DECISION SOFTWARE

EU Safe Harbor POLICY STATEMENT


Introductory


            Decision Software (“we” or “us”) pledge to conduct our business according to the EU Safe Harbor Principles.  We offer to our market place database hosting and maintenance, address hygiene, e-marketing, campaign management software, surveys and dashboard reports. In performing these services for our clients, we do not own or control any of the information we process; all this information is owned and controlled by our clients or third parties from whom our clients obtain rights to that data. In performing services for our clients, we may receive personal information which has been transferred from the EU to the United States.


            The requirements for compliance with EU Safe Harbor vary depending on whether we provide data hosting services or we are performing batch processing. Our policies and manner of compliance for each of these two are different and are described separately below.


            For purposes of this statement, "personal information" means information that is recorded, is about, or pertains to, a specific individual and that can be linked to that individual.


Providing Database Hosting and Maintenance


            As part of our database hosting and maintenance, when we store data from our clients which contain personal information, the policies outlined below apply to all such personal information that has been transferred from the EU to the United States.


Notice


            We require contractual confirmation from the client from whom we acquire the information that the personal data has been provided to us in accordance with the applicable EU Member State Data Protection law, thereby ensuring the data subjects have been provided with proper notice regarding how their personal data will be used.


Choice


            We require contractual confirmation from the client from whom we acquire the information that the personal data has been collected and maintained in accordance with applicable EU member State Data Protection law, thereby ensuring the data subjects have been provided with the proper choice regarding how their personal data may be used.


            In addition, an individual may wish to have his/her name and related information removed from a database hosted by us. If that information is covered under the EU Directive, the individual may contact us as set forth under the Access section of this policy.


Data Integrity


            We require contractual confirmation from the client from whom we acquire the information that this client takes reasonable steps to ensure the information transferred from the EU to the United States is reliable, accurate and complete. These steps to assure data integrity are based on the purposes for which the personal information is used.


Onward Transfer


            We comply with the notice and choice principles as described above for all data disclosed or transferred to a third party. We will only disclose or transfer such information to a third party, including legal process served on us to produce data, upon the express written direction of the client who has supplied the information to us.


Security


            We have in place an information security policy to protect personal information from loss, misuse, unauthorized access, disclosure, alteration and destruction. Our security officer is responsible for conducting investigations into any alleged computer or network breaches, incidents or problems and ensuring the proper disciplinary action is taken against those who violate our information security policy.

We use various physical, electronic, and managerial measures, including education and training of our personnel, designed to provide personal information with reasonable protection from accidental loss or destruction, improper use, alteration, or disclosure. We take reasonable steps to make sure that personal information is accurate, complete, current, and otherwise reliable with regard to its intended use, whether by us as directed by our client, or directly by our client.


            Any security compromises or potential security compromises and any inquiries concerning security should be reported to our Privacy Officer, whose contact information is provided below.


Access


            An individual may request access to his/her personal information that we maintain. The individual has the right to learn whether or not the data relating to him/her is correct, and to amend or delete that information when it is inaccurate. This right applies only to personal information about the individual making the request and is subject to other limitations as defined by law.


Individuals can request access by contacting us at:


     Privacy Officer

     Decision Software, Inc.

     4640 Forbes Blvd STE 310

     Lanham, MD  20706


            Any such request must include sufficient identifying information, such as name, address, telephone number, fax number, and email address. We may also request a copy of identification such as a driver’s license or other government-issued identification.


            A request for correction should identify the information in question, state whether the information is incorrect, inaccurate, or incomplete, and state what information should appear in its place.


            We will forward all such requests to our client – the owner of the data – for appropriate handling. We reserve the right to charge a reasonable fee in order to cover our processing costs. 


            We agree to process all reasonable requests for access within a reasonable time period, but reserve the right to deny access or limit access in cases where the burden or cost of providing access would be disproportionate to the risks to the individual’s privacy or in the case of an unwarranted or fraudulent request.


Enforcement


            Individuals who wish to file a complaint or who take issue with Our EU Safe Harbor policies should contact our Privacy Officer at the above address.  We will also cooperate with competent EU data protection authorities and comply with the advice of such authorities. In the event that we, or such authorities, determine that we did not comply with this policy, we will take appropriate steps to address any adverse effects and to promote future compliance. Personnel who violate this privacy policy will be subject to disciplinary action.


            We are also subject to the jurisdiction of the U.S. Federal Trade Commission. Individuals unable to resolve a complaint through our Privacy Officer may contact the Federal Trade Commission:


Federal Trade Commission

Attn: Consumer Response Center

600 Pennsylvania Avenue NW

Washington, DC 20580

consumerline@ftc.gov

www.ftc.gov

 

Batch Processing Services


            When we provide only batch processing services for a client – we receive data, process it promptly and then promptly return the data to the client - the following policies apply to any personal information that has been transferred from the EU to us.


            Before starting any data processing on behalf of a client, we enter into an agreement with the client, in which the client states that that it has complied with the applicable EU Member State Data Protection law.


            It is unusual for us to disclose batch data of a client to a third party. This will occur only upon request of that client and only after the client assures us that such third party complies with EU Safe Harbor or the applicable Member State Data Protection law. Generally, we will not obtain this assurance directly from the third party.


            Agreements between us and our clients provide that the processing will be carried out with appropriate data security measures. We have measures in place to protect personal information from loss, misuse, unauthorized access, disclosure, alteration and destruction.


            When performing only batch data processing for a client, we are not required to apply other EU Safe Harbor Principles to the personal information received for processing from that client.


***