither party responds, individuals may then pursue binding arbitration when these other mechanisms fail.
We take reasonable steps to monitor our privacy practices to verify adherence to this Policy. Any employee that we determine is acting or has acted in violation of this policy will be subject to disciplinary action up to and including termination of employment.
Organizations such as Socure are obligated to arbitrate claims and follow the terms as set forth in Annex I of the Privacy Shield Framework provided that an individual has invoked binding arbitration by delivering notice to the organization at issue and following the procedures and subject to conditions set forth in Annex I.
We may disclose Personal Data if: (a) we are required to respond to a legal or ethical obligation; (b) necessary to meet national security, public interest or law enforcement obligations; or (c) expressly permitted by an applicable law, rule or regulation.