Effective Date: September 30, 2016
WealthEngine, Inc., a Delaware corporation (“WealthEngine”) hereby declares that it is committed to comply with the EU-U.S. Privacy Shield Framework (the “Privacy Shield” or the “Framework”) enforceable under U.S. law with respect to the collection, use, and retention of personal information transferred by its customers from the European Union (“EU”) to the United States. WealthEngine has certified to the International Trade Administration of the United States Department of Commerce that it adheres to the Framework. For more information, please visit the International Trade Administration of the United States Department of Commerce Privacy Shield Framework website located here. By committing to comply with the Framework, it is WealthEngine’s intent to meet and exceed the adequacy requirement for data protection under EU law.
WealthEngine implements the following Privacy Shield Principles: (i) Notice; (ii) Choice; (iii) Accountability for Onward Transfer; (iv) Security; (v) Data Integrity and Purpose Limitation; (vi) Access; and (vii) Recourse, Enforcement and Liability.
Types of Personal Data Collected.
WealthEngine’s customers determine the types of data they submit to WealthEngine to process on their behalf in the course of using WealthEngine’s wealth analytic services. Personal data provided by customers consists of first and last name, postal address, and possibly email addresses and telephone numbers. In some cases, WealthEngine directly collects this same information from its business users of its services, as well as activities, interactions, preferences and connection information (e.g., IP addresses).
Purposes of Data Processing.
WealthEngine acts only as a data processor with respect to personal information from the EU that it receives from its customers and their authorized users. Accordingly, WealthEngine has no direct relationship with the individuals whose information it receives from its customers, its authorized users or their business partners. WealthEngine does not control such information, does not select or determine the specific types of data that it processes, and does not determine the purpose for which it is processed.
WealthEngine also receives personal data from its customers, prospective customers and business partners for its own sales and marketing activities and internal business operations. WealthEngine determines the purposes and means of processing such information and, in this context, acts as a data controller. WealthEngine similarly acts as a data controller for information it receives as part of its provision of employee benefits and services and which it processes for its own employee administration purposes.
WealthEngine allows individual subjects from the EEA, EU to opt-out of sharing of personal data. Please direct requests to firstname.lastname@example.org if you would like to opt-out. WealthEngine will process opt-out requests in a reasonable period of time.
Disclosure of Personal Data to Third Parties.
WealthEngine may share personal data we collect with a limited number of third parties who process personal data on our behalf to provide WealthEngine’s services, such as subsidiaries, affiliates and subcontractors. WealthEngine may also disclose personal data to service providers contracted to provide services on our behalf. WealthEngine will ensure that the third-party processor, if not, subject to the Privacy Shield Principles will provide at least the same level of protection of personal data as related to the Privacy Shield Principles. WealthEngine will take commercially reasonable steps to prevent the misuse or disclosure of personal data.
Choices and Means to Access, Limit Use and Limit Disclosure of Personal Data.
EU residents have the right to access personal data about them and to request the correction, amendment, removal and/or limitation of the use and disclosure of their personal data processed by WealthEngine. Such requests should be sent by email to email@example.com or by regular mail to:
ATTN: Chief Security Officer
4330 East West Highway, Suite 950
Bethesda, MD 20814
WealthEngine has limited access to data we process on behalf of our customers in connection with our services. Therefore, requests to access, correct, amend, remove and/or limit the use and disclosure of personal data that WealthEngine processes on behalf of its customers should include the name of the WealthEngine customer who submitted your personal data to WealthEngine. We will forward such requests to the identified customer to respond directly to you and we will provide any necessary assistance in that customer’s response to your request.
Dispute Resolution and Arbitration.
If you reside within the EU, any inquiries or complaints regarding WealthEngine’s compliance with the Privacy Shield program should be sent to the WealthEngine email and postal addresses set forth above. WealthEngine will respond within 45 days.
If you do not receive timely acknowledgment of your complaint, or if you cannot resolve your complaint directly with WealthEngine, you can contact the International Centre for Dispute Resolution, the international division of the American Arbitration Association (ICDR/AAA), by visiting its web site at http://info.adr.org/safeharbor. WealthEngine has engaged the ICDR/AAA as an independent dispute resolution provider to address unresolved Privacy Shield complaints.
Under certain conditions, individuals may be able to invoke binding arbitration before the Privacy Shield Panel jointly created by the U.S. Department of Commerce and the European Commission.
Federal Trade Commission Enforcement.
WealthEngine is subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to its compliance with the EU-U.S. Privacy Shield Framework.
Disclosure Requests by Public Authorities.
WealthEngine may be required to disclose your personal data in response to a lawful request by public authorities, including to meet national security or law enforcement requests.
Changes to the Policy.
The WealthEngine Privacy Shield Notice may be amended from time to time, in compliance with the requirements of the Privacy Shield Principles. Changes to this Notice will be posted to this website.