EzR Communications Incorporated Privacy Statement
Last Updated Sept, 24 2018
Your privacy is important to us. This privacy statement explains what personal data we collect from you and how we use it. It applies Truece.com and other EzR Communications Incorporated services (“Services”) that display this statement. References to EzR Communications Incorporated services in this statement include EzR Communication websites, apps, platforms and software, including, but not limited to Truece.com and the Truece app (“Truece”).
We encourage you to read the summaries below if you’d like more information on a particular topic. The Service-Specific Details below provide additional information relevant to particular EzR Communications services.
Personal Data We Collect
EzR Communications Incorporated collects data to operate effectively and provide you the best experiences with our services. You provide some of this data directly, such as when you create an account associated with any of our Services. We get some of it by recording how you interact with our services by, for example, using technologies like cookies and receiving error reports or usage data from software running on your device. We also obtain data from third parties (including other companies).
How We Use Personal Data
EzR Communications Incorporated VALUES YOUR TRUST WITH US AND YOUR PERSONAL INFORMATION, AND WILL NOT SELL YOUR DATA TO THIRD-PARTIES. EzR Communications Incorporated uses the data we collect to provide you the services we offer, which includes using data to improve and personalize your experiences. We also may use the data to communicate with you, for example, informing you about your account, and product information. And we use data to help make the ads we show you more relevant to you.
Reasons We Share Personal Data
We share your personal data with your consent or as necessary to complete any transaction or provide any service you have requested or authorized. We also share data with EzR Communications Incorporated-controlled affiliates and subsidiaries; with vendors working on our behalf; when required by law or to respond to legal process; to protect our customers; to protect lives; to maintain the security of our services; and to protect the rights or property of EzR Communications Incorporated.
Cookies & Similar Technologies
General Data Protection Regulation – GDPR
Privacy Shield Program Overview
EzR Communications Inc. is in the process of applying for and certifying with the General Data Protection Regulation (GDPR). EzR Communications and any of its entities or subsidiaries take data protection very seriously.
What is GDPR and how does it affect or help protect EzR Communications Inc. and any of its entities or subsidiaries user’s data?
The GDPR (General Data Protection Regulation) seeks to create a data protection law framework across the EU and aims to give back to data subjects, control of their personal data, whilst imposing strict rules on those hosting and processing this data, anywhere in the world.
Maintaining data integrity and purpose limitation
- Privacy Shield participants must limit personal information to the information relevant for the purposes of processing.
- Privacy Shield participants must comply with the new data retention principle.
Privacy Shield Program Overview
The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce, and the European Commission and Swiss Administration, respectively, to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce. On July 12, 2016, the European Commission deemed the EU-U.S. Privacy Shield Framework adequate to enable data transfers under EU law (see the adequacy determination). On January 12, 2017, the Swiss Government announced the approval of the Swiss-U.S. Privacy Shield Framework as a valid legal mechanism to comply with Swiss requirements when transferring personal data from Switzerland to the United States. See the statements from the Swiss Federal Council and Swiss Federal Data Protection and Information Commissioner.
The Privacy Shield program, which is administered by the International Trade Administration (ITA) within the U.S. Department of Commerce, enables U.S.-based organizations to join one or both of the Privacy Shield Frameworks in order to benefit from the adequacy determinations. To join either Privacy Shield Framework, a U.S.-based organization will be required to self-certify to the Department of Commerce (via this website) and publicly commit to comply with the Framework’s requirements. While joining the Privacy Shield is voluntary, once an eligible organization makes the public commitment to comply with the Framework’s requirements, the commitment will become enforceable under U.S. law. All organizations interested in self-certifying to the EU-U.S. Privacy Shield Framework or Swiss-U.S. Privacy Shield Framework should review the requirements in their entirety. To assist in that effort, Commerce’s Privacy Shield Team has compiled resources and addressed frequently asked questions below.
Will the Privacy Shield continue to serve as a data transfer mechanism under the EU General Data Protection Regulation (GDPR)?
- Yes. Article 45 of the GDPR provides for the continuity of adequacy determinations made under the EU’s 1995 Data Protection Directive, one of which was the adequacy decision on the EU-U.S. Privacy Shield.
- The Privacy Shield was also designed with an eye to the GDPR, addressing both substantive and procedural elements.
- For instance, the Privacy Shield includes an annual review, which was designed to address the GDPR’s requirement for a mechanism for a periodic review, at least once every four years, of relevant developments.
- It is important to note that Privacy Shield is not a GDPR compliance mechanism, but rather is a mechanism that enables participating companies to meet the EU requirements for transferring personal data to third countries, discussed in Chapter V of the GDPR.
Does the Clarifying Lawful Overseas Use of Data Act (CLOUD Act) affect the Privacy Shield Framework?
- The CLOUD Act involves data transfers for law enforcement purposes. It does not conflict with the Privacy Shield Framework, which provides a legal basis under EU law for transfers of personal data from the EU to participating US organizations. The Privacy Shield Framework is unrelated to, and unaffected by, the CLOUD Act.
Why should an organization that previously participated in the Safe Harbor program self-certify to the Privacy Shield and how should references to Safe Harbor be adjusted when self-certifying?
- The Privacy Shield provides a number of important benefits to U.S.-based organizations, as well as their partners in Europe. These include:
- The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were deemed adequate by the European Commission and Swiss Government respectively, meaning they are recognized mechanisms to comply with EU and Swiss data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.
- Participating organizations are deemed to provide “adequate” privacy protection, a requirement for the transfer of personal data outside of the European Union under the EU Data Protection Directive and outside of Switzerland under the Swiss Federal Act on Data Protection.
- Compliance requirements of the Privacy Shield Framework are clearly laid out and can be implemented by small and medium-sized enterprises.
- The U.S.-EU and U.S.-Swiss Safe Harbor Frameworks are no longer legally recognized as adequate under EU and Swiss law for transferring personal data from the European Union and Switzerland to the United States.
What information will an organization be required to provide to the Department of Commerce in the online self-certification process?
- The information that an organization must provide during the self-certification process is outlined at https://www.privacyshield.gov/article?id=Self-Certification-Information.
- Organizations interested in self-certifying are encouraged to review and compile this information prior to initiating the online certification process.
What are some certification and notice requirements for entities or subsidiaries of the organization also adhering to the Privacy Shield Principles?
- Each organization will be asked during the self-certification process to identify all U.S. entities or U.S. subsidiaries of the organization also adhering to the Privacy Shield Principles and covered under the organization’s self-certification.
- The organization can either 1) list the entities and subsidiaries by name or, 2) if an individual could readily understand the subsidiaries’ connection to the organization due to the use of a shared brand name as part of the entities’ names, the organization may indicate “all U.S. subsidiaries using brand name [X],” excluding particular entities if applicable.
- Per the Notice Principle, organizations must also inform individuals about the U.S. entities or U.S. subsidiaries also adhering to the Principles.
Privacy Shield Content for Use by DPAs
The Department of Commerce will develop informational material regarding the Privacy Shield that interested DPAs may include on their own websites or distribute to individuals to increase transparency and understanding of the Privacy Shield among European stakeholders.
The Privacy Shield team recognizes that EU individuals and businesses will often turn to DPAs first to seek information regarding the Privacy Shield and the rights and responsibilities it creates. Increased transparency regarding the Privacy Shield will help facilitate the identification of issues as they arise, so that these can be appropriately addressed.
The Department of Commerce invites DPAs to reach out to the Department of Commerce’s DPA liaison (by clicking here and submitting an inquiry via the “Dispute Resolution and Enforcement” tab) with any suggestions regarding this material to better assist DPAs and European stakeholders.
Key New Requirements
EU-U.S. Privacy Shield Framework
Key New Requirements for Participating Companies
Informing individuals about data processing
- A participant must inform individuals of their rights to access their personal data, the requirement to disclose personal information in response to lawful request by public authorities, which enforcement authority has jurisdiction over the organization’s compliance with the Framework, and the organization’s liability in cases of onward transfer of data to third parties.
Providing free and accessible dispute resolution
- Individuals may bring a complaint directly to a Privacy Shield participant, and the participant must respond to the individual within 45 days.
- Privacy Shield participants must provide, at no cost to the individual, an independent recourse mechanism by which each individual’s complaints and disputes can be investigated and expeditiously resolved.
- If an individual submits a complaint to a data protection authority (DPA) in the EU, the Department of Commerce has committed to receive, review and undertake best efforts to facilitate resolution of the complaint and to respond to the DPA within 90 days.
- Privacy Shield participants must also commit to binding arbitration at the request of the individual to address any complaint that has not been resolved by other recourse and enforcement mechanisms.
Cooperating with the Department of Commerce
- Privacy Shield participants must respond promptly to inquiries and requests by the Department of Commerce for information relating to the Privacy Shield Framework.
Ensuring accountability for data transferred to third parties
To transfer personal information to a third party acting as a controller, a Privacy Shield participant must:
- Comply with the Notice and Choice Principles; and
- Enter into a contract with the third-party controller that provides that such data may only be processed for limited and specified purposes consistent with the consent provided by the individual and that the recipient will provide the same level of protection as the Principles and will notify the organization if it makes a determination that it can no longer meet this obligation. The contract shall provide that when such a determination is made the third party controller ceases processing or takes other reasonable and appropriate steps to remediate.
To transfer personal data to a third party acting as an agent, a Privacy Shield participant must:
- Transfer such data only for limited and specified purposes;
- Ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Principles;
- Take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with the organization’s obligations under the Principles;
- Require the agent to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles;
- Upon notice, take reasonable and appropriate steps to stop and remediate unauthorized processing; and
- Provide a summary or a representative copy of the relevant privacy provisions of its contract with that agent to the Department upon request.
Transparency related to enforcement actions
- Privacy Shield participants must make public any relevant Privacy Shield-related sections of any compliance or assessment report submitted to the FTC if the organization becomes subject to an FTC or court order based on non-compliance.
Ensuring commitments are kept as long as data is held
- If an organization leaves the Privacy Shield Framework, it must annually certify its commitment to apply the Principles to information received under the Privacy Shield Framework if it chooses to keep such data or provide “adequate” protection for the information by another authorized means.
Other Important Privacy Information
You can find information on EzR Communications Incorporated’s commitment to protecting your privacy at https://truece.com/legal/privacy.