Privacy Shield Policy
Privacy Shield Policy
Scope:ALTA’s participation in the Privacy Shield (the “Policy”) applies to all personal information subject to the ALTA Privacy Statement that is received in any format from the European Union, European Economic Area, and Switzerland. ALTA will establish and maintain business procedures that are consistent with this Policy.
Notice: In delivering its language services and managing the business, ALTA uses different online tools. These include tools for service delivery, customer relationship management, customer service, social engagement, data analytics, internal employee management, and platforms for building websites and applications, among others. In using these tools, ALTA processes data our customers, visitors, employees, vendors, and job applicants submit to our services or instruct us to process on their behalves. While ALTA’s customers, visitors, employees, vendors and job applicants decide what data to submit, it typically includes personal information, such as contact information, purchases, billing information, and tax information.
Data Processed: ALTA treats all material sent to us from our customers, employees, vendors, visitors, and job applicants as confidential in accordance with its current confidentiality commitments with them. Confidentiality provisions are required as part of all of our contracts with all of our customers, vendors and employees; each separate entity must sign a confidentiality agreement prior to becoming affiliated or working with ALTA. All vendors who will be processing EU personal data are also required to sign the EU Standard Contractual Clauses. In addition, all vendors working on or accessing EU personal data are required to sign an EU Data Protection Agreement prior to working with ALTA. This document addresses common requirements concerning Notice, Choice, Onward Transfer, Access, Security, Data Integrity and Enforcement of the Personal Data with respect to the vendor’s personal data.
ALTA maintains on secure systems all personal data regarding customers, visitors, employees, vendors and applicants to jobs posted on its portal. This information is collected to aid ALTA in conducting business operations. In addition to the personal data itself, the information which ALTA protects includes contact details, billing/invoicing/payment information, services and products provided to our clients, information within source and reference files sent to perform translation projects or regarding interpretation assignments, recordings of language tests and interpretation tests, written language and interpretation tests, language test results, interpretation test results, language training assessments, evaluations and tests, whether in digital or paper form. In regard to our employees and vendors, this information may also include contact details, payment information, professional qualifications, financial information, and information provided by the employee or vendor in its resume. Copies of all work that ALTA has done for its customers are maintained in appropriate files. Unless required by law or court order, ALTA does not rent, sell, loan or otherwise make this information available to any third party except to those authorized agents, representatives, and professional consultants to whom disclosure is reasonably necessary for the purposes of conducting business operations.
Purpose of Data Processing: ALTA processes data submitted by customers, visitors, employees, vendors, and job applicants to aid the Company in conducting its business. To fulfill this purpose, ALTA may access the data to provide the services, to correct and address technical or service problems, or to follow instructions of the ALTA customer who submitted the data, or in response to contractual requirements.
Choice: ALTA has found that clients in our industry often require more than one language-related service – for example, testing and translation services. Because of this, we utilize cross-selling to send targeted material to our direct clients who have used our services in the past. We always offer clients the opportunity to opt-out of receiving targeted material. Otherwise, ALTA does not permit the disclosure of personal information to non-agent third parties. ALTA does not market to indirect clients nor use the information about indirect clients for any purpose other than performing services for the direct client.
Data Security: All communication and files in digital format are stored on a secure network, accessible only by approved staff. All critical systems and servers are separately housed within ALTA’s secure facilities and are accessible only by authorized personnel. Our information security is managed internally and meets industry standards for secure networks. ALTA takes precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration, and destruction. ALTA’s physical premises are protected with a security guard, 24 / 7 / 365, and all off-hour entry is logged through an access control system. ALTA periodically performs network backups. While our backup files are stored offsite, they are handled by authorized personnel only.
HR Data: ALTA commits to cooperate with EU Data Protection Authorities and comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship. With respect to any complaints relating to this Policy that cannot be resolved through ALTA’s internal processes, ALTA has agreed to cooperate with the European Data Protection Authorities and to participate in the dispute resolution procedures of the panel established by the European Data Protection Authorities to resolve disputes pursuant to the Privacy Shield Principles.
Transfer to Agents: ALTA will obtain assurances from our agents that they will safeguard personal information consistent with this Policy. In the event that ALTA has knowledge that an agent is using or disclosing personal information contrary to this Policy, ALTA will take the necessary steps to prevent or stop the use or disclosure.
Accountability for Onward Transfer: In the event ALTA discloses personal data covered by this Policy to a non-agent third party, it will do so consistent with any notice provided to the related individuals and any choice they have exercised regarding processing and disclosure. ALTA will only disclose personal data to third parties that have given us contractual assurances that they will provide at least the same level of privacy protection as is required by this Policy and the Principles and that they will process personal data for limited and specific purposes consistent with any consent provided by the individual. If ALTA has knowledge that a third party to which it has disclosed personal data covered by this Policy is processing such personal data in a way that is contrary to this Policy and/or the Principles, ALTA will take steps to prevent or stop such processing. In such case, the third party is liable for damages unless it is proven that ALTA is responsible for the event giving rise to the violation.
Third Parties Receiving Personal Data: ALTA uses a limited number of third-party service providers to assist in providing our services to customers. These third-party providers perform database monitoring and other technical operations, assist with the transmission of data, and provide data storage services. These third parties may access, process, or store personal data in the course of providing their services. ALTA maintains contracts with these third parties restricting their access, use and disclosure of personal data in compliance with our Privacy Shield obligations, and ALTA may be liable if they fail to meet those obligations and responsible for the event giving rise to damage.
Access and Correction: An individual may make a request to ALTA for access to the information ALTA maintains about him or her, or the company with which he or she is associated. The individual has the right to receive confirmation from ALTA about the data relating to him/her that ALTA has on file, and to correct, amend, or delete that information when it is inaccurate.
Disclosures for National Security or Law Enforcement: : Under certain circumstances, ALTA may be required to disclose your EU Personal data and Swiss Personal data in response to valid requests by public authorities, including to meet national security or law enforcement requirements.
Changes to the Privacy Shield Policy: This Policy may be amended from time to time, consistent with any changes in the Privacy Shield Principles. Appropriate public notice will be given in the event of such amendments.
Oversight: ALTA’s privacy practices are self-certified as defined in the U.S. Department of Commerce Privacy Shield Program. For more information about the Privacy Shield Program, please go to https://www.privacyshield.gov/welcome.
Compliance and Enforcement: ALTA periodically verifies that the Policy is accurate, comprehensive for the information intended to be covered, and conforms to the U.S.-EU and U.S.-Swiss Privacy Shield Principles. The Federal Trade Commission has jurisdiction over ALTA’s compliance with the Privacy Shield.
Questions or Complaints: We encourage interested persons to raise any concerns with us using the contact information below. In compliance with the Privacy Shield Principles, ALTA commits to resolve complaints about our collection or use of personal information. European Union and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact ALTA Compliance Department at: 404.920.3844, or via email. ALTA will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of EU Personal Data or Swiss Personal Data within 45 days of receipt and in accordance with the principles contained in this Policy
With respect to any complaints related to this Policy that cannot be resolved through our internal process, ALTA agrees to participate in the dispute resolution procedures of the panel established by our U.S. based third party dispute resolution provider (free of charge), the Judicial Arbitration and Mediation Services (JAMS). Please contact or visit JAMS for more information or to file a complaint: https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim. ALTA has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU and Switzerland in the context of the employment relationship. In the event that we or the authorities conclude that we did not comply with the Policy, we will take appropriate steps to address any adverse effects and promote future compliance.
Binding arbitration: An individual may have the option to select binding arbitration for the resolution of his or her complaint under certain circumstances, provided he or she has taken the following steps: (1) raised his or her complaint directly with ALTA and provided ALTA the opportunity to resolve the issue; (2) made use of the independent dispute resolution mechanism identified above; and (3) raised the issue through the relevant data protection authority and allowed the US Department of Commerce an opportunity to resolve the complaint at no cost to him or her. For more information on binding arbitration, see US Department of Commerce’s Privacy Shield Framework: Annex I (Binding Arbitration).
Modifications:ALTA may update this Policy at any time by publishing an updated version here. ALTA will not update this Privacy Shield Policy in contravention to the Principles so long as we remain certified to the Privacy Shield.
First update effective: January 16, 2019