Solifi Data Privacy Framework Policy
Scope
This Data Privacy Framework Policy (the “Policy”) sets forth the privacy principles that International Decision Systems, Inc. Dba Solifi and/or its affiliates (collectively, “Solifi”) follow with respect to Personal Data received from the European Economic Area (“EEA”), Switzerland and the United Kingdom (“UK”).
Solifi has certified that it adheres to the EU-US Data Privacy Framework, UK Extension to the EU-US DPF, and the Swiss-U.S. Data Privacy Framework (collectively, “the DPF”) and the Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability, as set forth by the US Department of Commerce. To learn more about the DPF program, and to view our certification page, please visit: https://www.dataprivacyframework.gov/s/.
This Policy applies to the processing of Personal Data that Solifi receives in the United States concerning individuals who reside in the EEA, Switzerland and the UK. This Policy does not cover data from which individual persons cannot be identified.
Solifi employees who handle Personal Data from the EEA, Switzerland or the UK are required to comply with the principles stated in this Policy.
Information collected
Solifi may collect personal data as a data controller about Solifi customers (including their personnel), as well as Solifi’s current, prospective, and former employees. Information collected includes business contact information and other non-sensitive information. Solifi may collect personal data as a data processor about end users of Solifi products (i.e., customers of Solifi customers). Such personal data may include information collected by the data controller and processed in accordance with the controller’s instructions.
Purposes of processing
Solifi processes Personal Data to facilitate the development and commercial use of its products and for its business purposes. Personal Data may be used for purposes of business development, delivering Solifi products and support services, marketing, sales, human resources management and other Solifi business activities.
Solifi transfers personal data to third-party processors providing a variety of services, including, but not limited to, payroll, systems hosting, and sales and marketing activities.
Onward transfers to third parties
Solifi will take measures to obtain assurances from third-party service providers that process Personal Data on Solifi’s behalf that they will process such information in a manner consistent with Solifi policies and DPF Principles. Solifi remains responsible under the DPF Principles if third-party service providers that Solifi engages to process Personal Data on its behalf do so in a manner inconsistent with the DPF Principles, except where Solifi is not responsible for the event giving rise to the damage. Solifi will take measures to only disclose Personal Data that is necessary for the third parties to provide the agreed upon services to Solifi. Where Solifi has knowledge that a third-party business partner is using or disclosing Personal Data in a manner contrary to Solifi’s privacy policies or DPF Principles, Solifi will take reasonable steps to prevent or stop the use or disclosure.
Solifi may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Individual rights
Upon request, and as required by DPF Principles and applicable law, Solifi will provide individuals with reasonable access to Personal Data about them. Solifi will also take reasonable steps to allow individuals to review Personal Data for the purposes of correcting, amending or deleting such information in instances where Personal Data is demonstrated to be incomplete or inaccurate.
You may request that Solifi no longer share your personal data with parties that may use such data for their own purposes. If your personal data will be used for purposes other than those detailed in this notice, Solifi will inform you and provide an opportunity to opt out of such secondary use.
Individuals can contact Solifi at: [email protected] in order to exercise their choices or request access to Personal Data about them.
Dispute resolution
Solifi is subject to the investigatory and enforcement powers of the US Federal Trade Commission (“the FTC”).
Any questions or concerns regarding the use or disclosure of Personal Data should be directed to the Solifi addresses provided below. Solifi will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data by reference to DPF Principles.
In addition, Solifi has agreed to participate in the following independent dispute resolution procedure in the investigation and resolution of complaints to resolve disputes pursuant to the DPF Principles:
- JAMS
Information about how to file a complaint with the JAMS DPF program can be found at: https://www.jamsadr.com/DPF-Dispute-Resolution
With regard to Personal Data of Solifi employees in the EEA, Switzerland or the UK, Solifi agrees to cooperate with competent EU supervisory authorities (Data Protection Authorities), the Swiss Federal Data Protection and Information Commissioner (FDPIC) or the UK Information Commissioner’s Office.
An individual may invoke binding arbitration, at his or her own cost, subject to procedures set forth by the EU-US DPF, the Swiss-US DPF, and the UK extension to the EU-US DPF.
Changes to this policy
This Policy may be amended from time to time, consistent with the requirements of the DPF Principles. Solifi will provide appropriate notice about such amendments.
Contact us
International Decision Systems, Inc. Dba Solifi,
800 Washington Avenue North, Suite 901
Minneapolis, Minnesota 55401
United States of America
E-mail: [email protected]
Last updated: March 2024