EU-U.S. Privacy Shield Statement
UPDATED NOVEMBER 30, 2018 — Sonic Foundry complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Sonic Foundry has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability, and the 16 Supplemental Principles (collectively, “Privacy Shield Principles”), and such adherence is subject to investigation and enforcement by the U.S. Federal Trade Commission.
Sonic Foundry’s participation in the Privacy Shield applies to all personal information that is subject to the Sonic Foundry Privacy Statement and is received from the European Union and European Economic Area. Sonic Foundry will comply with the Privacy Shield Principles in respect of such personal information. If there is any conflict between the terms of this EU-U.S. Privacy Shield Privacy Statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern. Sonic Foundry’s adherence to the Privacy Shield Principles may be limited to the extent necessary to meet national security, public interest, or law enforcement requirements.
Sonic Foundry’s accountability for personal information that we receive under the Privacy Shield and subsequently transfer to a third party is described in the Privacy Shield Principles. In particular, Sonic Foundry remains responsible and liable under the Privacy Shield Principles if third-party agents that we engage to process personal information on our behalf do so in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage (if any).
When we act as a controller of your data, we will email you to offer you the opportunity to opt-out before we use or disclose your information in a manner that is not described in our Privacy Statement. Please note that, as described in our Privacy Statement, we do not sell or otherwise disclose personally identifiable information we collect about you, except to our service providers or for the limited purposes described in the “How We Share Your Personal Information” section of the Privacy Statement.
When we act as a processor of data on behalf of our clients, we do not disclose your information to anyone who is not (1) our client, who is the controller of your data or (2) a service provider acting on our behalf. If we do make any disclosures of your data that are outside our role as a processor on behalf of an entity acting as a controller of your data or if we use your data for a purpose that is materially different from the purpose for which it was originally collected or which you have subsequently authorized, then we will provide you with a clear, conspicuous and readily available mechanism to exercise your right to opt-out of such disclosure or use. This mechanism will be provided to you via a communication from our client, who will be the relevant controller of your data.
You have the right to access your personal information, and to correct, amend or delete such information where it is inaccurate or processed unlawfully, as described in the Privacy Shield Principles. To exercise these rights, please email us at: email@example.com.
As further explained in the How to Contact Us section of the Sonic Foundry Privacy Statement, we encourage you to contact us should you have a Privacy Shield-related (or general privacy-related) complaint or inquiry. For any complaints that cannot be resolved with Sonic Foundry directly, Sonic Foundry has chosen to cooperate with the American Arbitration Association/International Centre for Dispute Resolution, an alternative dispute resolution provider, to resolve such complaints at no charge to you. Please visit http://go.adr.org/privacyshield.html for more information and to file a complaint. As further explained in the Privacy Shield Principles, a binding arbitration option will also be made available to you in order to address any residual complaints not resolved by other means.