Privacy Shield Policy

TRUSTe


MiTek Industries, Inc.
Processor Privacy Policy

Effective 1/17/2019 

MiTek Industries, Inc. and MiTek USA, Inc. (“MiTek”) respect your privacy and are committed to safeguarding and protecting your privacy in connection with the processing of personal information. MiTek may process your personal information for a variety of reasons. This Privacy Policy contains important information regarding MiTek's privacy practices and the choices it offers individuals with respect to their personal information. If you choose to provide us with personal information, you are telling us that you have read, fully understand, and accept the privacy practices summarized in this Privacy Policy and consent to all actions that are consistent with and described in this Privacy Policy. We encourage you to read this Privacy Policy in its entirety to understand MiTek's privacy practices before submitting any personal information for processing to MiTek. 

Information Collected on behalf of our EU Affiliates 

This Privacy Policy covers information being processed on behalf of our EU Affiliates through their websites www.mitek.co.uk; www.mitek.cz; www.mitek.de; www.mitek.fi; www.mitek.fr; www.mitek.pl; www.posi-palkki.fi; www.mitek.hu; and www.mitekbaltic.lv, and their mobile applications hosted on our web services platform. The use of information collected through our web services shall be limited to the purpose of providing the service for which the EU Affiliate has engaged MiTek.

MiTek has no direct relationship with the individuals whose personal data it processes on behalf of its EU Affiliates. If you are a customer of one of our EU Affiliates and would no longer like to be contacted by one of our EU Affiliates that use our service, please contact the EU Affiliate that you interact with directly. We may transfer personal information to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements with our EU Affiliates.

MITEK PRIVACY SHIELD PRIVACY POLICY

MiTek Industries, Inc. and MiTek USA, Inc. (“MiTek”) respect and protect individual privacy. This Privacy Shield and Swiss Privacy Shield Privacy Policy (“Policy”) describes the principles MiTek follows with respect to the transfer of Personal Information from the European Economic Area (“EEA”) that we process on behalf of our EU Affiliates (which includes the twenty-seven Member States of the European Union (“EU”) plus Iceland, Liechtenstein, and Norway), and from Switzerland, to the United States. 

The United States Department of Commerce and the European Commission have established a program (the “Privacy Shield”) that entails certain agreed-upon privacy protection principles (“EU-US Privacy Shield Principles”) to enable U. S. companies to satisfy EU law requirements for adequate protection of Personal Information transferred from the EU to the United States. The United States Department of Commerce and the Federal Data Protection and Information Commissioner (“FDPIC”) of Switzerland have agreed on a similar set of principles (“Swiss-US Privacy Shield Principles”) to enable U. S. companies to satisfy the requirement under Swiss law that adequate protection be given to personal information transferred from Switzerland to the United States. MiTek is committed to adhering to these Privacy Shield Principles in respect to the information we process on behalf of our EU Affiliates. 

MiTek participates in the Privacy Shield and has certified that it adheres to the Privacy Shield Principles of Notice; Choice; Accountability for Onward Transfer; Security; Data Integrity and Purpose Limitation; Access; and Recourse, Enforcement, and Liability. MiTek's practices with respect to each of these Privacy Shield Principles are detailed below. If there is a conflict between the privacy practices covered in this Policy and the Privacy Shield Principles with respect to Personal Information transferred for Processing from the EEA/EU and Switzerland, the Privacy Shield Principles shall prevail. To learn more about the Privacy Shield, the Privacy Shield Principles, the requirements for participating companies, such as MiTek, and to view MiTek's certification, please visit   https://www.privacyshield.gov/list.

MiTek is responsible for the processing of personal data it receives, under the Privacy Shield, and subsequently transfers to a third party acting as an agent on its behalf. MiTek complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.  With respect to personal data received or transferred pursuant to the Privacy Shield, MiTek is subject to the regulatory enforcement powers of the U. S. Federal Trade Commission. In certain situations, MiTek may be required to disclose personal data in response to lawful requests by public authorities, including meeting national security or law enforcement requirements. 

Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. 

DEFINITIONS

Agent means any third party that processes Personal Information under the instructions of, and solely for, MiTek or to which MiTek discloses Personal Information for processing on behalf MiTek's EU Affiliates.

Personal Information means information that identifies or can be used by or on behalf of MiTek EU Affiliates to identify an individual. This may take the form of an employee identification number, name, title, office/work location, e-mail address, payment information, telephone number(s), photo, department, reporting hierarchy, or home address. Personal Information does not include “Usage Data,” which we define as encoded information, aggregate information, anonymized information, or information that is publicly available and not combined with non-public personal information.

Sensitive Personal Information means Personal Information that may reveal race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, views or activities, that concerns mental or physical health or sexual orientation, that regards social security benefits, information on criminal or administrative proceedings and sanctions other than in the context of pending proceedings, or biometric information. In addition, MiTek will treat as Sensitive Personal Information any information received from an EU Affiliate where that EU Affiliate treats and identifies the information as sensitive. 

NOTICE:. If MiTek receives Personal Information from its EU Affiliates in the EEA or Switzerland, MiTek's use and disclosure of such data will adhere to the notices provided by such entities and the choices made by the individuals to whom the Personal Information relates.

CHOICE: For any Personal Information, MiTek does not share the information it processes on behalf of its EU Affiliates with third parties that are not service providers or agents. 

ACCOUNTABILITY FOR ONWARD TRANSFERS: MiTek may transfer Personal Information to its Agents, such as an email service provider, platform hosting provider, payment processor, vendor, and service providers, as required for normal business operations. If MiTek transfers data to its Agents, MiTek will engage such  Agents in data processing contracts to ensure the same level of privacy protection as is required by the Privacy Shield Principles is applied and will take reasonable and appropriate steps to ensure that any such Agent is processing Personal Information in a manner consistent with MiTek's obligations under the Privacy Shield. MiTek will require any Agents to notify MiTek if that Agent determines it is unable to provide the same level of privacy protection as is required by the Privacy Shield Principles. To the extent that MiTek is made aware of the unauthorized processing of Personal Information, it will take reasonable and appropriate steps to stop and remediate the unauthorized processing. MiTek remains potentially liable under the Privacy Shield Principles if Agents that it engages to assist with processing Personal Information on its behalf do so in a manner inconsistent with the Privacy Shield Principles, unless MiTek proves that it is not responsible for the event giving rise to the damage.

ACCESS: An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his or her query to the relevant MiTek EU Affiliate (the data controller). If requested by said EU Affiliate to correct, amend, or delete data, we will respond within a reasonable timeframe.

We will retain personal data we process on behalf of our EU Affiliate for as long as needed to provide services to our EU Affiliate. MiTek will retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

SECURITY: MiTek will take reasonable and appropriate precautions including physical, technical, and administrative measures to protect Personal Information it processes from loss, misuse, unauthorized access, disclosure, tampering, alteration and unauthorized destruction. MiTek follows generally accepted security standards in our operations to protect the security of your Personal Information during processing, both internally and from outsiders, and to ensure the integrity of the Personal Information it processes, taking into account the relative risks involved and the nature of the Personal Information in question. Unfortunately, with any transmission over the Internet, there is always some element of risk involved.

DATA INTEGRITY AND PURPOSE LIMITATION: MiTek will provide processing for Personal Information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. 

ENFORCEMENT: MiTek will audit its privacy processes and practices to verify compliance with this Policy and will correct deficiencies. Any MiTek employee that MiTek determines has intentionally violated this Policy will be subject to disciplinary action up to and including termination. Further, MiTek is subject to the investigatory and enforcement powers of the U. S. Federal Trade Commission. 

DISPUTE RESOLUTION: Individuals can resolve their questions or complaints regarding use of Personal Information in accordance with this Policy. MiTek encourages interested persons to raise any concerns using the MiTek contact information provided below. MiTek will investigate and attempt to resolve any complaints and disputes regarding use or disclosure of Personal Information in accordance with the principles contained in this Policy. If a complaint or dispute cannot be resolved through MiTek's internal process, MiTek has agreed to the following dispute resolution procedures: 

1. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U. S. -based third party dispute resolution provider (free of charge) at  https://feedback-form.truste.com/watchdog/request

2. For disputes involving employment-related Personal Information received by MiTek from the EEA, MiTek has agreed to cooperate with EEA/EU data protection authorities (“DPAs”) and to participate in the dispute resolution procedures of the panel established by the European data protection authorities. 

3. For disputes involving employment-related Personal Information received by MiTek from Switzerland, MiTek has agreed to cooperate with the Swiss FDPIC. 

Please note that if your complaint is not resolved through these channels, under limited circumstances, as more fully described on the Privacy Shield website, a binding arbitration option may be available before a Privacy Shield Panel. 

MITEK CONTACT INFORMATION: Parties may address their questions, comments, or complaints to the MiTek at the following address: 

MiTek USA, Inc. 
Attn: Privacy Manager
16023 Swingley Ridge Road
Chesterfield, MO 63017 USA
ExternalPrivacyManager@mii.com

UPDATES TO THIS POLICY: We may update this Privacy Policy to reflect changes to our information practices. If we make any material changes we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this website prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.