EU-U.S. Privacy Shield Privacy Notice
Swiss-U.S. Privacy Shield Privacy Notice
Last Updated 18-Oct-2017
Spirosure, Inc. and its wholly-owned U.S. subsidiaries (collectively, “Spirosure” or “we”) have subscribed to and will comply with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework (“Privacy Shield”) regarding the processing of Personal Information (as defined below) that is transferred from the European Economic Area (the “EEA”) or Switzerland to Spirosure in the U.S. (“Spirosure U.S.”). More information about the Privacy Shield can be found at www.privacyshield.gov.
This Privacy Shield Notice supplements our Privacy Notice. Capitalised terms used in this Privacy Shield Privacy Notice have the meaning given to them by our Privacy Notice, unless specifically defined in this Notice. This Privacy Shield Notice applies to Spirosure U.S., which is subject to the investigatory and enforcement powers of the Federal Trade Commission. In case of a conflict between this Notice and the applicable Privacy Shield Principles (“Principles”), the Principles will govern.
Personal Information Received from the EEA or Switzerland
Spirosure U.S. may receive from the EEA or Switzerland some or all of the information listed in our Privacy Notice. Some of that information may qualify as “Personal Data” as defined in the Principles. To the extent that Spirosure U.S. receives Personal Data from the EEA or Switzerland in reliance on the Privacy Shield, Spirosure U.S. will handle such Personal Data in accordance with the Principles.
Data Integrity and Purpose Limitation
Spirosure may use the Personal Data it receives from the EEA or Switzerland for the purposes set forth in our Privacy Notice or as you may otherwise be notified. We take reasonable steps to ensure that the Personal Data we process is reliable for its intended use, accurate, complete, and current to the extent necessary for the purposes for which we use the Personal Data. We will not process Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorised by you. We will adhere to the Principles for as long as we retain the Personal Data collected under the Privacy Shield.
Our Privacy Notice describes the circumstances in which we may disclose your information to third parties. We remain responsible for the processing of Personal Data received under the Privacy Shield and subsequently transferred to a third party acting as an agent if the agent processes such Personal Data in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.
We may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
We use reasonable and appropriate measures to protect your Personal Data from loss, misuse, unauthorised access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the Personal Data.
We will give you an opportunity to choose whether your Personal Data may be used for a purpose that is materially different from the purposes for which it was originally collected or subsequently authorised by you, or if we intend to disclose it to a third party acting as a data controller that we have not previously disclosed to you. In such circumstances, we will notify you and offer you the opportunity to opt out of such uses and/or disclosures where non-sensitive Personal Data is involved, and to opt in where sensitive Personal Data is involved.
Access to Personal Information
Our Privacy Notice sets forth methods by which you may access and/or submit requests to review, correct, update, suppress, or delete information from or about you. Spirosure U.S. will comply with the Principles in its handling of such requests with respect to Personal Data.
Recourse and Enforcement
If you have any questions or concerns, please write to us at the address listed below. We will investigate and attempt to resolve any complaints and disputes regarding our use and disclosure of Personal Data in accordance with the Principles.
If an issue cannot be resolved through Spirosure’s internal dispute resolution mechanism, you may submit a complaint, at no cost, to JAMS, which serves as Spirosure’s third-party alternative dispute resolution provider. For claimed violations of the Principles not resolved by these mechanisms, you may be able to invoke binding arbitration as detailed in the Principles.
Privacy Shield Notice Changes
We may update this Notice from time to time, consistent with the requirements of the Privacy Shield. You can determine when this Notice was last revised by referring to the “Last Updated” legend at the top of this Policy. Any changes to this Policy will become effective when posted to our website.
How to Contact Us
If you have questions, concerns, or complaints about this Privacy Shield Policy or Spirosure’s privacy practices, please contact us by email at firstname.lastname@example.org or write to us at the following address:
Attn: Data Protection Officer
7020 Koll Center Parkway, Suite 110
Pleasanton, CA 94566-3107
United States of America