US-Swiss Safe Harbor Privacy Statement

This US-Swiss Safe Harbor Privacy Statement was last updated on September 29, 2016.

Background:

The US-Swiss Safe Harbor Framework was established by the United States (US) Department of Commerce and the Federal Data Protection and Information Commissioner (FDPIC) as a method for transferring personal data from Switzerland to companies in the US. The program is a voluntary self-certification process for companies operating in the US. Companies that certify represent that they are upholding privacy standards for personal data received from Switzerland that have been jointly accepted by the FDPIC and the US Department of Commerce. Chart.io has certified to the US-Swiss Safe Harbor Framework and has developed this US-Swiss Safe Harbor Privacy Statement to describe its commitment to the Safe Harbor Framework. The decision of the European Court of Justice of October 6, 2015, which invalidated the US-EU Safe Harbor Framework, does not apply to the US-Swiss Safe Harbor Framework, which the US Department of Commerce continues to administer. Should this change, we will update this Privacy Statement.

Chart.io abides by the US-Swiss Safe Harbor Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of Personal Data (as defined below) from Switzerland. Chart.io has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Chart.io's certification, please visit http://www.export.gov/safeharbor/

Scope:

This US-Swiss Safe Harbor Privacy Statement applies to all Personal Data (as defined below) that is subject to Chart.io’s Privacy Policy and is received by Chart.io in the US from Switzerland.

If there is any conflict between the terms in this US-Swiss Safe Harbor Privacy Statement and the US-Swiss Safe Harbor Principles, the US-Swiss Safe Harbor Principles shall govern.

Definitions:

  • "Customer" or "Customers" means Chart.io's business customers that use the Services.

  • "Personal Data" means any information relating to an identified or identifiable person, recorded in any form; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.

  • "Privacy Policy" means Chart.io's web site privacy policy, available above and accessible at: https://chartio.com/legal/privacy.

  • "US-Swiss Safe Harbor Privacy Statement" means this US-Swiss Safe Harbor Privacy Statement.

Notice:

Chart.io will inform persons about the purposes for which it collects and uses Personal Data about them, the types of non-agent third parties to which Chart.io discloses that information, and the choices and means, if any, Chart.io offers for limiting the use and disclosure of Personal Data. Notice will be provided in clear and conspicuous language when persons are first asked to provide Personal Data to Chart.io, or as soon as practicable thereafter, and in any event before Chart.io uses the information for a purpose other than that for which it was originally collected.

In addition to our own data processing involving Personal Data, at the direction of our Customers Chart.io may process certain Customer data which may potentially include Personal Data. Chart.io may cache this data and various aggregations and transformation (charts, graphs, maps, tables, dashboards, etc.) as part of normal operations as covered by our Terms of Service. In such instances, Chart.io is acting as the data processor - not the data controller. If you have any questions about our processing of this information, you are advised to contact the Chart.io’s Customer who has directed us to process that particular information.

Choice:

Chart.io will offer persons the opportunity to choose (opt out of) whether their Personal Data is (a) to be disclosed to third parties for marketing purposes, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the person. Chart.io will provide persons with reasonable mechanisms to exercise their choices should applicable circumstances arise. In order to request that Chart.io not use a person’s Personal Data, such person should contact Chart.io by email at: privacy@chartio.com, including to request access to, correct or delete any Personal Data provided to Chart.io. Persons may also opt out of receiving marketing messages from Chart.io by notifying Chart.io at: privacy@chartio.com.

Our ad network partner uses cookies and web beacons to collect non-personally identifiable information about your activities on our Site and other web sites to provide you with targeted advertising based upon your interests. If you do not wish to have this information used for the purpose of serving you targeted advertisements, you may opt out by visiting the following portals: http://www.networkadvertising.org/choices and http://www.youronlinechoices.eu. Please note that opting out of targeted advertisement does not opt you out of being served advertising altogether. You will continue to receive generic advertisements.

We use third party retargeting services, including AdRoll, which track users across web sites. Except for geo-location data (based on IP address), we do not provide these services with any Personal Data. You may opt-out of such retargeting services via the following opt-out link: http://www.networkadvertising.org/choices/.

Data Integrity:

Chart.io will use Personal Data only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the person. Chart.io will take reasonable steps to ensure that Personal Data is relevant to its intended use, accurate, complete, and current.

Onward Transfer:

Chart.io may disclose Personal Data to business partners and subcontractors as necessary in connection with the performance of requested services or solutions, or as otherwise appropriate in connection with a legitimate business need. Chart.io may also disclose Personal Data as necessary in connection with the sale or transfer of all or part of its business. In these situations, Chart.io will require the recipient of the data to protect the data in accordance with the relevant principles in the Safe Harbor or otherwise take steps to ensure that the Personal Data is appropriately protected. Chart.io may also disclose Personal Data as required or permitted by law, or when Chart.io believes that disclosure is necessary to protect its rights and/or to comply with a judicial proceeding, a court order, a law enforcement request, or other legal process.

Security:

We are committed to securing all Personal Data provided to us. We have deployed and maintain process and technology measures to provide reasonable assurance that your Personal Data is secured against unauthorized use, loss or disclosure.

Access:

Upon request, Chart.io will grant persons reasonable access to Personal Data that it holds about them. In addition, Chart.io will take reasonable steps to permit persons to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete. Chart.io agrees to process all reasonable requests for access within a reasonable time period, but reserves the right to deny access or limit access in cases where the burden or cost of providing access would be disproportionate to the risks to the person’s privacy or in the case of a vexatious or fraudulent request.

Enforcement:

We have deployed internal processes to monitor our compliance with this US-Swiss Safe Harbor Privacy Statement and to address all questions or complaints. We encourage you to raise any concerns or complaints directly with us by contacting us at privacy@chartio.com. Chart.io will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the principles contained in this US-Swiss Safe Harbor Privacy Statement. For complaints that cannot be resolved between Chart.io and the complainant, complaints will be submitted to the International Centre for Dispute Resolution, the international division of the American Arbitration Association (ICDR/AAA) for mediation and then if necessary, to binding arbitration for final resolution. Information about ICDR/AAA services can be found at its website: http://info.adr.org/safeharbor.

Comments:

If you have any questions, comments or concerns about our privacy practices, please contact us at Chart.io, Inc., 222 Kearny Street, Suite 525 San Francisco, CA 94108 or at privacy@chartio.com.