We implement appropriate technical and organizational safeguards to protect against unauthorized or unlawful processing of Personal Data and against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data. We are committed to testing, monitoring, and maintaining records related to data security and access controls impacting our Systems that are aligned with industry best practices and commensurate with the size of transactions and collection of Personal Data that we process and transfer. While we cannot fully eliminate security risks associated with the storage, transfer, and transmission of Personal Data, we will endeavor to remain educated and retain the internal and external resource expertise in order to adapt and modify our data protection practices as required by evolving global data security and cyber threats, terrorism, and fraudulent or malicious programs. REAFIT Privacy Shield Information for EU/Swiss Residents
If you reside in a member country of the EU or Switzerland, REAFIT does self-certify that it complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (collectively, "Privacy Shield
") as set out by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data from European Union member countries and Switzerland. REAFIT has self-certified that it adheres to the Privacy Shield Principles of notice, choice, onward transfer (including our Data Processors or other third parties as permitted in this Policy), security, data integrity, access, andenforcement. To learn more about the Privacy Shield program, and to view REAFIT's certification, please visit: https://www.privacyshield.gov/list
Under the Privacy Shield's "Onward Transfer Principle", we may remain liable for the processing of Personal Data of European Union residents that we transfer to our Data Processors or other third party service providers or agents. In certain situations, we may be also required to disclose Personal Data in order to comply with lawful requests from public authorities, including to meet national security or law enforcement purposes.
In order to ensure compliance with the Privacy Shield, we must designate an independent recourse mechanism, so that the complaints or disputes of residents of the EU and Switzerland may be investigated and resolved at no cost to such residents. We have selected the International Centre for Dispute Resolution, which is the international division of the American Arbitration Association ("ICDR-AAA
"), to resolve any disputes or complaints that residents of the EU and Switzerland may raise about this Policy or our violation of applicable laws, rules, or regulations in the handling of Personal Data. For more information on the ICDR-AAA and how to file complaints, please visit: www.icdr.org/privacyshield
. We also would like to inform you that if your dispute or complaint is not resolved either directly with us or through the ICDR-AAA, then under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
Additionally, as required by the Privacy Shield, we must inform all residents of the EU and Switzerland that we are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
Please contact us with any concerns or questions regarding our compliance with the Privacy Shield in any of the manners provided in Section VIII
of this Policy.