Nullable, Inc. dba Wiretap, a Delaware Corporation (“Wiretap”) strives to properly address applicable data protection and privacy legal requirements. Wiretap recognizes that the European Union (“EU”) has an “omnibus” data protection regime established pursuant to the General Data Protection Regulation (2016/679) (“GDPR”). Among other things, GDPR generally requires “adequate protection” for personally identifiable information, related to individuals in the EU, (“PII”) that Wiretap transfers outside of the EU. To address this requirement, Wiretap adheres to the EU-U.S. Privacy Shield Privacy Principles published by the US Department of Commerce (“Privacy Shield”) with respect to European PII. For more information about the Privacy Shield, please refer to the Privacy Shield website at https://www.privacyshield.gov/.
The types of PII that Wiretap may receive include, but not necessarily limited to, personal data including vendor management data, content communications, and data from visitors to our websites.
In addition, to the extent such information is included in the processed content communications and customers’ collaborative platforms, Wiretap may receive HR Data and PII that is “sensitive” within the meaning of the Privacy Shield in a few instances. To the extent such information is accessible or communicated through the Wiretap customers’ collaborative platforms, Wiretap may receive information that includes genetic, biometric and health data, as well as personal data revealing racial and ethnic origin, political opinions, religious or ideological convictions or trade union membership.
Uses of PII
Wiretap will use and otherwise process PII for the following purposes:
- For administering a product or service that has been requested by a customer; and/or
- For advising a customer about other products and services that are available.
As necessary in connection with these purposes, Wiretap personnel in the United States may, on a limited basis, access and otherwise process PII in connection with their job responsibilities, as described in Wiretap’s Data and Information security policies. Wiretap takes appropriate steps to ensure that such personnel are bound by duties of confidentiality with respect to PII.
CHOICE AND ONWARD TRANSFER
Wiretap will only use PII for the purposes for which such data was originally collected and will not disclose PII to any third party, except with the appropriate consent of the affected individuals or as otherwise permitted under the Privacy Shield. In cases of onward transfer to third parties, Wiretap remains responsible and liable under the Privacy Shield Principles if third parties process data in a manner inconsistent with the Principles, unless Wiretap proves that it is not responsible for the event giving rise to the damage.
DATA SECURITY AND DATA INTEGRITY
Wiretap maintains reasonable security measures to safeguard PII from loss, misuse, unauthorized access, disclosure, alteration, or destruction. Wiretap also maintains reasonable procedures to help ensure that such data is reliable for its intended use and is accurate, complete, and current.
Individuals in the EU have the ability to access, review and update their own PII in accordance with applicable law. Individuals in both the EU should transmit requests for access to their own PII, in writing, to the Privacy Shield Contact identified below. Individuals noticing changes or inaccuracies their PII are responsible for informing the Privacy Shield Contact of such changes so that the PII may be updated or corrected.
DISCLOSURES REQUIRED OR PERMITTED BY LAW
ENFORCEMENT AND CONTACT INFORMATION
The Federal Trade Commission has jurisdiction over Wiretap’s compliance with the Privacy Shield. Wiretap has further committed to cooperate with EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning European Citizen Data transferred from the EU. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU DPAs for more information or to file a complaint. Information regarding local contact information for local data protection authorities can be found at: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. For any residual claims, an individual may invoke binding arbitration as set forth in Annex I of the Privacy Shield, provided that such individual has invoked binding arbitration by delivering notice to Wiretap 's Privacy Shield Contact in accordance with the procedures and subject to the limitations set forth in Annex I of the Privacy Shield. In particular, an individual who decides to invoke this arbitration option must first: 1) raise the claimed violation directly with Wiretap and afford the Wiretap an opportunity to resolve the issue within the timeframe set forth in Section III.11(d)(i) of the Privacy Shield; 2) make use of the independent recourse mechanism under the Privacy Shield; and 3) raise the issue through their Data Protection Authority to the Department of Commerce and afford the Department of Commerce an opportunity to use best efforts to resolve the issue within the timeframes set forth in the Letter from the International Trade Administration of the Department of Commerce.
Wiretap Privacy Shield Contact:
Chief Operating Officer
111 Liberty St.
Columbus, OH 43215
Phone: (844) 433-3326