Privacy Shield Onward Transfer Agreement

For data transfers, we rely on these standard contract clauses. DUFL has also committed to refer unresolved data protection complaints, in accordance with the EU-US data protection shield principles, to BBB EU PRIVACY SHIELD, a US-based alternative dispute resolution provider run by the Council of Better Business Bureaus. If you do not receive timely confirmation of your claim or if your claim is not handled satisfactorily, please www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a claim. DUFL complies with the EU-US data protection shield framework, as established by the US Department of Commerce with regard to the collection, use and storage of personal data in EU Member States. DUFL has certified that it adheres to the Privacy Shield principles of communication, selection, responsibility for transmission, security, data integrity and assignment, access and redress, enforcement and accountability. If there is a conflict between the privacy policies and the Privacy Shield principles, the principles of the data protection shield apply. To learn more about the Privacy Shield program and visit our certification site, please visit www.privacyshield.gov/ DUFL, Inc. („DUFL”) respect your privacy. DUFL has certified that it complies with the principles of the EU-US Data Protection Shield that have been adopted between the US Department of Commerce and the European Commission with regard to the processing of personal data transferred from the European Economic Area (EEA) to the United States (Privacy Shield Principles). This Data Protection Shield Directive („Directive”) outlines our general policies and practices for implementing and complying with the principles of the Personal Data Protection Shield, including how we collect, use and protect personal data. Last October, when the European Court of Justice dismantled the US and EU Safe Harbour framework, it sparked a dispute between the US and EU governments to find an appropriate substitute for the free flow of personal data between continents. What came out was the Privacy Shield Framework — essentially the safe harbor on steroids.

Like the Safe Harbor, the data protection shield allows U.S. companies to certify compliance with existing principles, but by improving data protection and surveillance requirements. As with the Safe Harbor, the principle of data protection shield transmission requires a U.S. company certified under the data protection shield to transmit data to third parties, such as a service provider. B, can only do so if the third party adheres to the appropriate data protection principles. However, the requirements have been expanded beyond the safe harbor. As of 16 July 2020, we are no longer relying on the EU-US data protection shield to transfer data from the EEA or the United Kingdom to the United States. If you have a request regarding our privacy practices regarding our Privacy Shield certification, we advise you to contact us. Google is subject to the investigative and enforcement powers of the U.S. Federal Trade Commission (FTC).

You can also forward a complaint to your local data protection authority and we will work with them to resolve your issues. In certain circumstances, the Privacy Shield Framework provides the right to a mandatory arbitration procedure to resolve complaints that have not been resolved by other means, as outlined in Appendix I of the Data Protection Shield Principles. The result is that if U.S. companies should try to require subprocessors outside the U.S. to apply „the same level of data protection as the Privacy Shield principles,” there may be uncertainty on the part of the parties (and regulators)