Statement of Policy
Precise, Inc. (Precise) respects the privacy and confidentiality of personal information
provided to Precise by its clients, employees and all others who entrust it with personal
information. Accordingly, Precise adheres to the set of data protection principles
developed by the United States Department of Commerce (DOC) in collaboration with
the European Commission, as reflected in the Frequently Asked Questions (FAQ) issued
by the Department of Commerce (DOC) on July 21, 2000, and within other
documentation provided by DOC (commonly referred to as “The Safe Harbor
Principles”).
This policy applies only to personal data that Precise has received from the European
Union (EU). Personal data refers to data that is (a) transferred to the United States from
the EU; (b) is about, or relates to, an identified or identifiable individual; (c) can be
linked to that individual, and (d) is recorded. Personal data may include, among other
things, an individual’s name, address, phone number, e-mail address, or social security
number, health insurance policy number or other like information. However, the term
“personal data” does not include data that pertains to a specific individual, but from
which that individual cannot reasonably be identified. Personal data also includes
“sensitive personal data”, which is defined herein as a subset of personal data that
pertains to an individual’s medical, or health condition, racial or ethnic origin, political
opinions, religion, union membership, sexual orientation or actual or alleged criminal
activity.
Scope of Business of Precise
Precise provides electronic discovery consulting, technical and software services to
clients, law firms, and business organizations who are parties to various types of legal
and commercial proceedings. All data collected in the course of Precise’s activities are
kept under strict privacy and confidentiality protocols since much of this information may
constitute evidence in litigation and other sensitive proceedings. Indeed, it is the practice
of Precise (and the customary business practice in the industry in which Precise conducts
business) to enter into, with each client, a comprehensive confidentiality agreement as to
data received in every engagement undertaken. Moreover, each of Precise’s employees
has executed Confidentiality and Non-Disclosure Agreement pertaining to all information
that comes into their possession in the course of their employment.
The facility in which Precise processes (*processing by Precise consists, typically, of the
extraction and formatting of data for review and production for litigation, compliance and
audit purposes) and stores data maintains extensive physical security features and the
network infrastructure upon which data is stored is secured by some of the most advanced
data security and disaster recovery technology currently available.
Much of the data processed and hosted by Precise does not constitute “personal data” as
that term is defined above. However, personal data will, on occasion, enter into the
possession of Precise, the bulk of which is contained within the email accounts of
individuals employed by parties to litigation, government investigations and various
audits.
Safe Harbor Principles
Precise has adopted the seven Safe Harbor Principles published by the U.S. Department
of Commerce as to notice, choice, onward transfer (transfer to third parties), access,
security, data integrity and enforcement with respect to personal data transferred to the
United States from the European Union.
These Principles, as adhered to by Precise, are described below:
1. Notice:
Under most circumstances, Precise does not collect personal data for processing directly
from the party in possession, but receives the data for processing from counsel under an
agreement to hold such data under strict rules of confidentiality and privacy. Therefore,
when Precise receives personal data from the EU for processing purposes and does not
control the collection of the personal data, Precise does not, typically, provide
notification to the individuals to which such personal data relates (but, again, is mandated
by the client to hold the data in the strictest confidence.). In such event, Precise reserves
the right to process personal data in the course of providing services to its clients without
the knowledge of the individuals involved. Precise never uses data for a purpose other
than the purpose for which it was provided to Precise. Neither does Precise share
information with third parties other than when lawfully directed by the client law firm or
originating organization (that is, the owner of the data.) When specifically authorized by
counsel or client to do so, Precise will inform effected individuals about the purposes for
which it collects and uses personal information about them, how to contact the
organization with any inquires or complaints, the types of third parties to which it may
disclose the information and any choices and means that Precise may offer individuals for
limiting the data’s use and disclosure.
2. Choice:
Since Precise does not share personal information with third parties, unless required by
law or lawfully directed by the client law firm or originating organization to do so, nor
does it ever use the data for a purpose incompatible with the purpose for which it was
originally collected, there is no need to offer individuals the opportunity to opt out from
having data disclosed. However, should the need ever arise, Precise will provide
individuals with reasonable notice and mechanisms to exercise their choice to opt-out
from having personal data so disclosed.
3. Onward Transfer (Transfer to Third Parties)
As mentioned above, Precise does not share personal information with third parties,
unless required by law or lawfully directed by the client law firm or originating
organization to do so. However, should the need ever arise, prior to disclosing personal
information to third parties, Precise will utilize the notice and choice principles noted
above. Moreover, where the need arises, Precise will obtain assurances from third parties
that they will safeguard the personal data consistent with this policy or any other EU
adequacy finding, or as an alternative, Precise will enter into a written agreement with
such third party to provide at least the same level of personal data protection as is
maintained by Precise.
4. Security
Precise takes reasonable precautions to protect personal information from loss, misuse,
unauthorized access, disclosure, tampering, alteration and destruction. As stated above,
the facility in which Precise processes and stores data maintains extensive physical
security features and the network infrastructure upon which data is stored is secured by
some of the most advanced data security and disaster recovery technology currently
available.
5. Data Integrity
Precise uses personal information only in a manner that is compatible with the purpose
for which it was collected or subsequently authorized by the individual. Precise takes
reasonable steps to ensure that personal information is reliable for its intended use,
accurate, complete and current.
6. Access
Since, under typical circumstances, the burden or expense of providing access would be
disproportionate to the risks to the individual’s privacy in a particular case, or the rights
of persons other than the individuals would be violated or seriously compromised,
individuals cannot be routinely provided access to personal information about them in
order to correct amend, or delete the information when inaccurate. However, where
appropriate to do so, Precise will grant individuals reasonable access to personal data that
it holds about them and Precise will take reasonable steps to permit individuals to correct,
amend or delete information that is demonstrated to be inaccurate or incomplete. Such
access is provided via the Precise secure web data repository and can be made available
to the individuals concerned 24 hours a day, 7 days a week around the globe.
7. Privacy Complaints by European Union Citizens
In compliance with the Safe Harbor Principles, Precise commits to resolve complaints
regarding privacy and collection or use of personal information. European Union citizens
with inquiries or complaints regarding this privacy policy should first contact:
Joseph Venturella
Vice President, Legal Services
429 Fourth Avenue, 2nd Floor
Pittsburgh, Pennsylvania, 15219
venturellaj@precise-law.com
412-281-8699.
Precise, has further committed to refer unresolved privacy complaints under the
US-EU [and EU-Swiss] Safe Harbor Principles to an independent dispute resolution
mechanism, the BBB EU SAFE HARBOR, operated by the Council of Better Business
Bureaus. If you do not receive timely acknowledgment of your complaint, or if your
complaint is not satisfactorily addressed by (your business name), please visit the
BBB EU SAFE HARBOR web site at www.bbb.org/us/safe-harbor-complaints for
more information and to file a complaint.
Precise will conduct an annual self-assessment to ensure that this policy is published and
disseminated within Precise and on its website, that it is being adhered to and that it
conforms to the seven principles set forth above. In addition, Precise has deployed
internal auditing measures to monitor its compliance with the Principles and to address
all questions or complaints. Precise will also self-certify annually with the U.S.
Department of Commerce as being in full compliance with the Principles.
Amendments to this Privacy Policy
Precise may amend this Safe Harbor Policy, from time to time, by posting a revised
policy on its website at www. precise-law.com. Precise will amend this Safe Harbor
Policy in a manner consistent with the requirements of the Safe Harbor Principles as set
forth above.
This Policy is effective as of January 1, 2012.
We self-certify compliance with: