Privacy Shield Policy
Axero Holdings LLC (“Axero”) complies with the EU-US Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland transferred to the United States pursuant to the Privacy Shield.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Axero is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.
For the purposes of this Privacy Shield Policy:
“Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
“Customer” means any entity that purchases the Service.
“Customer Data” means the electronic data uploaded into the Service by or for a Customer or its Users.
“EU” means the European Union and Iceland, Liechtenstein, Norway, and Switzerland.
“Personal Data” means any information, including Sensitive Data, that is (i) about an identified or identifiable individual and (ii) received by Axero in the U.S. from the EU in connection with the Service.
“Processor” means any natural or legal person, public authority, agency or other body that processes Personal Data on behalf of a Controller.
“Privacy Shield Principles” means the Principles and Supplemental Principles of the Privacy Shield.
“Sensitive Data” means Personal Data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life, the commission or alleged commission of any offense, any proceedings for any offense committed or alleged to have been committed by the individual or the disposal of such proceedings, or the sentence of any court in such proceedings.
“User” means an individual authorized by Customer to access and use the Service.
III. Types of Personal Data Collected and Purpose
Axero hosts and processes Personal Data to carry out functions and activities at the direction of and pursuant to the instructions of Axero Customers or Users when they purchase our services or products, log-in to their account, request information from us, or otherwise communicate with us. The types of Personal Data from Customers or Users Axero may collect or have access to in connection with include:
- Email address
- Business address
- Business phone number
- Job title
In addition, data collection also occurs, for example, when a Customer visits Axero’s websites.
- Contact information, such as name, company, email address, and telephone number; and
- Personal Data in content Customers provide on Axero’s websites and other data collected automatically through the website (such as IP addresses, browser characteristics, device characteristics, operating system, language preferences, referring URLs, information on actions taken on our website, and dates and times of website visits).
Axero may also obtain Personal Data, such as contact information, such as name, and financial account information, of its Customer’s representatives. Axero uses this information to manage relationships with its Customers, process payments, expenses, and reimbursements, and carry out Axero’s obligations under its contracts with Customers.
Axero notifies Customers and Users about its privacy practices, including the purposes for which it collects and uses Personal Data, the types of Personal Data Axero collects, the types of third parties to which Axero discloses the Personal Data and the purposes for doing so, the rights and choices Customers and Users have for limiting the use and disclosure of their Personal Data, and how to contact Axero about its practices concerning Personal Data.
V. Third Party Disclosures
Axero discloses Personal Data only to Third Parties that include web hosting, payment processors, data analytics, document collaboration services, communication, and survey who reasonably need to know such data. Such recipients must agree to abide by confidentiality obligations. All Third Parties receiving personal information must have a written confidentiality agreement in place between Customer and Third Party and Axero and Third Party that meets or exceeds Privacy Shield standards.
Axero may disclose Personal Data that our Customers and Users provide to our Service:
- To contractors, business partners, and service providers we use to support our Service;
- In the event Axero sells or transfers all or a portion of its business or assets (including in the event of a merger, acquisition, joint venture, reorganization, dissolution or liquidation), in which case Personal Data held by us about our Customers will be among the assets transferred to the buyer or acquirer;
- If required to do so by law or legal process;
- In response to lawful requests from public authorities, including to meet national security, public interest or law enforcement requirements.
Customers and users in the EU and Switzerland have the right to access their Personal Data. If such Personal Data is inaccurate or processed in violation of the Privacy Shield Principles, a Customer or User may also request that the Personal Data be corrected, amended, or deleted.
Pursuant to the Privacy Shield Frameworks, EU and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to firstname.lastname@example.org. If requested to remove data, we will respond within a reasonable timeframe.
Axero may disclose Employee Personal Data and Consumer Personal Data without offering an opportunity to opt out, and may be required to disclose the Personal Data, (c) to third-party Processors the company has retained to perform services on its behalf and pursuant to its instructions, (d) if it is required to do so by law or legal process, or (e) in response to lawful requests from public authorities, including to meet national security, public interest or law enforcement requirements. Axero also reserves the right to transfer Personal Data in the event of an audit or if the company sells or transfers all or a portion of its business or assets (including in the event of a merger, acquisition, joint venture, reorganization, dissolution or liquidation).
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to email@example.com.
VIII. Liability for Onward Transfers
Axero’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Axero remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Axero proves that it is not responsible for the event giving rise to the damage.
In compliance with the Privacy Shield Principles, Axero commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union and Swiss individuals with Privacy Shield inquiries or complaints should first contact Axero at:
Axero Holdings LLC
401 Park Avenue South
New York, NY 10016
Email address: firstname.lastname@example.org
Phone number: +1-855-293-7655
Axero has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU Privacy Shield. If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/privacy-shield-complaints/ for more information and to file a complaint. This service is provided free of charge to you. If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction
Contact details for the EU data protection authorities can be found at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm
X. Changes to this Policy
This Policy may be amended from time to time, consistent with the requirements of the EU-U.S. and Swiss-U.S. Privacy Shield principles. Appropriate public notice will be given concerning such amendments.
Original Certification Date: 4/4/2019
Next Certification Due Date: 5/12/2022