| ISI Telemanagement
Solutions, Inc. (ISI) respects individual
privacy and values the confidence of its customers,
employees, vendors, business partners and others. ISI
strives to collect, use and disclose Personal information
in a manner consistent with the laws of the countries
in which it does business, and has a tradition of upholding
the highest ethical standards in its business practices.
ISI abides by the Safe Harbor Principles developed by
the U.S. Department of Commerce and the European Commission
and the Frequently Asked Questions (FAQs) issued by
the Department of Commerce on July 21, 2000. This Safe
Harbor Privacy Policy (the "Policy") sets
forth the privacy principles that ISI follows with respect
to transfers of Personal information anywhere in the
world, including transfers from the European Economic
Area (EEA) (which includes the twenty-five member states
of the European Union (EU) plus Iceland, Liechtenstein
and Norway to the United States.
1. SAFE HARBOR
The United States Department of Commerce and the European
Commission have agreed on a set of data protection principles
and frequently asked questions (the "Safe Harbor
Principles") to enable US companies to satisfy
the requirement under European Union law that adequate
protection be given to Personal information transferred
from the EU to the United States. The EEA also has recognized
the US Safe Harbor as providing adequate data protection
(OJ L 45, 15.2.2001, p.47). Consistent with its commitment
to protect Personal privacy, ISI adheres to the Safe
Harbor Principles.
ISI has a Privacy Officer who is responsible for ISI's
compliance with and enforcement of this Policy. ISI
educates its employees concerning compliance with this
Policy and has self-assessment procedures in place to
assure compliance. ISI's Privacy Officer is available
to any of its valued employees, customers, vendors,
business partners or others who may have questions concerning
this Policy or data security practices. Relevant contact
information is provided below.
2. SCOPE
This Policy applies to all Personal information received
by ISI in any format including electronic, paper or
verbal. ISI provides customized computer services designed
to help companies manage their telecom facilities more
effectively, increase profitability and reduce operational
costs.
ISI collects and processes call detail records from
customer telephone phone equipment, local and long distance
carriers for the purpose of providing cost allocation,
traffic analysis, fraud notification and other reports
used for management of corporate telecom facilities.
During this process, some or all the following information
may be provided to ISI by the customer based upon the
scope of services to be rendered and local privacy laws:
• Company Name
• Organizational Hierarchy
• Department Name
• Employee Name
• Employee Title
• Telephone or Extension Numbers
• Call Detail Records including; date, time, duration,
number dialed or calling number
Processed call information is made available to customers
via a secured web interface or delivered directly to
authorized customer recipients based upon customer instruction.
ISI does not own or control any of the information it
processes on behalf of ISI's customer. All such information
is owned and controlled by ISI's customer. In this capacity
ISI receives information transferred from the EU to
the US merely as a processor on behalf of its customer
and ISI’s customer remains the data controller.
ISI will not sell or share this information with third
parties unless required to do so by law. On a global
basis, ISI will, and will cause its affiliates to, establish
and maintain business procedures that are consistent
with this Policy.
All Personal information collected by ISI will be
used for legitimate business purposes consistent with
this Policy.
3. PROCESSING CONTRACTS
Before starting any processing on behalf of ISI's customer,
ISI will enter into a processing contract with the EU
data controller responsible for the personal information
pursuant to the applicable EU Member State Data Protection
law.
The processing contract ensures that the EU data controller
(ISI’s customer) will be in compliance with the
Member State Data Protection law. Any data processed
by ISI will not be further disclosed to third parties
except where permitted or required by the processing
contract, EU Safe Harbor or the applicable Member State
Data Protection law. Any information which ISI's customer
(acting as the EU controller) identifies as sensitive
will be treated accordingly.
The processing contract will also specify that the
processing will be carried out with appropriate data
security measures. ISI has in place measures to protect
personal information from loss, misuse, unauthorized
access, disclosure, alteration and destruction..
4. PRIVACY PRINCIPLES
The privacy principles in this Policy are based on the
seven Safe Harbor Principles.
NOTICE: Where ISI collects Personal
information directly from individuals, it will inform
them about the purposes for which it collects and uses
Personal information, the parties to which that information
may be accessible, and the choices and means, if any,
ISI offers individuals for limiting the use and disclosure
of their Personal information. Notice will be provided
in clear and conspicuous language when individuals are
first asked to provide Personal information to ISI,
or as soon as practicable thereafter. ISI may disclose
Personal information if required to do so by law or
to protect and defend the rights or property of ISI.
Inquires or complaints regarding ISI’s adherence
to this policy should be directed to the ISI Privacy
Officer identified in section 5 below.
CHOICE: As Personal information provided
to or collected by ISI is never disclosed to a non-agent
third party, or used for a purpose other than the purpose
for which it was originally collected and as ISI’s
customer controls what level of Personal information
is made available for ISI processing, there is no need
to offer individuals the opportunity to choose (opt-out)
not to have their Personal information disclosed.
ISI will provide individuals with reasonable mechanisms
to exercise their choices should requisite circumstances
arise.
TRANSFERS TO AGENTS: Although it is
ISI’s intent to provide contracted services without
use of Agents, certain circumstance may require the
assistance of a reputable Agent as a subcontractor.
In such circumstances ISI will obtain assurances from
its Agents that they will safeguard Personal information
consistently with this Policy. Where ISI has knowledge
that an Agent is using or disclosing Personal information
in a manner contrary to this Policy, ISI will take reasonable
steps to prevent or stop the use or disclosure. ISI
holds it Agents accountable for maintaining the trust
our employees and customers place in the company.
ACCESS: Upon request, ISI will grant
individuals reasonable access to Personal information
that it holds about them. In addition, ISI will take
reasonable steps to permit individuals to correct, amend
or delete information that is demonstrated to be inaccurate
or incomplete.
SECURITY: ISI will take reasonable
precautions to protect Personal information in its possession
from loss, misuse and unauthorized access, disclosure,
alteration and destruction. ISI protects data in many
ways. Physical security is designed to prevent unauthorized
access to database equipment and hard copies of sensitive
Personal information. Electronic security measures continuously
monitor access to our servers and provide protection
from hacking or other unauthorized access from remote
locations. This protection includes the use of firewalls,
restricted access and encryption technology. ISI limits
access to Personal information and data to those persons
in ISI's organization, or as agents of ISI, that have
a specific business purpose for maintaining and processing
such Personal information and data. Individuals who
have been granted access to Personal information are
aware of their responsibilities to protect the security,
confidentiality and integrity of that information and
have been provided training and instruction on how to
do so.
DATA INTEGRITY: ISI will use Personal
information only in ways that are compatible with the
purposes for which it was collected or subsequently
authorized by the individual. ISI will take reasonable
steps to ensure that Personal information is relevant
to its intended use, accurate, complete and current.
ENFORCEMENT: ISI will conduct internal
compliance audits of its relevant privacy practices
to verify adherence to this Policy and the US Department
of Commerce Safe Harbor Principles. Any employee that
ISI determines is in violation of this Policy will be
subject to disciplinary action up to and including termination
of employment.
5. DISPUTE RESOLUTION
Any questions or concerns regarding the use or disclosure
of Personal information should be directed to the ISI
Privacy Officer at the address given below. ISI will
investigate and attempt to resolve complaints and disputes
regarding use and disclosure of Personal information
in accordance with the principles contained in this
Policy. For complaints that cannot be resolved between
ISI and the complainant, ISI agrees to participate in
a dispute resolution procedure with an independent,
third party service to resolve the complaint.
Submit written inquiries to:
ISI Telemanagement Solutions, Inc.
1051 Perimeter Drive, Suite 200
Schaumburg, Illinois USA 60173
Attention: Daniel R. Mueller, Privacy Officer
Or send via email to:
privacyofficer@isi-info.com
6. CHANGES TO THIS SAFE HARBOR PRIVACY POLICY
The practices described in this Policy are current Personal
data protection policies as of August 04, 2004. ISI
reserves the right to modify or amend this Policy at
any time consistent with the requirements of the Safe
Harbor Principles. Appropriate public notice will be
given concerning such amendments. |
