EU Safe Harbor Privacy Policy
Posted January 20, 2012
K2 Intelligence
European Union Safe Harbor Privacy Policy
K2 Intelligence, LLC (“K2 Intelligence”) receives personal information pertaining to data subjects residing in the European Union (“EU”). Such personal information may be received from subjects through the subject’s voluntary submission in writing, electronic submission via our website, or from our clients in connection with requests for background due diligence we provide.K2 Intelligence is a participant in the Safe Harbor program developed by the U.S. Department of Commerce and the European Union. K2 Intelligence has certified that it adheres to the seven Safe Harbor Principles and the 15 FAQs that make up the Safe Harbor Framework(s) published by the U.S. Department of Commerce with regard to the use of certain personal information.
K2 Intelligence complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. K2 Intelligence has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view K2 Intelligence’s certification, please visit http://www.export.gov/safeharbor/
In addition all personal information is collected, stored and used in compliance with the Fair Credit Reporting Act (“FCRA”) and other state and federal laws where applicable, which regulate some of the background work conducted by K2 Intelligence.
1. Notice
K2 Intelligence receives personal information about consumers from its clients in providing employment related and investment due diligence. K2 Intelligence’s clients certify to K2 Intelligence the following: to the extent required by applicable law, they have obtained the consumer’s consent to share this information with K2 Intelligence; they are requesting due diligence for employment or other purposes permitted under the FCRA or other applicable law, and finally that they will use the results of K2 Intelligence’s work only for legally permissible purposes, such as employment and investment due diligence decisions.
Through its due diligence process K2 Intelligence may obtain and provides to its client, information as requested by K2 Intelligence’s client. The information that is collected may include, but may not be limited to, history of arrests and/or convictions, credit history, employment history, educational history, places of residence, and driving records. Pursuant to the terms of its contract with its client, K2 Intelligence uses this information to prepare a report that meets its clients’ needs. K2 Intelligence will not use the information collected about a consumer for any other purpose without first giving the consumer an opportunity to opt out from such use. If the information is “sensitive” information as defined in the Safe Harbor Privacy Principles (i.e., personal information specifying medical or health conditions, racial or ethnic origin, political opinions or philosophical beliefs, trade union membership or information concerning the sex life of the individual), K2 Intelligence will use the information for an incompatible purpose only if the consumer affirmatively authorized that use.
2. Choice
K2 Intelligence collects information about consumers only if K2 Intelligence’s client has, to the extent required by applicable law, certified to K2 Intelligence that the consumer has affirmatively consented to such collection. Consumers who wish to revoke their consent to K2 Intelligence’s collection of information about them can do so at any time by sending written notification to Jason N. Golub, Chief Compliance Officer, K2 Intelligence at 845 Third Avenue, New York, NY 10040.
The revocation does not mean that information already collected will be erased or deleted. Various laws and compliance obligations require that K2 Intelligence maintain the data on file for a period of time. However, the consumer’s data will not be further disclosed after K2 Intelligence receives a revocation. After revocation of consent, K2 Intelligence also will not use the information for any purpose other than maintaining for compliance purposes an internal record.
3. Onward Transfer (Transfers to Third Parties)
K2 Intelligence generally will disclose the information obtained on a consumer only to (a) K2 Intelligence’s client, as described in the “Notice” section of this Policy; and (b) a third-party representative or subcontractor of K2 Intelligence authorized to receive such information (e.g., service providers that help host or support K2 Intelligence’s web site, or that otherwise provide technical assistance; court researchers; and other providers of professional services). K2 Intelligence shares information with these third parties only for the purposes described in the “Notice” section of this Policy. K2 Intelligence takes reasonable steps to safeguard personal information disclosed to its representatives and subcontractors. K2 Intelligence will disclose only the minimum personal information necessary to deliver to K2 Intelligence (for the benefit of K2 Intelligence’s client) the requested product or service. Before making such disclosures, K2 Intelligence ascertains that the third-party is subject to the European Union Data Protection Directive or requires by written agreement that the third party provide at least the same level of privacy protections as is required by the relevant Safe Harbor Privacy Principles. In addition, K2 Intelligence will disclose consumer information to these third parties only if they will maintain commercially reasonable security measures to protect the confidentiality, integrity and security of that personal information. K2 Intelligence also may in good faith disclose personal information and any other additional information available to K2 Intelligence, for any of the following purposes: (i) to investigate, prevent or take action regarding actual or suspected illegal activities or fraud; situations involving potential threats to the physical safety of any person; or violations of K2 Intelligence’s terms of use; (ii) to respond to subpoenas, court orders, or other legal process; (iii) to establish or exercise K2 Intelligence’s legal rights; or (iv) otherwise to comply with applicable law.
K2 Intelligence may acquire other businesses, and other businesses may acquire K2 Intelligence. If that occurs, the information K2 Intelligence collects may be one of the assets examined or transferred as part of the transaction. K2 Intelligence will not permit another business to examine the information K2 Intelligence has collected without a confidentiality agreement and only to the extent permitted by law. K2 Intelligence will not transfer the information it has collected unless the recipient agrees to provide privacy protections equal to or exceeding those established by this Privacy Policy.
4. Access
K2 Intelligence permits all consumers to inspect, and/or to receive a copy of, the information that K2 Intelligence has collected about them in accordance with the FCRA or other applicable law. Consumers also may request that K2 Intelligence correct, amend or delete inaccurate information about them. Consumers who wish to exercise these rights may contact K2 Intelligence. For security purposes, K2 Intelligence will require verification of the consumer’s identity.
5. Security
K2 Intelligence is committed to protecting the personal information that K2 Intelligence receives about consumers. While we cannot guarantee the security of that information, we have implemented a comprehensive information security program that includes a combination of administrative, technical and physical safeguards designed to protect against loss, misuse, and unauthorized access, disclosure, alteration and destruction of consumer information.
6. Data Integrity
In accordance with applicable law, K2 Intelligence takes reasonable steps to ensure that the information K2 Intelligence collects is accurate, complete, current, and reliable for its intended use. K2 Intelligence is not responsible for errors that exist within public court records or within records of other consumer reporting agencies, such as the national credit bureaus, and therefore cannot act as a guarantor of the information. Customers who wish to dispute the accuracy of information that K2 Intelligence maintains about them can do so by contacting the Chief Compliance Officer, Jason N. Golub. For security purposes, K2 Intelligence will require verification of the consumer’s identity.
7. Enforcement
K2 Intelligence conducts in-house verification of its compliance with the Safe Harbor Privacy Principles. As part of our participation in Safe Harbor, we have designated the American Arbitration Association as our independent recourse mechanism for investigation of unresolved complaints relating to our compliance with the Safe Harbor Privacy Framework. For any complaints regarding our compliance with the Safe Harbor Framework, please contact K2 Intelligence’s Chief Compliance Officer, Jason Golub at: jgolub@k2intelligence.com
If contacting K2 Intelligence does not resolve the complaint, please contact the American Arbitration Association by one of the following means:
Mail: 1633 Broadway, 10th Floor
New York, New York 10019
Web: www.adr.org
Toll-free Phone: 1-800-778-7879
Complaints involving human resources data as defined by the Safe Harbor may alternatively be submitted to the European Union Data Protection Authorities.
Changes to this Privacy Policy
K2 Intelligence may revise this policy from time to time as we add new products and services. If we decide to materially change this Privacy Policy, we will post the revised policy at this location 14 days before the revised policy goes into effect.
Contact Information
If you have any questions regarding our privacy policy, please contact us at:
K2 Intelligence
845 Third Avenue
Attn: Chief Compliance Officer
Effective Date: January 20, 2012
