US - EU Safe Harbor Privacy Statement
USinternetworking, Inc. ("USi") adheres to the Safe Harbor Principles administered by the United States Department of Commerce in consultation with the European Commission with respect to personal information within the scope of this Statement.
Scope
USi generally does not collect information directly from individuals within the European Economic Area ("EEA"). USi merely acts as a data processor for its enterprise business customers. This Statement applies to personal information knowingly received and processed by USi in the United States from the EEA, specifically, personal information collected from USi's business clients concerning their employees or customers in the context of the services USi performs.
Definitions
"USi" means USinternetworking, Inc., its predecessors, and successors.
"Personal information" means information that identifies or reasonably may identify a natural person. Personal information does not include anonymized information or aggregate information to the extent an individual's identity cannot reasonably be derived from such information. In addition, USi reserves all rights to use public information or information as to which an individual has given explicit consent for use, consistent with the Safe Harbor Principles.
"Agent" means any third party that processes, collects, or uses personal information pursuant to the instructions of, and solely for the benefit of, USi, or to which USi discloses personal information for use on its behalf.
"Sensitive personal information" means personal information that reveals a natural person's race, ethnic origin, political opinions, religious or philosophical beliefs, criminal record, or trade union membership, or that concerns a natural person's sex life or health.
Privacy Principles
The privacy principles in this Statement are based on and shall be interpreted in a manner not inconsistent with the Safe Harbor Principles.
Notice
USi is contracted by its enterprise clients to implement, host and manage their software applications, which may require USi to process its clients' data for the purpose of enabling or testing the functionality of their software. The client data processed by USi may include personal information about a client's employees, customers or other individuals. This information is controlled by USi's clients and may be processed by USi to facilitate USi's clients' human resources information management and other computer systems' functionality. USi is not responsible for the content of the information it collects, which may include personal information, nor is it responsible for the way its clients treat their employees' or customers' personal information.
Choice
USi generally does not collect information directly from individuals within the EEA. It merely acts as a data processor for its enterprise business clients. If USi does collect information directly from individuals within the EEA, it will, where applicable, offer such individuals the choice to opt out of having their personal information disclosed to a third party that is not an agent or used for a purpose other than for which it was collected originally. Similarly, to the extent its applicable and required by the Safe Harbor Principles, USi will offer individuals from whom it directly collects information the choice to opt in to having their sensitive personal information disclosed to a third party that is not an agent or used for a purpose other than for which it was collected originally.
Onward Transfer
USi will obtain reasonable assurances from its agents that they will safeguard personal information knowingly collected by USi concerning individuals residing in the EEA consistently with this Statement and the Safe Harbor Principles.
Access
Upon an individual's request, if feasible or applicable, USi will offer individuals from whom it directly collects information reasonable access to their personal information and will afford such individuals a reasonable opportunity to correct, amend, or delete inaccurate information. If an employee of one of USi's clients would like to access personal information about him or her that is processed by USi, the employee should make a written request to his or her employer's local human resources representative as well as to USi. For security and business purposes, USi may have to coordinate such a response with its client, the individual's employer. The client or USi, in limited instances, may then contact the employee and ask the employee to provide it with various pieces of personal information to process the request. USi may limit or deny access to personal information where providing such access would be unreasonably burdensome or expensive under the circumstances or as otherwise permitted by the Safe Harbor Principles.
Security
USi will take reasonable measures including technical, physical, and administrative measures and training, as appropriate, to protect personal information it collects and processes from loss, misuse, and unauthorized disclosure, access, alteration, and destruction. USi safeguards information according to established security standards and periodically assesses new technology for methods of protecting information. However, USi cannot guarantee the security of personal information.
Data Integrity
USi will take reasonable measures to verify that personal information it collects and processes is relevant for its intended use, reliable for its intended use, accurate, complete, and current.
Enforcement and Dispute Resolution
USi will conduct periodic assessments to confirm the accuracy of, and verify its adherence to, this Statement. USi will investigate suspected infractions and will take all appropriate action. Any questions, concerns, or complaints concerning the collection and use of personal information by USi should be directed to:
USinternetworking, Inc.
Attention: Security Department
2500 Riva Road
Annapolis, MD 21401-7478
USi will conduct a reasonable investigation of, and will attempt to resolve any complaints in accordance with the principles contained in this Statement. For complaints that cannot be resolved between USi and the complainant, USi agrees to participate in the dispute resolution procedures of the panel established by the European Data Protection Authorities to resolve disputes pursuant to the Safe Harbor Principles.
Limitations
USi's adherence to the Safe Harbor Principles may be limited by its role as a data processor as well as any applicable legal, regulatory, ethical, or public interest consideration, and as expressly permitted or required by any applicable law, rule, or regulation. Examples of such limitations include (1) exceptions to the opt-in requirements for sensitive personal information permitted by Commission Decision 2000/520/EC of 26 July 2000, (2) exceptions on access as permitted by Safe Harbor Principles, or (3) limitations under applicable EEA member state directives. USi also may disclose personal information reasonably related to the sale or disposition of all or part of its business.
Internet Privacy
USi maintains a distinct Internet Privacy Policy governing the privacy of information collected by USi online through its United States Web site, which can he viewed at: http://www.usi.com/privacy-policy.aspx.
Modification of this Safe Harbor Privacy Statement
This Statement may be amended from time to time with or without notice in accordance with the Safe Harbor Principles. Any modified statement will be posted on the company's website for public viewing.
Contact Information
Questions, concerns, or complaints concerning the collection and processing of personal information by USi pursuant to this Safe Harbor Privacy Statement should be directed by mail or electronic mail to the following address.
Karen Wentworth
Vice President, Marketing
USinternetworking, Inc.
2500 Riva Road
Annapolis, MD 21401-7478
Karen.Wentworth@USi.com