TERMS AND CONDITIONS OF USE
Effective date: May 12, 2011
The U.S. Department of Commerce and the European Commission have agreed on a set of data protection principles and frequently asked questions (the “Safe Harbor Principles”) to enable United States (“U.S.”) companies to satisfy the requirement under European Union (“EU”) that adequate protection be given to Personal Information transferred from the EU to the United States. The U.S. Department of Commerce and the Swiss Federal Data Protection and Information Commissioner have agreed on a similar framework. Consistent with its commitment to protect personal privacy, Md7, LLC complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from EU member countries and Switzerland. Md7, LLC has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Md7, LLC’s certification, please visit http://www.export.gov/safeharbor/.
The following definitions apply to our Policy:
“Data Subject” means all living individuals about whom we hold Personal Data.
“Data Controller” means Md7, LLC which is the organization who determines the purposes for which, and the manner in which, any Personal Data is processed and used in our business.
“Data Processor” means any person or organization that processes Personal Data on our behalf.
“Electronic” means relating to technology having electrical, digital, magnetic, wireless, optical, electromagnetic, or similar capabilities.
“Encrypted” means the transformation of data through an algorithmic process or an alternative method that is at least as secure, so that the data can only be accessed with confidential key or password.
“Personal Data” means information (whether stored electronically or in paper based filing systems) relating to a living individual who can be identified from that data (or from that data and other information in our possession). Personal Data does not include information that is encoded or anonymized or publicly available information that has not been combined with non-public personal information.
“Processing” is any activity that involves use of the Personal Data. It includes obtaining, recording or holding the Personal Data, or carrying out any operation or set of operations on the Personal Data including organizing, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring Personal Data to third parties.
“Sensitive Personal Data” means Personal Data that reveals race, national origin, political opinions, religion or philosophical beliefs, or trade union membership, or that concerns criminal convictions, health, marital status, or sexual orientation, preference or activities.
This Policy applies to Personal Data regarding our employees, customers and vendors received by Md7, LLC in the United States from the EEA and Switzerland in any format, including electronic, paper or otherwise.
Administration Of This Policy
Our Chief Technology Officer is responsible for ensuring compliance with the law and with this Policy. Any questions or concerns about the interpretation or operation of this Policy or about what may or may not be done with regard to Personal Data should be taken up in the first instance with the Chief Technology Officer, Md7, LLC, 10590 West Ocean Air Drive, Suite 300, San Diego, CA 92130.
Personal Data we may collect
We may collect and process the following Personal Data:
- Details necessary to perform human resource functions including but not limited to, name, address, date of birth, employee medical information, social security numbers and details, employee drivers license numbers and details, state identification card numbers and details and account numbers and details.
- Other information including Personal Data from customers and vendors may be collected for legitimate business purposes or in order to comply with local, state or federal laws or regulations. This may include information collected though input forms on our website or through other means where individuals or companies may request information about our products and services and provide basic contact and financial information such as name, address, telephone number, email address, income and other financial or non-financial information depending on the expressed need.
- Our website uses “cookies” (which may include session cookies and persistent cookies) and other similar technologies. A cookie is a text file that is anonymously placed on your hard disk by a web page server; a session cookie is deleted once the user exits our website, while a persistent cookie remains after exiting the site. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies or other technologies allow us to monitor certain statistics which help us improve our services. Most web browsers automatically accept cookies, but can be modified to decline cookies if you prefer.
A Special Note About Children’s Privacy
Children are not eligible to use our services. You must be at least 18 years old to use this website and we ask that minors under the age of 18 do not submit any Personal Data to us. We do not knowingly collect, use or disclose Personal Data about visitors under 18 years of age.
Use of Personal Data
We may use Personal Data in the following ways:
- To carry out our obligation arising from contracts of employment, including but not limited to payroll functions and reporting to the Internal Revenue Service or state or local equivalent and enrolling employees in health or other benefit programs.
- To carry out our obligations arising from contracts with vendors and customers, including but not limited to payment authorization, tax reporting, marketing and collection.
- We take reasonable steps to ensure that Personal Data is relevant to its intended use, accurate, complete and current.
- Personal Data may be processed in the United States or other locations where we have operations or offices.
Employees, customers and vendors providing Personal Data to Md7, LLC consent to their Personal Data being processed in this way.
Our Responsibility for Personal Data
We will strive to protect Personal Data:
- We have reasonable security procedures in place so that any Personal Data we hold is kept in accordance with this Policy.
- We maintain security measures and technology to assist us so that Personal Data is not disclosed either orally or in writing or via the internet or by any other means, accidentally or otherwise, to any unauthorized third party.
- We use physical, administrative and technical procedures to limit access to Personal Data as described in this policy.
- Although Md7, LLC uses industry standard efforts to safeguard the confidentiality of your Personal Data when you transmit it over the Internet, such as firewalls and Secure Socket Layers, perfect security does not exist on the Internet
Sensitive Personal Data
Sometimes it is necessary to process Sensitive Personal Data. This may be to ensure that our workplace is a safe place for everyone, or to ensure compliance with federal and/or state laws and regulations such as equal opportunity monitoring. We will give individuals the opportunity to affirmatively and explicitly consent to the processing and disclosure of their Sensitive Personal Data.
Disclosure And Transfer Of Personal Data
Security of Personal Data During Transfer: Where Personal Data is transferred within our organization in the course of performing our duties, the level of security appropriate to the type of Personal Data and anticipated risks will be applied.
Disclosures to third parties: Personal Data will only be transferred to a third-party Data Processor if it agrees to comply with procedures and policies which are compliant with our Policy and procedures regarding data protection, or if that third party puts in place adequate measures which are compliant with the law. We may disclose Personal Data to any member of our company, which means our subsidiaries and affiliated companies.
If you submit a request for a product or other services offered by Md7, LLC then we will share the Personal Data contained in your input request form with a wireless carrier strictly to process and fulfill your request. In some circumstances, Md7, LLC may obtain additional information about you and/or share that information with a wireless carrier.
We may disclose Personal Data to third parties in the event that we sell or buy any business or assets, in which case we may disclose Personal Data to the prospective seller or buyer of such business or assets. We may also disclose Personal Data to third parties for legal purposes, for the protection of Md7 (or any of its partners, employees, third party vendors, independent contractors or affiliates), for the protection of our website, and/or for the protection of other users of our website. Specifically, we reserve the right to disclose Personal Data as allowed by law or share your Personal Data with third parties if required by law to do so, or if we believe such action is necessary to either: (a) conform with the requirements of law enforcement or government agencies in response to subpoenas, court orders, federal/state audits or similar circumstances, or as otherwise required by law, (b) protect or defend our legal rights or property, this website, or other users of this website, or (c) investigate, prevent or take action regarding illegal activities, suspected fraud, or situations involving potential threats to the physical safety of any person.
Transfers overseas: The Personal Data we receive will be held on our computers and systems in the European Union and in the computers and systems of our offices in the United States and may be accessed by or given to our staff working outside the European Union.
Opt-Out: Data Subjects may opt-out of having their information shared with non-agent third parties or having their information used for a purpose other than the purpose for which it was originally collected or subsequently authorized. To opt-out at any time, send written notice to Chief Technology Officer, Md7, LLC, 10590 West Ocean Air Drive, Suite 300, San Diego, CA 92130.
Website Links to Other Sites:
Our website contains links that may direct users to other websites. This Policy applies to information provided to Md7 only. Md7 is not responsible for the privacy practices of or the content contained in other websites that may be accessible by links from our website and the privacy practice on those sites may differ from that of Md7, LLC. We are not responsible for any product or services that you download, purchase, or otherwise receive in any manner or form, from a third party website.
Md7, LLC will not send email communications and advertisements unless you submit your email address to us. Providing your email address to us represents your affirmative consent to receive email communications. To stop receiving emails from Md7, please follow the opt-out instructions below or those included in the email you have received.
Data Subject Access Requests
We provide Data Subjects with reasonable access to the Personal Data we hold about them. To learn what information we hold about you or to correct, amend or delete that information please submit a written request to our Chief Technology Officer at the address above.
Enforcement and Oversight of Our Policy
Md7, LLC will conduct periodic compliance audits of our privacy practices to verify adherence to this Policy and the Safe Harbor principles. We conduct an annual self-assessment of our practices with respect to Personal Data to verify that representations we make about our Personal Data privacy practices are true and that related privacy policies have been implemented as represented. Any employee found to have violated this Policy is subject to disciplinary action, up to and including termination of employment.
Customers, vendors and employees may file a complaint with Md7, LLC in connection with the processing of their Personal Data under the Safe Harbor Principles. We also cooperate with the following dispute resolution bodies to address individuals’ complaints regarding privacy issues: (i) for Customer and vendor complaints, we cooperate with the San Diego office of JAMS, a third party dispute resolution provider, in accordance with its applicable commercial rules; and (ii) for complaints concerning our handling of employee Personal Data, we cooperate with the relevant EU data protection authorities and the Swiss Federal Data Protection and Information Commissioner. We will take steps to remedy any issues arising out of a failure to comply with the Safe Harbor Principles. Please contact us as specified above to address any complaints regarding our Personal Data practices.
Changes in this Policy
© Copyright 2011 by Md7, LLC. All rights reserved.