Safe Harbor Policy
The United States Department of Commerce and the European Commission have agreed on a set of data protection principles and frequently asked questions ("Safe Harbor Principles") to enable U.S. companies to satisfy European Union law requirements for adequate protection of personal information transferred from the EU to the United States. The European Economic Area (EEA) also has recognized the U.S. Safe Harbor as providing adequate data protection. Consistent with its commitment to protect personal privacy, we adhere to the Safe Harbor Principles. Those Safe Harbor Principles are briefly described herein, and further detail can be found at http://www.export.gov/safeharbor/.
For the purposes of this Safe Harbor Policy, the following definitions shall apply:
“Personal information" means any information or set of information that identifies or could be used by Rust Consulting, its customers, or agents of its customers, to identify an individual. Personal information does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public personal information. It does not include information that pertains to a specific individual, but from which that individual could not reasonably be identified.
"Sensitive personal information" means personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or that concerns health or sex life. In addition, Rust Consulting will treat as sensitive personal information any information received from a third party where that third party treats and identifies the information as sensitive.
B. Safe Harbor Principles
To the extent permitted by the Safe Harbor Principles, we reserve the right to process personal information in the course of providing Settlement Administration services.
- Disclosures and Transfers
Notwithstanding the foregoing, we will not disclose an individual's personal information to third parties, except when one or more of the following conditions is true:
i. The disclosure is required by law or professional standards;
ii. The disclosure is reasonably related to disposition of all or part of our business;
iii. The information in question is publicly available;
iv. The disclosure is reasonably necessary for the establishment or defense of legal claims; or
v. The disclosure is to another affiliated entity or to persons or entities providing services on our or the client's behalf (each a "transferee"), consistent with the purpose for which the information was obtained, if the transferee, with respect to the information in question:
vi. is subject to law providing an adequate level of privacy protection;
vii. has agreed in writing to provide an adequate level of privacy protection; or
viii. subscribes to the Safe Harbor Principles.
Permitted transfers of information, either to third parties or within Rust Consulting, include the transfer of data from one jurisdiction to another, including transfers to and from the United States of America. Because privacy laws vary from one jurisdiction to another, personal information may be transferred to a jurisdiction where the laws provide less or different protection than the jurisdiction in which the information originated.
To prevent unauthorized access or disclosure, maintain data accuracy, and ensure the appropriate use and confidentiality of personal information, we have put into place appropriate physical, electronic, and managerial procedures designed to safeguard and secure the personal information we process. However, we cannot guarantee the security of information on or transmitted via the Internet or other unsecure methods outside our defined process.
The personal information we collect is relevant for the purposes for which it is to be used. To the extent necessary for such purposes, we take reasonable steps to make sure that personal information is accurate, complete, current, and otherwise reliable with regard to its intended use.
- Access to and Removal of Personal Information
You may request access to our copy of your personal information by contacting us at the email or postal addresses below, and we will provide such access except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated. If you have set up an account with us on the Settlement Website, you may access our copy of your personal information by logging-in to your account information on the Settlement Website.
You may request that we correct, amend or delete your personal information stored by us in electronic form where it is inaccurate. We will honor your request, but we are unable to guarantee that all such information will be deleted because some residual information may remain on back-up storage and other media until destroyed in accordance with our standard procedures. Please note that deletion of some or all of your personal information may affect your ability to participate in the Settlement.
- Enforcement and Dispute Resolution
Any questions or concerns regarding the use or disclosure of personal information should be directed to Rust at the email or mailing address given below. Rust will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy. For complaints that cannot be resolved between Rust and the complainant, Rust has agreed to participate in the dispute resolution procedures of the panel established by the European data protection authorities to resolve disputes pursuant to the Safe Harbor Principles.
Rust Consulting, Inc.
625 Marquette Avenue, Suite 900
Minneapolis, MN 55402