PRIVACY SHIELD PRIVACY POLICY

Introduction

CONTACT DISCOVERY SERVICES, LLC, a Delaware limited liability company (the “Company”), is committed to safeguarding the private information entrusted to it by customers.  Contact Discovery Services, LLC complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from European Union (the “EU”) and Switzerland to the United States, respectively Contact Discovery Services, LLC has certified to the Department of Commerce that it adheres to the Privacy Shield Principles (the “Principles”). If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.

Contact Discovery Services, LLC is subject to the investigatory and enforcement authority of the United States Federal Trade Commission (FTC).

Scope

This Privacy Shield Privacy Policy (the “Policy”) outlines the Company’s general policy and practices for implementing the Principles, including the types of information the Company gathers, how the Company uses it, and the notice and choice affected individuals have regarding the Company’s use of and their ability to correct that information.  This privacy policy applies to all personal information received by Company whether in electronic, paper or verbal format.

If there is any conflict between the policies in this Policy and the Principles, then the Principles shall govern.  This Policy is intended to supplement the Company’s Privacy Policy, which can be found at http://www.contactdiscoveryservices.com/about-us/.  To learn more about the Privacy Shield Framework, please visit https://www.privacyshield.gov

Definitions

Agent” means any third party that processes, collects, or uses Personal Information under the instructions of, and solely for, the Company or to which the Company discloses Personal Information for use on the Company’s behalf.

EU” has the meaning attributed to it in the first unnumbered paragraph.

Personal Information” or “Information” means information that (1) is transferred from the EU to the United States; (2) is recorded in any form; (3) is about, or pertains to a specific individual; and (4) can be linked to that individual.

Policy” has the meaning attributed to it in the second unnumbered paragraph.

Principles” has the meaning attributed to it in the first unnumbered paragraph.

Company” has the meaning attributed to it in the first unnumbered paragraph.

Sensitive Personal Information” means Personal Information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership or that concerns an individual’s health.

PRINCIPLES

Notice

The Company shall inform an individual of the purpose for which it collects and uses the Personal Information and the types of non-Agent third parties to which the Company discloses or may disclose that Information.  The Company shall provide the individual with the choice and means for limiting the use and disclosure of their Personal Information.  Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Information to the Company, or as soon as practicable thereafter, and in any event before the Company uses or discloses the Information for a purpose other than for which it was originally collected.

Choice

The Company will offer individuals the opportunity to choose (opt out) whether their Personal Information is (1) to be disclosed to a non-Agent third party or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.  The ability to opt out of above mentioned disclosure of Personal Information will be provided on the data collection questionnaire provided by Contact Discovery Services, LLC or the counsel representing you or your employer prior to data collection.  For Sensitive Personal Information, the Company will give individuals the opportunity to affirmatively or explicitly (opt in) consent to the disclosure of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.   The ability to opt in to the above mentioned use of Sensitive Personal Information activities will be provided on the data collection questionnaire provided by Contact Discovery Services, LLC or the counsel representing you or your employer prior to data collection.

Data Types

Contact collects a range of data for the purpose of legal data processing.  Data types may include names, addresses, telephone numbers, email addresses, and personal and/or confidential information related to general business, sales and marketing, mergers and acquisitions, contracts, personal correspondence, and other purposes as required by the underlying litigation requirements.

Disclosures and Onward Transfers

Prior to disclosing Personal Information to a third party, the Company shall notify the individual of such disclosure and allow the individual the choice (opt out) of such disclosure.  Company may disclose Private Information to its Agents in order for those Agents to obtain information needed to perform their functions.  However, the Company’s Agents are restricted from using the Personal Information for purposes other than providing services for or to Company.  Company requires that its Agents that have access to Personal Information agree in writing to provide an adequate level of privacy protection.

Company also may disclose Personal Information as required by law, legal process, or mandatory professional standards.  Before making any such disclosure, to the extent practical, Company will take reasonable steps to inform the customer of the intended disclosure so that the individual may take such actions as it deems necessary to protect the Personal Information.  When data processing is completed, Contact will provide access to the processed materials to the requesting law firm that ordered the data collection and processing event.  It is Contact’s process to not disclose any personal data to any party excepting agent 3rd parties such as the law firm managing the litigation, translation organizations to perform translation (if requested by the law firm), or eDiscovery engineering specialists and/or experts who may be required to support the law firm throughout the litigation.  Contact will not knowingly provide access to Personal Information or Sensitive Personal Information to non-agent 3rd parties other than the owner of the data and any party explicitly empowered by the data owner to receive said data.The Company may be required to disclose personal data in response to lawful requests from public authorities including to meet national security and law enforcement requirements.

The Company may be liable for the transfer of personal data to third parties.

Data Security

The Company will take reasonable steps to protect the Information from loss, misuse and unauthorized access, disclosure, alteration and destruction.  The Company has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the Information from loss, misuse, unauthorized access or disclosure, alteration or destruction.  Company cannot guarantee the security of Information on or transmitted via the Internet.

Data Integrity

The Company shall only process Personal Information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual.  To the extent necessary for those purposes, the Company shall take reasonable steps to ensure that Personal Information is accurate, complete, current and reliable for its intended use.

Access

The Company acknowledges the individual’s right to access their personal data. Upon request, to the extent practical, the Company will provide individuals with reasonable access to their Personal Information.  The Company will take reasonable steps to permit these individuals to correct, amend or delete any Personal Information that is demonstrated to be inaccurate or incomplete.  The Company may limit or deny access to Personal Information as permitted by the Principles.  For example, the Company may limit an individual’s access to Personal Information where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy or where the legitimate rights of persons other than the individual would be violated.  As the nature of our work involves the collection and management of evidence for the purpose of litigation, the ability to modify or correct said data may be prohibited by law.  Any requests to receive personal data should be addressed to:

Contact Discovery Services, LLC
ATTN:  Privacy Shield Data Request
1250 I St. NW
Suite 750
Washington DC, 20005
United States

Enforcement

The Company uses a self-assessment approach to assure compliance with this Privacy Shield Privacy Policy and periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible and in conformity with the Principles.

In compliance with the Privacy Shield Principles, Contact Discovery Services, LLC commits to resolve complaints about our collection or use of your personal information.  EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Contact Discovery Services, LLC at: 

Contact Discovery Services, LLC
Attn:  Privacy Shield Inquiry
1250 I (Eye) St. NW
Suite 750
Washington, DC 20005

Contact Discovery Services, LLC has further committed to refer unresolved Privacy Shield complaints to BBB EU Privacy Shield, operated by the Council of Better Business Bureaus, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information or to file a complaint.  The services of the BBB EU Privacy Shield are provided at no cost to you.

Contact Discovery Services, LLC commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.

Amendments

This Policy may be amended from time to time consistent with the requirements of the Privacy Shield Framework and Principles.  The Company will post a revised Policy to its website.  The revised Policy will become effective as of the date it is posted on Company’s website.

Contact information

Questions, comments or complaints regarding Company’s Privacy Shield Privacy Policy or data collection and processing practices can be mailed or emailed to:

Contact Discovery Solutions, LLC
Attn: Privacy Shield Inquiry
1250 I Street, NW
Suite 750
Washington, DC 20005
United States
Email: dave@contactdiscoveryservices.com

  <SSFnbr>#2848058v1</SSFnbr>   <SSFcm>080087/000001</SSFcm>