Calero complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Calero has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. Calero is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
Table of Contents
II. Data Privacy Officer
III. Collection and Use of Personal Data
IV. Privacy Principles
V. Contact Information
For purposes of this Policy, the following definitions shall apply:
“Data Subject” means an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“GDPR” refers to the European General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
“EU” (European Union) refers to those countries that are members of the European Union.
“EEA” (European Economic Area) refers to those countries that are members of the European Economic Area.
“CLM” means Communications Lifecycle Management.
“Personal Data” means any information relating to a Data Subject.
“Privacy Shield Principles” mean the Privacy Shield Principles enumerated under the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Third Party” means any person that is not an employee or agent of Calero.
II. Data Privacy Officer
Calero has a designated Data Privacy Officer responsible for our compliance with and enforcement of this Policy. Calero educates its employees that will be in possession of personal information concerning compliance with this policy and undertakes self-assessment to assure compliance. Questions or complaints regarding this Policy and any privacy-related issue should be submitted by mail or email to the attention of the Data Privacy Officer, at the address found at the end of this document.
III. Collection and Use of Personal Data
This Policy applies to all personal data received by Calero in any format including electronic, paper or verbal. Calero collects and processes personal data from current and former employees, as well as applicants for employment, clients, and prospective clients, through its Internet websites, its Intranet site, carrier portals, electronic mail, and traditional mail.
All personal data collected by Calero will be used for legitimate business purposes consistent with this Policy. Calero will not sell or trade any of the personal data collected with Third Parties.
IV. Privacy Principles
The privacy principles expressed in this Policy are based on the Privacy Shield Principles enumerated under the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework).
1. Notice Regarding Personal Data That We Collect.
Calero collects personal data for, among other reasons, human resource management such as payroll administration, filling employment positions, maintaining accurate benefits records, meeting governmental reporting requirements, security, and health and safety management.
Calero also receives from customers for the purpose of providing CLM solutions, information which may be considered personal data. This information may be received directly from the customer and or through the processing of customer invoices, call detail records and from the shipping of wireless devices on behalf of customers.
The typical information received may include one or more of the following: Employee ID, Name, Title, Department, Cost Center, Email Address, Phone Numbers and Mailing Addresses. This information is used solely for the purposes of providing contracted CLM services.
Our website, products and services are not directed to individuals under the age of 14. We do not knowingly collect personal data from such individuals. If you become aware that such a person has provided us with personal data, please contact us at firstname.lastname@example.org. If we become aware that a child under the age of 14 has provided us with personal data, we will take steps to delete that information.
3. Our Use of Personal Data. Calero may use personal data in various ways. Among other things, we use personal data to: provide products and services to you and respond to other requests that you have; update and expand our records with new information and analyze our records to identify potential customers; evaluate the frequency, duration, and patterns of usage of our website to improve the user experience; and contact you with tailored advertising for products and services that may be of interest to you. When required by applicable law (e.g., the GDPR as applied to Data Subjects in the EU), we will only send to you marketing information by e-mail if you expressly provide to us consent for us to do so. If necessary, we also may use your personal data in order to comply with applicable laws and for our legitimate purpose of protecting our legal rights, for example, in connection with legal claims, compliance, regulatory, or investigative purposes.
4. Accountability for Onward Transfer (Transfers to Third Parties). Calero does not sell trade or rent personal data to third parties, however Calero reserves the right to use third party contractors to supplement workforce activities. Calero will only disclose information to unaffiliated third parties if required by law or authorized individuals of respective customer. In the event Calero uses a third party or must disclose information to a third party we will have in place a data processing agreement acknowledging that the personal data will only be used for the intended purpose and safeguarded in a manner consistent with this Policy. Calero remains liable under the Privacy Shield Principles if its onward transfer recipients process personal data in a manner inconsistent with the Privacy Shield Principles, unless Calero proves that it is not responsible for the event giving rise to the damage.
5. Security. Calero uses administrative, organizational, technical, and physical safeguards to protect your personal data. Calero’s hosted solutions maintain personal data on secure servers located in secure data centers. Calero will take reasonable precautions to protect personal data in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction. Personal data stored on these servers is protected by firewalls restricting access and requires login ids and passwords to access the information. Calero limits access to personal data to those persons in our organization or contractor’s organization that have a specific business purpose for maintaining and processing such personal data. Any individuals who are granted access to personal data will have been made aware of their responsibilities to protect the security, confidentiality, and integrity of that data and will have been provided training and instruction on how to do so. We require our partners to use appropriate security measures.
6. Retention of Personal Data. Calero will retain personal data while we have a justifiable business need to do so, unless a longer retention period is required or permitted by law (such as tax, legal, accounting, or other purposes). For example, if you are a customer, we will keep your personal data for the duration of the contractual relationship you or your company has with us and after the end of that relationship for as long as necessary to perform the functions set forth above or to comply with legal obligations. When we have no justifiable business need to process your personal data, we will either delete or anonymize it, or if this is not possible, we will securely store your personal data and isolate it from any further processing until deletion is possible.
7. User Access and Choice. You are entitled to ask us for a copy of your personal data, to correct it, erase or restrict its processing, or to ask us to transfer (parts of) this data to other organizations. You also have the right to object to certain processing activities, such as the profiling we may perform for the purposes of direct marketing as discussed above in this Policy. Where we have asked for your consent to process your personal data, you have the right to withdraw this consent, for example, by using the opt-out or unsubscribe functionalities in our communications with you. These rights can be limited where we can demonstrate that we have a legal requirement or legitimate basis to process your personal data, and under such circumstances, we are able to retain your data even if you withdraw your consent.
If you wish to make use of any of these rights, please contact our Data Privacy Officer by e-mail or postal mail at the contact information provided below for the Data Privacy Officer or, as applicable, by using opt-out or unsubscribe functionalities in our communications with you. We will respond to your request within 30 days. If you are not satisfied with how we handle such requests or how we otherwise process your personal data, you can seek to have the matter addressed through the dispute resolution program administered by JAMS; for more information on how to initiate a matter with JAMS, please see https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim. If the complaint still remains unresolved, under certain circumstances, it may be possible to invoke binding arbitration as provided for under the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework.
V. Contact Information
If you have any questions regarding this Policy, you can write to Calero’s Data Privacy Officer, who may be contacted by e-mail at email@example.com or by mail at:
Calero Software LLC.
Attn: Data Privacy Officer
40 Torphichen Street
Edinburgh EH3 8JB