1. SAFE HARBOR
The United States Department of Commerce and the European Commission have agreed on a set of data protection principles and frequently asked questions (the "Safe Harbor Principles") to enable US companies to satisfy the requirement under European Union law that adequate protection be given to Personal information transferred from the EU to the United States. The EEA also has recognized the US Safe Harbor as providing adequate data protection (OJ L 45, 15.2.2001, p.47). Consistent with its commitment to protect Personal privacy, ISI adheres to the Safe Harbor Principles.
ISI has a Privacy Officer who is responsible for ISI's compliance with and enforcement of this Policy. ISI educates its employees concerning compliance with this Policy and has self-assessment procedures in place to assure compliance. ISI's Privacy Officer is available to any of its valued employees, customers, vendors, business partners or others who may have questions concerning this Policy or data security practices. Relevant contact information is provided below.
This Policy applies to all Personal information received by ISI in any format including electronic, paper or verbal. ISI provides customized computer services designed to help companies manage their telecom facilities more effectively, increase profitability and reduce operational costs.
ISI collects and processes call detail records from customer telephone phone equipment, local and long distance carriers for the purpose of providing cost allocation, traffic analysis, fraud notification and other reports used for management of corporate telecom facilities. During this process, some or all the following information may be provided to ISI by the customer based upon the scope of services to be rendered and local privacy laws:
- Company Name
- Organizational Hierarchy
- Department Name
- Employee Name
- Employee Title
- Telephone or Extension Numbers
- Call Detail Records including; date, time, duration, number dialed or calling number
Processed call information is made available to customers via a secured web interface or delivered directly to authorized customer recipients based upon customer instruction. ISI does not own or control any of the information it processes on behalf of ISI's customer. All such information is owned and controlled by ISI's customer. In this capacity ISI receives information transferred from the EU to the US merely as a processor on behalf of its customer and ISI’s customer remains the data controller.
ISI will not sell or share this information with third parties unless required to do so by law. On a global basis, ISI will, and will cause its affiliates to, establish and maintain business procedures that are consistent with this Policy.
All Personal information collected by ISI will be used for legitimate business purposes consistent with this Policy.
3. PROCESSING CONTRACTS
Before starting any processing on behalf of ISI's customer, ISI will enter into a processing contract with the EU data controller responsible for the personal information pursuant to the applicable EU Member State Data Protection law.
The processing contract ensures that the EU data controller (ISI’s customer) will be in compliance with the Member State Data Protection law. Any data processed by ISI will not be further disclosed to third parties except where permitted or required by the processing contract, EU Safe Harbor or the applicable Member State Data Protection law. Any information which ISI's customer (acting as the EU controller) identifies as sensitive will be treated accordingly.
The processing contract will also specify that the processing will be carried out with appropriate data security measures. ISI has in place measures to protect personal information from loss, misuse, unauthorized access, disclosure, alteration and destruction..
4. PRIVACY PRINCIPLES
The privacy principles in this Policy are based on the seven Safe Harbor Principles.
NOTICE: Where ISI collects Personal information directly from individuals, it will inform them about the purposes for which it collects and uses Personal information, the parties to which that information may be accessible, and the choices and means, if any, ISI offers individuals for limiting the use and disclosure of their Personal information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal information to ISI, or as soon as practicable thereafter. ISI may disclose Personal information if required to do so by law or to protect and defend the rights or property of ISI.
Inquires or complaints regarding ISI’s adherence to this policy should be directed to the ISI Privacy Officer identified in section 5 below.
CHOICE: As Personal information provided to or collected by ISI is never disclosed to a non-agent third party, or used for a purpose other than the purpose for which it was originally collected and as ISI’s customer controls what level of Personal information is made available for ISI processing, there is no need to offer individuals the opportunity to choose (opt-out) not to have their Personal information disclosed.
ISI will provide individuals with reasonable mechanisms to exercise their choices should requisite circumstances arise.
TRANSFERS TO AGENTS: Although it is ISI’s intent to provide contracted services without use of Agents, certain circumstance may require the assistance of a reputable Agent as a subcontractor. In such circumstances ISI will obtain assurances from its Agents that they will safeguard Personal information consistently with this Policy. Where ISI has knowledge that an Agent is using or disclosing Personal information in a manner contrary to this Policy, ISI will take reasonable steps to prevent or stop the use or disclosure. ISI holds it Agents accountable for maintaining the trust our employees and customers place in the company.
ACCESS: Upon request, ISI will grant individuals reasonable access to Personal information that it holds about them. In addition, ISI will take reasonable steps to permit individuals to correct, amend or delete information that is demonstrated to be inaccurate or incomplete.
SECURITY: ISI will take reasonable precautions to protect Personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction. ISI protects data in many ways. Physical security is designed to prevent unauthorized access to database equipment and hard copies of sensitive Personal information. Electronic security measures continuously monitor access to our servers and provide protection from hacking or other unauthorized access from remote locations. This protection includes the use of firewalls, restricted access and encryption technology. ISI limits access to Personal information and data to those persons in ISI's organization, or as agents of ISI, that have a specific business purpose for maintaining and processing such Personal information and data. Individuals who have been granted access to Personal information are aware of their responsibilities to protect the security, confidentiality and integrity of that information and have been provided training and instruction on how to do so.
DATA INTEGRITY: ISI will use Personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. ISI will take reasonable steps to ensure that Personal information is relevant to its intended use, accurate, complete and current.
ENFORCEMENT: ISI will conduct internal compliance audits of its relevant privacy practices to verify adherence to this Policy and the US Department of Commerce Safe Harbor Principles. Any employee that ISI determines is in violation of this Policy will be subject to disciplinary action up to and including termination of employment.
5. DISPUTE RESOLUTION
Any questions or concerns regarding the use or disclosure of Personal information should be directed to the ISI Privacy Officer at the address given below. ISI will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal information in accordance with the principles contained in this Policy. For complaints that cannot be resolved between ISI and the complainant, ISI agrees to participate in a dispute resolution procedure with an independent, third party service to resolve the complaint.
Submit written inquiries to:
- ISI Telemanagement Solutions, Inc.
- 1051 Perimeter Drive, Suite 200
- Schaumburg, Illinois USA 60173
- Attention: Daniel R. Mueller, Privacy Officer
The practices described in this Policy are current Personal data protection policies as of August 04, 2004. ISI reserves the right to modify or amend this Policy at any time consistent with the requirements of the Safe Harbor Principles. Appropriate public notice will be given concerning such amendments.