EU-US PRIVACY SHIELD FRAMEWORK
Rosetta Stone Ltd. (the "Company") participates in the EU-U.S. Privacy Shield Framework (the "Framework"). Company's participation in the Framework applies to personal data received in the United States from the European Union ("EU") about employees/contractors/job applicants ("EU Human Resources Data"), corporate customer contacts and consumers ("EU Customer Data"), and corporate customer's end-users ("EU End User Data") (collectively, "EU Personal Data"). We are committed to subjecting such EU Personal Data to the Framework, including its Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. To learn more about the Framework, visit the U.S. Department of Commerce's Privacy Shield here. [We also maintain an affirmative commitment to the U.S.-Swiss Safe Harbor Framework and its principles, which will not be affected by our participation in the Privacy Shield.]
EU Personal Data Collection, Use, and Disclosure
EU End User Data: We operate as a processor acting on behalf of our corporate customers regarding the collection, use, and disclosure of EU End User Data. If you are an end user of one of our corporate customers, please consult the privacy policies of that entity for information about its privacy practices.
EU Human Resources Data: We provide notice to EU employees and other covered individuals about the collection, use, and disclosure of their EU Human Resources Data through internal company policies.
Rights of EU Data Subjects
If you are an EU data subject, you have the right to access your own EU Personal Data subject to certain limitations, such as where the legitimate rights of other persons would be infringed or where the burden or expense of providing access would be disproportionate. If you wish to exercise such rights, please contact us as described below. Please note that because Company personnel may have limited ability to access EU End User Data our corporate customers provide to us as part of our services to them, if you are an EU End User and wish to request access, to limit use, or to limit disclosure of your EU End User Data, please contact us as described below and provide the name of the corporate customer who submitted your data to us. We will refer your request to that corporate customer, and will support them as needed in responding to your request.
Choices of EU Data
Corporate customer contacts and individual consumers have the right to exercise choice (opt-out) from our use of their EU Customer Data for direct marketing purposes. To exercise this right, please follow the instructions in any direct marketing message you may have received or contact us at email@example.com. We do not otherwise use or disclose EU Customer Data and EU End User Data in a manner that is subject to choice requirements under the Framework. We describe the choices for EU Human Resources Data through internal company policies.
Recourse, Enforcement, and Liability
Please contact us as specified below if you have any questions, need access to your EU Personal Data, or otherwise need assistance. We remain responsible for our collection, use and disclosure of EU Personal Data in accordance with the Framework. We also are responsible for third party agents that are processing such data on our behalf, unless we prove that we are not responsible for the event giving rise to the damage. In certain situations, we may be required to disclose EU Personal Data in response to lawful requests by public authorities, including meeting national security or law enforcement requirements.
If you have an unresolved concern about EU Personal Data that we have not addressed satisfactorily, we have committed to cooperate with the panel established by the EU Data Protection Authorities to serve as our independent dispute resolution body for the Framework. We are also subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to the Framework. In addition, under certain conditions, more fully described on the Privacy website, EU residents may invoke binding arbitration for non-monetary issues when other dispute resolution procedures have been exhausted.
Please contact us at firstname.lastname@example.org if you have any questions, wish to exercise your rights of access, or seek other assistance as described above.