Effective: October 10, 2019
Very Good Security, Inc. (“VGS”, “we”, “us”, “our”) complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union or Switzerland to the United States. VGS has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
VGS may collect personal data from existing and prospective customers in the EU, EEA, and Switzerland. VGS may use this information to provide services to its customers, including processing service requests, negotiating contracts, processing payments, communicating with customers, providing promotional and marketing offers, providing customer support, detecting and preventing fraud, and complying with governmental, legislative, and regulatory requirements. VGS may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
When VGS Customers in the EU, EEA, or Switzerland use our services, VGS may process personal information on behalf of the EU controller. VGS does not determine the data collected, stored, and transmitted by its customers nor how the data is classified, accessed, exchanged, or otherwise processed. VGS customers are solely responsible for complying with applicable laws and regulations and ensuring the personal information they control and process meets these requirements.
VGS has written agreements in place with our customers that define the services provided and VGS’s obligations with respect to customer data. VGS provides services only at the direction of its customers in alignment with the written agreements.
VGS complies with the privacy principles as described below:
VGS processes its Customer’s client’s data according to the terms of the written agreement between VGS and the Customer.
VGS written agreements with Customers limits our ability to disclose personal information to third parties or to use personal information for purposes other than those specified in the contract. VGS will assist in putting individuals who directly contact us regarding exercise of choice in contact with the EU controller to provide a choice mechanism.
As described in our Security Statement, VGS is committed to securing our customers’ data. We include security terms in our third party contracts, and our hosting services have been assessed by third party auditors in accordance with both PCI-DSS and SOC2 Security Standards.
VGS Customers are responsible for implementing security measures appropriate to the nature and volume of data stored on or transferred to VGS’s system.
VGS operates under contractual requirements governing data retention, accuracy and purposes of processing. When VGS does collect personal information, it will take reasonable measures to verify that the personal information it collects is relevant and reliable for its intended use, and that it is accurate, complete, and current. Contact firstname.lastname@example.org.
VGS offers individuals from whom it directly collects information reasonable access to their Personal Information and will provide such individuals reasonable opportunity to correct, amend, or delete inaccurate information. Contact email@example.com.
If contacted by one of its customers clients, VGS will work with the EU controller to facilitate access through the Customer’s access methods.
In compliance with the Privacy Shield Principles, VGS commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union and Swiss individuals with Privacy Shield inquiries or complaints should first contact VGS at:
Very Good Security, Inc.
207 Powell Street, Ste 200
San Francisco, CA 94102
Or by email: firstname.lastname@example.org
If you have unresolved privacy or data use concerns, VGS commits to cooperate with the panel established by the EU data protection authorities (DPAs) and/or the Swiss Federal Data Protection and Information Commissioner and comply with the advice given by the panel and/or Commissioner with regard to data transferred from he EU and/or Switzerland.
The Federal Trade Commission has jurisdiction over VGS’s compliance with the Privacy Shield.
Under certain conditions, individuals may invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. See Annex I: Section C of the Privacy Shield Framework for additional information [Annex I; Section C].