Volt Athletics Privacy Shield Policy
Effective Date: April 14, 2020
Volt Athletics, Inc. ("Volt," "our," "we" or "us") complies with the EU-US Privacy Shield Framework and Swiss-U.S. Privacy Shield Frameworks administered by the US Department of Commerce (together "Privacy Shield") regarding the collection, use and retention of EU Personal Data (as defined below). This means that Volt certified that it adheres to the principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access and Recourse, Enforcement and Liability as defined in the Privacy Shield ("Privacy Shield Principles"). If there is any conflict between the terms in this Privacy Shield Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.
For purposes of enforcing compliance with the Privacy Shield, Volt is subject to the investigatory and enforcement authority of the US Federal Trade Commission. For more information about the Privacy Shield, see the US Department of Commerce’s Privacy Shield website located at: https://www.privacyshield.gov.
In this Privacy Shield Policy:
“Customer” means any individual or entity that purchases Services from Volt.
“Customer End User” means an individual whose information is stored on a Customer’s systems.
“EU Personal Data” means any information relating to a User that identifies or can be used to identify that User, either separately or in combination with other readily available data that is received by Volt in the U.S. from the EEA or Switzerland in connection with the Services.
“Sensitive Personal Data” means EU Personal Data regarding an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, physical or mental health, or sexual life.
“Services” means a Volt website, mobile application, and related support services.
“Standard Contractual Clauses” means the standard data protection clauses for the transfer of EU Personal Data to processors established in third countries which do not ensure an adequate level of data protection, as described in Article 46 of the GDPR.
“User” means an individual authorized by a Customer to access and use the Services or a Customer End User whose personal data is processed by the Services.
Volt commits to comply with the Privacy Shield Principles with respect to the EU Personal Data received from Customers and Users in connection with the use of the Services. This Privacy Shield Policy does not apply to EU Personal Data transferred under Standard Contractual Clauses or any approved derogation under EU data protection law.
3. Privacy Shield Principles
Volt commits to processing EU Personal Data in accordance with the Privacy Shield Principles as follows:
All EU Personal Data is collected to operate, send marketing, manage and improve the Services, and ensure the technical functionality and security of the Services. Before Volt uses EU Personal Data for a purpose that is materially different from the purpose for which Volt collected it or that was later authorized, Volt will provide Users with the opportunity to opt out.
Volt shares EU Personal Data collected through the Services with third parties that Volt engages to help us operate the Services, improve our business or the Services, to provide Services to us (such as web hosting, data storage and similar administrative services), and to market to current and prospective Customers.
When Volt collects Sensitive Personal Data, Volt will obtain opt-in consent if Privacy Shield requires, including before Sensitive Personal Data is used for a different purpose than that purpose for which it was collected or later authorized.
Please send requests to opt out of uses or disclosures of EU Personal Data to email@example.com.
3.3. Accountability for Onward Transfer
If Volt transfers EU Personal Data covered by this Privacy Shield Policy to a third party, Volt takes reasonable and appropriate steps to ensure that each third party transferee processes EU Personal Data transferred in a manner consistent with Volt’s obligations under the Privacy Shield Principles. Volt will ensure that each transfer is consistent with any notice provided to Customers and Users and any consent they have given. Volt requires a written contract with any third party receiving EU Personal Data that ensures that the third party (i) processes the EU Personal Data for limited and specified purposes consistent with any consent provided by Customers and Users, (ii) provides at least the same level of protection as is required by the Privacy Shield Principles, (iii) notifies Volt if it cannot comply with Privacy Shield; and (iv) ceases processing EU Personal Data or takes other reasonable and appropriate steps to remediate.
Under certain circumstances, Volt may be required to disclose EU Personal Data in response to valid requests by public authorities, including for national security or law enforcement requirements.
Volt remains liable under the Privacy Shield Principles if an agent processes EU Personal Data covered by this Privacy Shield Policy in a manner inconsistent with the Privacy Shield Principles unless Volt is not responsible for the event giving rise to the damage.
Volt takes reasonable and appropriate measures to protect EU Personal Data covered by this Privacy Shield Policy from loss, misuse and unauthorized access, disclosure, alteration and destruction. In determining these measures, Volt takes into account the risks involved in the processing and the nature of the EU Personal Data.
3.5. Data Integrity and Purpose Limitation
Volt takes reasonable steps to ensure that such EU Personal Data is reliable for its intended use, accurate, complete and current. Volt adheres to the Privacy Shield Principles for as long as it retains EU Personal Data in identifiable form. Volt takes reasonable and appropriate measures to comply with the requirement under the Privacy Shield to retain EU Personal Data in identifiable form only for as long as it serves a purpose of processing.
Volt limits the collection of EU Personal Data covered by this Privacy Shield Policy to information that is relevant for the purposes of processing. Volt does not process EU Personal Data in a way that is incompatible with the purpose for which it was collected or subsequently authorized by a Customer or User.
A User whose EU Personal Data is covered by this Privacy Shield Policy has the right to access his or her EU Personal Data and to correct, amend or delete the EU Personal Data if the EU Personal Data is inaccurate or processed in violation of the Privacy Shield Principles. Volt is not required to grant the rights to access, correct, amend and delete EU Personal Data if the burden or expense of providing access, correction, amendment or deletion is disproportionate to the risks to the User’s privacy or if the rights of persons other than the User are or could be violated.
Please send requests for access, correction, amendment or deletion to firstname.lastname@example.org.
3.7. Recourse, Enforcement, and Liability
In compliance with the Privacy Shield Principles, Volt commits to resolve complaints about your privacy and our collection or use of your EU Personal Data. Please first contact Volt with inquiries or complaints regarding this Privacy Shield Policy at email@example.com.
Volt has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to the International Centre for Dispute Resolution, an independent dispute resolution mechanism operated by the American Arbitration Association. If your complaint is not satisfactorily addressed, please visit http://go.adr.org/privacyshield.html for more information and to file a complaint. Please contact us at firstname.lastname@example.org to be directed to the relevant Data Protection Authority contacts.
Under certain conditions detailed in the Privacy Shield, a User may be able to invoke binding arbitration before the Privacy Shield Panel created by the U.S. Department of Commerce and the European Commission. To learn more, please see Privacy Shield Framework Annex I (Binding Arbitration) at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
Volt commits to periodically review and verify its compliance with the Privacy Shield Principles and to remedy any issues arising out of failure to comply with the Privacy Shield Principles. Volt acknowledges that its failure to provide an annual self-certification to the U.S. Department of Commerce will remove it from the Department’s list of Privacy Shield participants.
4. Changes to this Privacy Shield Policy
Volt may amend this Privacy Shield Policy consistent with the requirements of the Privacy Shield, including notice about any amendment.
5. How to Contact Volt
If you have any questions about this Privacy Shield Policy or would like to request access to your EU Personal Data, please contact us as follows:
Volt Athletics, Inc.
Subject: EU Data Privacy
Attention: Data Protection Officer
701 N 36th St. #450
Seattle, WA, 98103