EU-US Privacy Shield Framework Statement
PAR recognizes that privacy is very important to our Customers, as well as the clients and patients of our Customers. Therefore, PAR pledges to protect the security and privacy of any personal information that Customers provide to us about themselves, and/or their clients/patients. This may include Customer's names, addresses, telephone numbers, e-mail addresses, and any information that can be linked to an individual, as well as names and other demographic information that a PAR Customer may enter into PARiConnect related to his/her clients/patients. PAR strives to collect, use, and disclose personal information in a manner consistent with the laws of the countries in which it does business. We also have a tradition of upholding high ethical standards in our business practices. This Privacy Shield Framework Statement (the "Statement") sets forth the privacy principles that PAR follows with respect to transfers of personal information from the European Union and Switzerland, and reflects PAR’s commitment to applying the Privacy Shield Framework as designed by the U.S. Department of Commerce and the European Commission.
The United States Department of Commerce and the European Commission have agreed on a set of Privacy Shield Framework principles (the "Privacy Shield Framework") to enable U.S. companies to satisfy the EU law requirement that personal information transferred from the EU to the United States be adequately protected. Consistent with its pledge to protect personal privacy, PAR adheres to the Privacy Shield Framework.
PAR complies with the EU-US Privacy Shield Framework as set forth by the U.S. Department of Commerce and European Commission regarding the collection, use, and retention of personal information from European Union member countries, as well as a similar framework with Switzerland. PAR has certified that it adheres to the Privacy Shield Framework principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Privacy Shield Framework program, and to view PAR’s certification, please visit https://www.privacyshield.gov/.
This Privacy Shield Framework Statement applies to all personal information received by PAR from the EU, in any format including electronic, paper, or verbal.
The following definitions shall apply throughout this Policy:
"Agent" means any third party that may use or store personal information provided to PAR to perform tasks on behalf of and under the instructions of PAR.
"Personal information" means any information or set of information that identifies or could be used to identify an individual.
"Sensitive personal information" means personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, or that concerns health or sex life. In addition, PAR will treat as sensitive personal information any information received from a third party where that third party identifies the information as sensitive. PAR does not request sensitive personal information related to its Customers. Customers who use PAR’s online assessment platform, PARiConnect, may occasionally need to enter client/patient ethnicity or gender relative to a specific assessment.
The privacy principles in this Policy are based on the Privacy Shield Framework.
NOTICE: When PAR collects personal information directly from individuals, it will inform them about the purposes for which it collects and uses their personal information, the types of third parties (other than Agents), if any, to which PAR discloses that information, and the choices and means that PAR offers individuals for limiting the use and disclosure of their personal information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to PAR, or as soon as practicable thereafter, and in any event before PAR uses the information for a purpose other than that for which it was originally collected. Personal information entered on PARiConnect by PAR Customers for their clients/patients will ONLY be used by the PAR Customer, and is not available or accessible to PAR.
The types of information that PAR will collect from individuals are the individual’s name, and appropriate payment information required to purchase goods and materials from PAR. Purchase information that is required will typically be a credit card number, along with expiration dates and security codes related to the credit card. We also will retain a Customer’s name and shipping address to facilitate purchasing and shipping. You may update and/or correct this information at any time. We also will request an e-mail address to enhance communication with you. If you do not wish to receive any product information from PAR you may elect to opt-out of any mail or e-mail product information.
CHOICE: PAR will offer individuals the opportunity to choose (opt-out) whether their personal information is (a) to be disclosed to a third party (other than an Agent), or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Personal information entered on PARiConnect by PAR Customers for their clients/patients will ONLY be used by the PAR Customer, and is not available or accessible to PAR, or its employees.
DATA INTEGRITY: PAR will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. PAR will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current.
TRANSFERS TO AGENTS AND OTHER PROCESSORS: PAR will obtain assurances from its agents and other third-party processors (“agents”) that they will safeguard personal information consistent with this Policy. If PAR has knowledge that an agent is using or disclosing personal information in a manner contrary to this Policy, PAR will take reasonable steps to prevent or stop the use or disclosure. PAR retains liability for onward transfers to such agents when under the direction of PAR.
ACCESS AND CORRECTION: Upon request, PAR will grant individuals reasonable access to personal information that it holds about them, and PAR will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete. PAR will take steps to provide this access through the PAR Customer that created or entered the individual’s information, so that all impacted individuals (PAR Customer and his/her client/patient) will have accurate and updated information.
SECURITY: PAR will take reasonable precautions to protect personal information in its possession from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Additionally, for legal reasons we may provide personal information to meet any applicable law, regulation, legal process, or enforceable government request.
ENFORCEMENT: PAR will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy. Any employee that PAR determines is in violation of this policy will be subject to disciplinary action up to and including termination of employment.
DISPUTE RESOLUTION: In compliance with the Privacy Shield Principles, PAR commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Private Shield policy should first contact PAR by reaching out to:
PAR Privacy Office
16204 N. Florida Avenue
Lutz, FL 33549
PAR has further committed to refer unresolved Privacy Shield complaints to the International Center for Dispute Resolution within the American Arbitration Association (“ICDR/AAA”), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit http://info.adr.org/safeharbor/ for more information or to file a complaint. The services of ICDR/AAA are provided at no cost to you. Finally, under certain conditions, you may invoke binding arbitration to resolve the dispute.
Any questions or concerns regarding the use or disclosure of personal information should be directed to the PAR Privacy Officer at the address given below. PAR will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy. For complaints that cannot be resolved between PAR and the complainant, PAR has agreed to participate in the dispute resolution procedures of the International Center for Dispute Resolution/American Arbitration Association established to resolve disputes pursuant to the Privacy Shield Framework.
Questions or comments regarding this Statement should be submitted to the PAR Privacy Officer by mail or e-mail as follows:
PAR Privacy Office
16204 N. Florida Avenue
Lutz, FL 33549
CHANGES TO PRIVACY SHIELD FRAMEWORK STATEMENT
This Policy may be amended from time to time, consistent with the requirements of the Privacy Shield Framework. PAR will provide appropriate public notice about such amendments.
Effective November 8, 2016.