SAFE HARBOR and DATA PRIVACY STATEMENT
NightOwl Document Management Services, Inc. (NightOwl) is a professional services firm providing document management, e-Discovery, and data processing services to law firms, corporations and government agencies. Protecting the privacy of our clients is important to NightOwl. NightOwl adheres to the Safe Harbor Agreements concerning the transfer of personal data from the European Union (“EU”) or Switzerland to the United States of America. Accordingly, NightOwl follows the Safe Harbor Principles published by the U.S. Department of Commerce (“Principles”) with respect to all such data. If there is any conflict between the policies in this statement and the Principles, the Principles will govern. This statement outlines NightOwl’s general policy and practices for implementing the Principles, including the types of information we gather, how we use it, and the choices affected individuals have regarding our use of, and their ability to correct, that information. This statement applies to all personal information we handle (except as noted below), including on-line, off-line, and manually processed data. For purposes of this statement, “personal information” means information that:
- is transferred from the EU or Switzerland to the United States;
- is recorded in any form;
- is about, or pertains to, a specific individual; and
- can be linked to that individual.
It does not include information that pertains to a specific individual, but from which that individual could not reasonably be identified.
Principles Protecting Individuals’ Privacy
Notice and Choice
To the extent permitted by the Safe Harbor Agreement, we reserve the right to process personal information in the course of providing professional services to our clients without the knowledge of individuals involved. Where we collect and process, at the direction of our clients, personal information directly from individuals in the EU or Switzerland, it remains the responsibility of our client to inform the individual of the purposes for which we collect and use it and the types of non-agent third parties to which the information is disclosed. It remains the responsibility of our client to inform those individuals about the choices and means, if any, offered the individuals for limiting the use or disclosure of their information.
Disclosures and Transfers
NightOwl will not disclose an individual’s personal information to third parties unless directed by our client or when one or more of the following conditions are true:
- We have the individual’s permission to make the disclosure;
- The disclosure is required by law or professional standards;
- The disclosure is reasonably related to the sale or disposition of all or part of our business;
- The information in question is publicly available;
- The disclosure is reasonably necessary for the establishment or defense of legal claims; or
- The disclosure is to another NightOwl entity or to persons or entities providing services on our or our client’s behalf (each a “transferee”), consistent with the purpose for which the information was obtained, if the transferee, with respect to the information in question:
- is subject to law providing an adequate level of privacy protection;
- has agreed in writing to provide an adequate level of privacy protection; or
- subscribes to the Principles.
Permitted transfers of information, either to third parties or within NightOwl, include the transfer of data from one jurisdiction to another, including transfers to and from the United States of America. Because privacy laws vary from one jurisdiction to another, personal information may be transferred to a jurisdiction where the laws provide less or different protection than the jurisdiction in which the information originated.
NightOwl takes our clients’ security seriously and undertakes every reasonable step to protect their information. To prevent unauthorized access or disclosure, maintain data accuracy, and ensure the appropriate use and confidentiality of information, either for its own purposes or on behalf of our clients, NightOwl has put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we process. However, we cannot guarantee the security of information on or transmitted via the Internet.
NightOwl processes personal information only in ways compatible with the purpose for which it was collected or subsequently authorized by our clients. To the extent necessary for such purposes, we take reasonable steps to make sure that personal information is accurate, complete, current, and otherwise reliable with regard to its intended use.
Access and Correction
NightOwl processes data under the guidance and direction of our clients. If an individual becomes aware that information we maintain about that individual is inaccurate, or if an individual would like to update or review his or her information, the individual must contact our client and proceed according to that client’s personal information policy.
Enforcement and Dispute Resolution
NightOwl utilizes the self-assessment approach to assure its compliance with our privacy statement. NightOwl periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented, and in conformity with the Principles. We encourage interested persons to raise any concerns with us using the contact information below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this policy. With respect to any complaints relating to this policy that cannot be resolved through our internal processes, we have agreed to participate in the dispute resolution procedures of the panel established by the EU or Swiss data protection authorities to resolve disputes pursuant to the Safe Harbor Principles. In the event that we or such authorities determine that we did not comply with this policy, we will take appropriate steps to address any adverse effects and to promote future compliance.
Privacy Statement Changes
This privacy statement may be changed from time to time, consistent with the requirements of the Safe Harbor. We will post any revised policy on this Web site, or a similar Web site that replaces this Web site.
Information Subject to Other Policies
We are committed to following the Principles for all personal information within the scope of the Safe Harbor Agreement. However, certain information is subject to policies of the firm that may differ in some respects from the general policies set forth in this statement.
- Information relating to present or former NightOwl personnel is subject to our policies concerning personnel data privacy, which are available to present and former NightOwl personnel upon request.
- Information obtained from or relating to clients or former clients is further subject to the terms of any privacy notice to the client, any master services agreement, or statement of work, engagement letter or letters with the client, and applicable laws and professional standards.
To learn more about the Safe Harbor program, and to view NightOwl’s certification, please visit www.export.gov/safeharbor/
How to Contact Us
Questions, comments or complaints about NightOwl’s Safe Harbor Data Privacy Statement or data collection and processing practices can be e-mailed to firstname.lastname@example.org or mailed to Accounting Office, NightOwl Document Management Services, Inc., 724 North First Street, Suite 600, Minneapolis, MN 55401.
Updated March 26, 2014