TOA Technologies is committed to maintaining the highest ethical standards during the receipt and processing of personal information it receives through its customers and their clients, vendors, business partners, employees and others.
TOA Technologies will abide by the Safe Harbor Principles developed by the United States Department of Commerce and the European Commission and the Frequently Asked Questions (FAQs) issued by the U.S. Department of Commerce on July 21, 2000.
TOA’s Safe Harbor Certification can be found at: http://web.ita.doc.gov/safeharbor/shlist.nsf/webPages/safe+harbor+list
For more information about the Safe Harbor Principles, please visit the U.S. Department of Commerce website at http://www.export.gov/safeharbor/doc_safeharbor_index.asp
TOA Technologies adheres to the Safe Harbor principles of:
1. Notice – Prior to the transfer of any non-public personal information from the EU to the US, TOA requires contractual confirmation from the EU controller (Customer) from whom TOA acquired the information that the personal data has been provided to TOA in accordance with the applicable EU Member State Data Protection law thereby ensuring the data subjects have been provided with proper Notice regarding how their personal data will be used. TOA does not collect personal data directly from data subjects.
2. Choice – Prior to the transfer of any non-public personal information from the EU to the US, TOA requires contractual confirmation from the EU controller (Customer) from whom TOA acquired the information that the personal data has been collected in accordance with applicable EU member State Data Protection law thereby ensuring the data subjects have been provided with the proper Choice regarding how their personal data may be used.
TOA will not use an individual’s name and related information in any of its marketing information products.
It is TOA’s policy to remove data from its servers after processing it for the customer. If an individual has reason to believe that his/her personal information resides on TOA’s servers, he should provide a written request to change the information. TOA Technologies will require confirmation of the identity of an individual before making any changes to, or deleting that individual’s data. TOA Technologies will require written confirmation of identity be provided to the TOA Privacy Officer.
Contact information for TOA Privacy Officer:
E-mail: privacy.officer at toatech dot com
Data Integrity – TOA takes reasonable steps to assure the information which is transferred from the EU to the US is reliable, accurate and complete. The steps TOA takes to assure data integrity are made in light of the purposes for which the personal information is used.
Onward Transfer – In general, TOA does not disclose Personal Information to third parties, except when one or more of the following conditions is true:
TOA has the individual’s permission to make the disclosure;
The disclosure is required by law or mandatory professional standards;
The disclosure is reasonably related to the sale or other disposition of all or part of TOA’s business;
The information in question is publicly available;
The disclosure is reasonably necessary for the establishment of legal claims; or The disclosure is to another TOA subsidiary, affiliate, or to persons or entities providing services on TOA’s or the individual’s behalf (each a "transferee"), consistent with the purpose for which the information was obtained, if the transferee, with respect to the information in question: is subject to law providing an adequate level of privacy protection; has agreed in writing to provide an adequate level of privacy protection; subscribes to the Safe Harbor Principles.
If TOA does disclose information to a third party, it will comply with the notice and choice principles as described above for all data which is disclosed or transferred to a third party.
However, in those situations where TOA uses data processors to perform processing tasks on behalf and under the instruction of TOA, TOA requires that its data processors either: Subscribe to the EU Safe Harbor Principles, the EU Data Protection Directive or another adequacy finding; or
Enter into a written agreement with TOA requiring them to provide the same level of protection as TOA.
5. Security – TOA will employ various physical, electronic, and managerial measures, including education and training of employees and applicable consultants, designed to provide personal information with reasonable protection from accidental loss or destruction, improper use, alternation or disclosure. Personal information collected or displayed through a Website is protected in transit by standard encryption processes. However, TOA cannot guarantee the security of information on or transmitted via the Internet. TOA’s Data Security Officer is responsible for conducting investigations into any alleged computer or network compromises, incidents or problems and ensuring the proper disciplinary action is taken against those who violate TOA’s security standards. Any security compromises or potential security compromises and any inquiries concerning security should be reported to the TOA Privacy Officer.
Contact information for TOA Privacy Officer: E-mail: privacy.officer at toatech dot com
6. Access – An individual may make a request to TOA for access to the information TOA maintains in its information products. The individual has the right to receive confirmation from TOA as to whether or not data relating to him/her is found in TOA’s information products and to correct, amend, or delete that information when it is inaccurate. This right only applies to personal information relating to the individual making the request and is subject to other limitations as defined by law. Individuals will direct their request to TOA’s Privacy Officer at the corporate headquarters address given above. TOA will require confirmation of the identity of the individual. TOA must be provided with the necessary information to retrieve the individual’s information, via a signed request. TOA agrees to process all reasonable requests for access within a reasonable time period, but reserves the right to deny access or limit access in cases where the burden or cost of providing access would be disproportionate to the risks to the individual’s privacy or in the case of a vexatious or fraudulent request.
7. Enforcement – To ensure compliance with these Safe Harbor policies, TOA will:
Commit to cooperate with the Data Protection Authorities (DPAs) of the EU countries in the investigation and resolution of complaints and will comply with any advice given by DPAs;
Employ a procedure for verifying the commitment the company has made to adhere to the Safe Harbor Principles has been implemented;
Remedy issues arising out of any failure to comply with the Principles. TOA acknowledges that its failure to provide an annual self-certification to the U.S. Department of Commerce will remove it from its list of participants and the transfers of information will not be allowed unless TOA complies with the EU Data Protection Directive.
The TOA Privacy Officer and the appropriate internal corporate review will be the internal mechanism for ensuring compliance with the Safe Harbor Principles and facilitating independent recourse, as described above.
If you feel that TOA Technologies has not abided by the US-EU Safe Harbor Privacy Principles, please contact either TOA Technologies (privacy.officer at toatech dot com) or the US Federal Trade Commission.
Safe Harbor Policy Effective May 27, 2005