Privacy Shield Standards
This Privacy Shield Privacy Statement (the “Statement”) sets forth the privacy principles followed by Medgate America Corp., a subsidiary of Cority Software Inc. (“Cority”) in connection with the transfer and protection of “Personal Information” received from the European Union (E.U.) and Switzerland.
About The Privacy Shield Framework
The E.U.-U.S. Privacy Shield Framework was jointly established in 2016 by the United States Department of Commerce and the European Commission (EC) as a method for transferring Personal Information from the E.U. to companies in the United States (U.S.) in compliance with E.U. data protection law. On July 12, 2016, the European Commission ruled the Privacy Shield Framework adequate under E.U. law to govern data transfers between the E.U. and the U.S.
The Privacy Shield program, overseen by the International Trade Administration (ITA) within the U.S. Department of Commerce, is a voluntary self-certification process for U.S. organizations allowing them to reap the benefits of the Framework. Companies seeking to register must make a public commitment to abide by the Privacy Shield principles. That commitment is enforceable under U.S. law.
“Personal Information” means information that can directly or indirectly lead to the identification of a living person, such as an individual’s name, address, e-mail, telephone number, license number, medical identification number, photograph, or other identifying characteristic. The identification can occur by reference to one or more factors specific to the individual’s physical, physiological, mental, economic, cultural or social identity. Personal Information does not include information that has been anonymized, encoded or otherwise stripped of its identifiers, or information that is publicly available, unless combined with other non-public personal information.
This Statement governs Personal Information transferred from countries in the E.U. and Switzerland to the United States on behalf of Cority. It applies to Personal Information in electronic and off-line formats.
Privacy Shield Principles
The following privacy principles apply to the transfer, collection, use or disclosure of Personal Information from the E.U. and Switzerland by Cority.
Notice: Cority informs individuals in the E.U. and Switzerland about the purposes for which it collects and uses their Personal Information, how to contact Cority, the types of third parties with which Cority shares their Personal Information, and the choice and means Cority offers for limiting the use and disclosure of their Personal Information.
Choice: Cority will not process Personal Information about E.U. or Swiss individuals for purposes other than those for which the information was originally obtained or subsequently authorized by the individual unless the individual affirmatively and explicitly consents (“opt-in”) to the processing, or unless an exception applies. Cority also provides E.U. and Swiss individuals with the opportunity to withdraw consent at any time (“opt-out”), in which case their Personal Information will not be further processed.
Consistent with the Privacy Shield supplemental principles, Cority may not be in a position to furnish notice in certain limited situations. Specifically, notice is not required where the processing of E.U. or Swiss Personal Information is necessary to respond to a government inquiry; is required by applicable laws, court orders or government regulations; or is necessary to protect Cority’ legal interests and providing notice would interfere with those interests.
Accountability for Onward Transfers: Cority complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions. Cority will only transfer Personal Information about E.U. and Swiss individuals to third-parties where the third-party (a) has provided satisfactory assurances to Cority that it will protect the information consistently with this Statement; or (b) is located in the E.U. or a country considered “adequate” for privacy by the EC, and therefore is required to comply with the E.U. data protection laws or substantially equivalent privacy laws depending upon where the Personal Information originated. Where Cority has knowledge that a third-party to whom it has provided E.U. or Swiss Personal Information is processing that information in a manner contrary to this Statement, Cority will take reasonable steps to prevent or stop the processing.
Security: Cority takes reasonable precautions to protect E.U. and Swiss Personal Information in its possession from loss, misuse, unauthorized access, disclosure, alteration and destruction.
Data Integrity and Purpose Limitation: Cority seeks to ensure that any Personal Information held about E.U. and Swiss individuals is accurate, complete, current and otherwise reliable in relation to the purposes for which the information was obtained. Cority collects Personal Information that is adequate, relevant and not excessive for the purposes for which it is to be processed. E.U. and Swiss individuals have a responsibility to assist Cority in maintaining accurate, complete and current Personal Information about them.
Access and Correction: Upon written request to Cority, Cority will provide E.U. and Swiss individuals with reasonable access to their Personal Information. Cority will also take reasonable steps to allow E.U. and Swiss individuals to review their information for the purposes of correcting their information. There are certain limitations to the Access and Correction right, as set forth on the Privacy Shield website.
Recourse, Enforcement, and Liability: Cority has established internal mechanisms to verify its ongoing adherence to this Statement. Cority is also subject to the investigatory and enforcement powers of the US federal government, including the Federal Trade Commission (FTC). Cority also encourages individuals covered by this Statement to raise any concerns about our processing of their Personal Information by contacting the appropriate Cority officer at the address below or by contacting their local privacy officer or Legal Department. Cority will seek to resolve any concerns. Cority commits to cooperate with the panel established by the E.U. data protection authorities (DPAs) and to comply with the advice given by the panel with regard to data transferred from the E.U and to cooperate with the Swiss Federal Data Protection and Information Commissioner (FDCIP) and to comply with the advice given by the FDCIP with regard to Swiss individual information transferred. For EU and Swiss individuals: the possibility, under certain conditions, for the individual to invoke binding arbitration as outlined in Annex I of the Arbitration Mechanism in the Privacy Shield Framework.
Limitation On Scope Of Principles: Adherence to these Privacy Principles may be limited to the extent required to meet a legal, governmental, national security or public interest obligation.
Cority Software Inc.
c/o Cority Software Inc.
250 Bloor Street East
Canada M4W 1E5
attn: Chief Security Officer
1 800 276 9120 x226