Privacy Shield Statement
Effective date: September 24, 2019
BuySafe, Inc. (“BuySafe”, “we” or the “company”) has certified that it complies with and adheres to the EU-US Privacy Shield Framework Principles and the Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce (collectively, the “Privacy Principles”) with respect to the collection, use and retention of personal data we receive from the European Economic Area (“EEA”) or Switzerland in connection with the services we provide to our business customers (“Personal Data”). If there is a conflict between the terms in this Privacy Shield Statement and the Privacy Principles, the Privacy Principles shall govern.
This Privacy Shield Statement explains how BuySafe complies with the Privacy Principles in handling Personal Data. To learn more about the Privacy Shield and to view the BuySafe Privacy Shield certifications, please visit: https://www.privacyshield.gov/.
The Privacy Shield Principles are:
- Accountability for Onward Transfer
- Data Integrity & Purpose Limitation
- Recourse, Enforcement & Liability
Our Privacy Shield certification and this Privacy Shield Statement apply to Personal Data relating to individual consumers that BuySafe in the US receives from the European Economic Area or Switzerland in connection with the Shopping Guarantee (as defined below) (“Personal Data”). Personal Data does not include information that is encoded, anonymized, aggregated or publicly available information that has not been combined with non-public Personal Data.
BuySafe’s Role in Processing Personal data
BuySafe provides a white-labeled shopping guarantee program that enables online merchants to provide their consumers with increased confidence and added value via purchase protection and identity theft protection services (“Shopping Guarantee”).
BuySafe acts as a processor on behalf of the shopping guarantee brand and a sub-processor for the merchant that offers the Shopping Guarantee. This means that BuySafe is a vendor that processes Personal Data on behalf of and on the instructions of the brand or the merchant, respectively. The shopping guarantee brand and the merchant act as data controllers – they control the purposes for which BuySafe processes the data, and are responsible to individuals for the processing of the individuals’ Personal Data.
How We Collect Personal Data
To facilitate the Shopping Guarantee, BuySafe collects and uses information about consumers who may visit or make purchases on participating merchants’ websites. This information includes details about consumers’ computers or mobile devices used to access merchants’ websites, such as the browser type, IP address, pages viewed, and access dates and times. This information also includes transaction details about purchases consumers make on merchant websites, including the date and time of the purchase, the order number, the value of the transaction, and the consumer’s email address.
Consumers may also register for a BuySafe account to access the benefits of the Shopping Guarantee. In this case, BuySafe collects registration and account information, including name, phone number, email address, and postal address.
To the extent that the data described in this section is Personal Data, BuySafe processes this information in accordance with the Privacy Principles, as set forth below.
Notice and Choice
As a processor, BuySafe relies on its business customers – shopping guarantee brands and merchants – to provide notice to individuals regarding our privacy practices associated with the Shopping Guarantee, including the feature that enables merchants to include a product recommendation in the Shopping Guarantee confirmation communication to the merchant’s consumers. BuySafe also has informed its business customers that they are responsible for providing the notice. In addition, we have described our privacy practices in our Product Privacy Notice. We provide the Product Privacy Statement to our business customers, so that they may inform relevant consumers about the privacy practices associated with our products and services.
BuySafe has informed its business customers that they are responsible for providing merchants and consumers with any required privacy choices regarding BuySafe’s use, disclosure and other processing of Personal Data on behalf of the business customer. We do not use Personal Data for purposes other than to provide the Shopping Guarantee. We do not share Personal Data with third parties for those parties’ own purposes, except as follows:
BuySafe may disclose Personal Data without offering individuals choice (i) if required to do so by law or legal process (such as a court order), (ii) in response to a request by law enforcement authorities, or (iii) when BuySafe believes disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity. BuySafe also reserves the right to transfer Personal Information in the event BuySafe sells, merges or transfers all or a portion of our business or assets.
Accountability for Onward Transfer of Personal Data
BuySafe may share Personal Data with third party services providers that perform services on behalf of BuySafe. BuySafe does not authorize these service providers to use or disclose the Personal Data except as necessary to perform services on behalf of BuySafe or BuySafe business customers, or to comply with legal requirements. BuySafe maintains contracts with these providers restricting their access, use and disclosure of Personal Data in compliance with the Privacy Principles, and requiring these providers to appropriately safeguard the privacy and security of the Personal Data they process. BuySafe may be liable if these third parties fail to meet those obligations, and BuySafe is responsible for the event giving rise to the damage. If BuySafe has knowledge that a third party to which it has disclosed Personal Data subject to this Privacy Shield Statement is processing such Personal Data in a way that is inconsistent with the Privacy Principles, or if BuySafe has knowledge that such third party is no longer capable of processing such Personal Data consistent with the Principles, BuySafe will take reasonable and appropriate steps to prevent or stop and remediate such processing.
BuySafe takes reasonable and appropriate measures to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration and destruction.
Data Integrity and Purpose Limitation
BuySafe limits the Personal Data it collects to the Personal Data that is relevant for the purpose(s) for which it is being processed. BuySafe does not use Personal Data for purposes incompatible with the purpose(s) for which it was collected.
In addition, BuySafe takes reasonable steps to ensure that the Personal Data it processes is reliable for its intended use and is accurate, complete and current. BuySafe depends on its business customers and their consumers to provide accurate Personal Data to BuySafe and to correct and keep such Personal Data up to date, or to instruct merchants and consumers to do so.
Consumers who benefit from the Shopping Guarantee may access, correct, or delete their Personal Data by accessing the online account you establish or by contacting us at firstname.lastname@example.org. BuySafe may limit or deny access to Personal Data where providing such access is unreasonably burdensome or expensive under the circumstances, where the rights of persons other than the individual would be violated, or as otherwise permitted by the Privacy Principles.
Recourse, Enforcement and Liability
BuySafe has established procedures for periodically reviewing and verifying the accuracy of this Privacy Shield Statement, for verifying the company’s implementation of and compliance with the Privacy Principles, and for remedying any issues identified during such reviews. BuySafe conducts an annual self-assessment of its Personal Data practices to verify that the attestations and assertions the company makes about its privacy practices are true, that the company’s privacy practices have been implemented as represented, and that any identified issues have been remedied. BuySafe personnel with access to the Personal Data covered by this policy are responsible for conducting themselves in accordance with the policies described in this Privacy Shield Statement, the failure of which may result in disciplinary action up to and including termination.
In compliance with the Privacy Principles, BuySafe commits to resolve complaints about our collection or use of your Personal Data. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield Statement should first contact BuySafe at email@example.com. BuySafe has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgement of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you. If neither BuySafe nor JAMS resolves an individual’s complaint, the individual may have the ability to engage in binding arbitration through the Privacy Shield Panel. Additional information on the arbitration process is available on the Privacy Shield website at https://www.privacyshield.gov/.
US Federal Trade Commission Jurisdiction
BuySafe’s commitments under the Privacy Principles are subject to the jurisdiction and the investigatory and enforcement authority of the United States Federal Trade Commission.
BuySafe may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
How to Contact Us
If you have any questions, comments or concerns about this Privacy Shield Statement, please contact us.