Personal information that is transferred to Vocus in the United States from the EU falls under one of the following three situations:
Processor on Behalf – Vocus provides corporate communications software designed to help companies automate workflow and manage media information more effectively. Vocus does not own or control any of the information it processes on behalf of Vocus’ customer. All such information is owned and controlled by Vocus’ customer. In this capacity, Vocus receives information transferred from the EU to the United States merely as a processor on behalf.
Data Controller – Vocus also provides business information products designed to help companies market themselves more successfully. In this function, Vocus acts as a data controller of the personal information contained in these information products.
Personal Data Collection – Vocus may, in certain instances, itself collect data to improve its processes and products. This data collection is designed primarily to update Vocus database of media contacts and to monitor the efficacy of various types of information distributed using Vocus software or other products.
Vocus has appointed a privacy officer who is responsible for the internal supervision of Vocus’ privacy policies and data security. Vocus is committed to educating its customers and associates (employees) in the United States and in the EU about the issues, guidelines and laws surrounding compliance with EU Safe Harbor.
Vocus’ privacy officer and its legal team are available to any associate (employee) who may have questions concerning Vocus’ EU Safe Harbor privacy policies or data security practices.
Since the requirements for compliance with EU Safe Harbor vary depending on whether Vocus is acting as a processor on behalf of Vocus’ customer or a data controller, Vocus’ policies and manner of compliance are described separately below.
Vocus as a Processor on Behalf – When Vocus acts as a processor on behalf of its customer, the policies outlined below apply to all data processing operations concerning personal information that has been transferred from the EU to the United States.
Processing Contracts – Before starting any processing on behalf of Vocus’ customer, Vocus will enter into a processing contract with the EU data controller responsible for the personal information pursuant to the applicable EU Member State Data Protection law.
The processing contract ensures that the EU data controller will be in compliance with the Member State Data Protection law. Any data processed by Vocus will not be further disclosed to third parties except where permitted or required by the processing contract, EU Safe Harbor or the applicable Member State Data Protection law. Any information which Vocus’ customer (acting as the EU controller) identifies as sensitive will be treated accordingly.
The processing contract will also specify that the processing will be carried out with appropriate data security measures. Vocus has in place measures to protect personal information from loss, misuse, unauthorized access, disclosure, alteration and destruction.
As a processor on behalf of Vocus’ customer (who is the EU controller), Vocus is not required to apply other EU Safe Harbor Principles to the personal information received for processing from a customer.
Vocus as a Data Controller or Data Collector – When Vocus acts as a data controller or data collector of personal information, the policies outlined below apply to all personal information that has been transferred from the EU to the United States.
Vocus develops and maintains databases containing personal information on European media contacts from a number of EU Member States. In instances where Vocus is a data controller, the information for these databases is developed from public records and from information acquired through information providers. In instances where Vocus is a data collector, the information for these databases is developed from email, telephone, or other responses by media contacts. None of these databases contain any information defined as sensitive by any national law of an EU Member State (e.g., the databases do not include information about race, religion, sexual orientation, and so forth).
Vocus’ databases contain information which is provided to qualified businesses for marketing and media relations purposes.
Vocus may also use Web beacons or other unique identifiers to allow it to determine which messages or elements of a media campaign generate responses. This allows Vocus software to gauge the effectiveness of certain communications. Vocus will, as a service to its clients, provide data regarding the campaign effectiveness; such information is designed to make more efficient the process of transmitting and receiving media campaign information.
As either a data controller or data collector, Vocus is required to comply with all principles of the EU Safe Harbor.
Notice – Prior to the transfer of any non-public personal information from the EU to the United States, Vocus requires contractual confirmation from the EU controller from whom Vocus acquired the information that the data subjects from whom the information was derived have been provided with proper notice pursuant to the applicable EU member state data protection law.
As indicated above, Vocus may collect information to maintain and update its database, improve its products, and provide information to its clients.
Choice – Prior to the transfer of any non-public personal information from the EU to the United States, Vocus requires contractual confirmation from the EU controller from whom Vocus acquired the information that the data subjects from whom the information was derived have been provided with the choice to determine how their information may be used pursuant to the applicable EU member state data protection law.
In addition, Vocus will, upon request, remove an individual’s name and related information from its information products.
In order to request that Vocus not use an individual’s non-public personal information, such individual should contact Vocus’ consumer advocate at the address provided below or by sending an email to us at email@example.com.
Written communication should be addresses as follows:
Consumer Advocate EU Safe Harbor Opt-Out Vocus, Inc. 12051 Indian Creek Court Beltsville, MD 20705 USA
Prior to making any alterations in its information, Vocus will require that individuals confirm their identity.
Data Integrity – Vocus takes reasonable steps to assure the information which is transferred from the EU to the United States is reliable, accurate and complete. The steps Vocus takes to assure data integrity are made in light of the purposes for which the personal information is used.
Onward Transfer – Vocus complies with the notice and choice principles as described above for all data which is disclosed or transferred to a third party.
Vocus may from time to time use agents to perform processing tasks on behalf and under the instruction of Vocus. Vocus requires that its agents either:
Subscribe to the EU Safe Harbor Principles, the EU Data Protection Directive or another adequacy finding; or
Enter into a written agreement with Vocus requiring them to provide the same level of protection as Vocus.
Security – Vocus will take reasonable precautions to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction. Vocus limits access to personal information and data to those persons in Vocus’ organization, or agents of Vocus, that have a specific business purpose for maintaining and processing such information and data. Individuals who have been granted access to personal information are aware of their responsibilities to protect the security, confidentiality and integrity of that information.
Any security compromises or potential security compromises and any inquiries concerning security should be reported to the Vocus consumer advocate. Contact information is provided below.
Access – An individual may make a request to Vocus for access to the information Vocus maintains in its information products. The individual has the right to receive confirmation from Vocus as to whether or not data relating to him/her is found in Vocus’ information products and to correct, amend, or delete that information when it is inaccurate. This right only applies to personal information relating to the individual making the request and is subject to other limitations as defined by law.
Individuals who wish to make an access request should direct such a request to Vocus’ Consumer Advocate in Vocus’ consumer affairs department at the address provided below or by sending an email to us at firstname.lastname@example.org.
Written communication should be addressed as follows:
12051 Indian Creek Court
Belstville, MD 20705 USA
Vocus’ consumer advocate will explain the process to be followed by any individual making an access request. In order to confirm the identity of the individuals requesting access, Vocus will require that individuals provide sufficient information to confirm their identity.
Vocus agrees to process all reasonable requests for access within a reasonable time period, but reserves the right to deny access or limit access in cases where the burden or cost of providing access would be disproportionate to the risks to the individual’s privacy or in the case of a vexatious or fraudulent request.
Enforcement – Individuals who wish to file a complaint or who take issue with Vocus’ EU Safe Harbor policies should direct such communication to Vocus’ consumer advocate via email or written communication as described above. Vocus’ consumer advocate will explain the process to be followed when filing a complaint. Filing a complaint in English will expedite the process.
Vocus will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy. For complaints that cannot be resolved between Vocus and the complainant, Vocus has agreed to participate in the dispute resolution procedures of the panel established by the European data protection authorities to resolve disputes pursuant to the Safe Harbor Principles.
Vocus is also subject to the jurisdiction of the U.S. Federal Trade Commission. The Federal Trade Commission may be contacted at the following address:
Changes to this Safe Harbor Policy
The practices described in this policy are current personal data protection policies as of March 1, 2003. Vocus reserves the right to modify or amend this policy at any time consistent with the requirements of the Safe Harbor Principles. Appropriate public notice will be given concerning such amendments.