Privacy Shield

PureWorks Inc. dba UL EHS Sustainability “UL EHS Sustainability” complies with the U.S.-EU Privacy Shield and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from the European Economic Area and Switzerland. UL EHS Sustainability has certified that it adheres to the Privacy Shield and Swiss Safe Harbor Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.

This Privacy Shield Statement (this “Statement”) sets forth the privacy principles UL EHS Sustainability follows with respect to transfers of personal information from the European Economic Area (“EEA”) (which includes the member states of the European Union (“EU”) plus Iceland, Liechtenstein and Norway) and Switzerland.  If there is any conflict between the terms in this Statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

For further information about the Privacy Shield Program, and to view our certification, please visit www.privacyshield.gov.

Effective Date
28 September 2016

Scope

This Statement applies to all Personal Information received from individuals by UL EHS Sustainability in the U.S. from the EEA or Switzerland (other than UL EHS Sustainability internal HR data), in any format.

Definitions

“Agent” means any third party that collects or uses Personal Information under the instructions of, and solely for, UL EHS Sustainability or to which UL EHS Sustainability discloses Personal Information for use on UL EHS Sustainability’s behalf.

“Personal Information” means any information or set of information that identifies or could be used by or on behalf of UL EHS Sustainability to identify an individual. Personal information does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public personal information.

“Sensitive Personal Information” means Personal Information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, views or activities, that concerns health or sex life, information about social security benefits, or information on criminal or administrative proceedings and sanctions other than in the context of pending proceedings. In addition, UL EHS Sustainability will treat as Sensitive Personal Information any information received from a third party where that third party treats and identifies the information as sensitive.

Privacy Shield Principles

The following privacy principles apply to the transfer, collection, use or disclosure of Personal Information by UL EHS Sustainability.

Notice – When UL EHS Sustainability collects Personal Information directly from individuals in the EEA or Switzerland, it will inform them about (1) the purposes for which their Personal Information is being collected; (2) the types of third parties to which information about them may be disclosed; (3) the choices UL EHS Sustainability offers individuals regarding the uses and disclosure of their Personal Information, if applicable; and (4) how to contact UL EHS Sustainability with any questions or complaints in connection with this Statement.  Notice will be provided in clear and conspicuous language when individuals are asked to provide Personal Information to UL EHS Sustainability, or as soon as practicable thereafter, and in any event before UL EHS Sustainability uses or discloses the information for a purpose other than that for which it was originally collected.

Where UL EHS Sustainability receives Personal Information from its clients or other entities in the EEA or Switzerland, UL EHS Sustainability will use and disclose such information in a manner consistent with the notices provided by such entities and the choices exercised by the individuals to whom such Personal Information relates.

Choice – UL EHS Sustainability will provide individuals with an opportunity to choose (opt out) whether their Personal Information is to be (1) disclosed to a non-Agent third party; or (2) used for a purpose that is incompatible with the purpose(s) for which it was originally collected or subsequently authorized by the individual.  UL EHS Sustainability will provide individuals with an affirmative or explicit (opt in) prior to disclosure of their Sensitive Personal Information to a non-Agent third party or use of their Personal Information for a purpose other than those for which it was originally collected or subsequently authorized by the individual. Where UL EHS Sustainability receives Personal Information from its clients or other entities in the EEA or Switzerland, UL EHS Sustainability will not knowingly use or share such Personal Information in ways incompatible with the authorizations obtained by such entities with respect to such Personal Information without providing the individual a choice.

Onward Transfer – When disclosing Personal Information from individuals in the EEA or Switzerland to any third-party Agents, UL EHS Sustainability will obtain assurances from its Agents that they will safeguard Personal Information consistent with this Statement.  Examples of appropriate assurances that may be provided by agents include: (1) a written agreement requiring the Agent provide at least the same level of privacy protection as is required by the Privacy Shield; or (2) the Agent is subject to EU Directive 95/46/EC and/or another adequacy finding, Privacy Shield certification by the Agent, or is subject to another European Commission adequacy finding (e.g., companies located in Canada). If UL EHS Sustainability has knowledge that an Agent is using or disclosing Personal Information in a manner contrary to this Statement, UL EHS Sustainability will take reasonable steps to prevent or stop such use or disclosure.  UL EHS Sustainability’s accountability for personal information received under the Privacy Shield and subsequently transferred to a third party is described in the Privacy Shield Principles.  In particular, UL EHS Sustainability remains responsible and liable under the Privacy Shield Principles if third-party agents engaged to process personal information on our behalf do so in a manner inconsistent with the Privacy Shield Principles, unless UL EHS Sustainability proves that it is not responsible for the event giving rise to the damage (if any).

Security – UL EHS Sustainability takes reasonable precautions to protect EEA or Swiss Personal Information in its possession from loss, misuse, unauthorized access, disclosure, alteration and destruction.

Data Integrity – UL EHS Sustainability takes reasonable steps to ensure that any Personal Information is accurate, complete, current and otherwise reliable in relation to the purposes for which the information was obtained or authorized by an individual.

Access and Opportunity to Correct – Upon written request to UL EHS Sustainability, UL EHS Sustainability will provide individuals in the EEA or Switzerland with reasonable access to Personal Information that it holds about them. UL EHS Sustainability will also take reasonable steps to allow individuals to review their Personal Information for purposes of correcting their Personal Information that is demonstrated to be inaccurate or incomplete, except where the burden or expense of providing access would be disproportionate to the risks of the individual privacy in the case in question or the rights of persons other than the individual would be violated.

Enforcement – UL EHS Sustainability has established internal procedures for verifying its compliance with this Statement and periodically conducts a self-assessment of its practices with respect to EEA and Swiss Personal Information. Individuals should first raise any concerns about our processing of their Personal Information by contacting UL EHS Sustainability at the address below, and UL EHS Sustainability will seek to resolve any concerns. If a complaint or concern cannot be resolved through UL EHS Sustainability’s internal process, such complaints may be submitted for resolution with the Judicial Arbitration and Mediation Services (“JAMS”) at https://jamsadr.com/eu-us-privacy-shield in accordance with the expedited rules of JAMS. If your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.  UL EHS Sustainability is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Changes to this Statement – This Statement may be amended from time to time, consistent with the requirements of the Privacy Shield. The revisions will take effect on the date of publication of the amended Statement.

Contact Information – Please address any questions, comments or complaints about this Statement or any rights set forth in this Statement by contacting UL EHS Sustainability by any of the methods identified below:

E-mail: francesca.wolf@ul.com

 

Address:

PureWorks Inc. dba UL EHS Sustainability

5000 Meridian Blvd, Suite 600

Franklin, TN USA 37067

Telephone: 615.367.4404

Fax: 615.367.3887