Last amended September 22, 2016
PRIVACY SHIELD: Aurico Reports, LLC complies with the U.S.-EU Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. The company has certified that it adheres to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse and enforcement. To learn more about the Privacy Shield framework, and to view the company’s certification, please visit www.privacyshield.gov
A. DATA PROTECTION AT AURICO REPORTS, LLC
Aurico respects individual privacy and is committed to the protection of confidential data we maintain. Aurico is committed to the collection, use, and disclosure of personal information in a manner consistent with applicable law. Aurico is also committed to maintaining high ethical standards. For these reasons, Aurico has developed a privacy program designed to respect and protect data privacy rights.
This Policy applies to all personal information received by Aurico in the U.S. from a member state of the EU in any format including, but not limited to, electronic, written or verbal. This policy sets certain minimum standards within Aurico which may be subjected to more stringent privacy safeguards as a result of the requirements of other national or international regulatory agencies.
For purposes of this Policy, the following definitions shall apply:
- "Agent" means any third party that uses personal information provided by Aurico to perform tasks on behalf of, and at the direction of, Aurico.
- "Aurico" means Aurico Reports, LLC and offices within the United States.
- "Personal information" means data about an identified or identifiable individual that is within the scope of the applicable EU law or regulation, received by an organization in the United States from the EU, and recorded in any form.
- "Sensitive personal information" means personal information that reveals race, ethnic origin, political opinions, union membership, religious or philosophical beliefs, that is related to an individual’s financial account or consumer report, or that concerns the health of an individual. In addition, Aurico will treat any information received from a third party as sensitive personal information where that third party treats and identifies the information as sensitive.
PURPOSE FOR COLLECTION, USE AND DISCLOSURE OF PERSONAL INFORMATION
Aurico collects, uses and discloses your Personal Information in its normal course of business for the following purposes:
- Establishing and maintaining communications with you;
- Where you have requested a service from Aurico, assisting you in the completion of your application, the assessment of your eligibility for any such requested service, the processing and maintenance of the service, as well as any applicable renewal of such service;
- Responding to your inquiries about applications, accounts and other services;
- Making proposals for future service needs;
- Allowing our affiliated companies to notify you of certain products or services offered by our affiliated companies;
- Processing transactions through service providers;
- Meeting legal, security, processing and regulatory requirements;
- Protecting against fraud, suspicious or other illegal activities; and
- Compiling statistics for analysis of our sites and our business.
WHAT INFORMATION DO WE COLLECT
The information gathered by Aurico from this Site falls into two categories: (1) information voluntarily supplied by individuals and (2) tracking information gathered as visitors navigate through our Site.
Information voluntarily provided by you
When using this Site, you may choose to provide us with information to help us serve your needs. The Personal Information that we collect will depend on how you choose to use this Site.
Where you request information about our services
If you request further information about our services, we require you to submit your name, e-mail address, the name of your organization, and the country in which you are based so we may send you the material you have requested, and to enable us to identify if you have an existing relationship with Aurico.
Where you register with us and/or request services
If you register with the Site, or request a service available on the Site, we may ask you for your name, e-mail address, country, telephone number and the reason for your communication, as well as information about your position and organization and such other information as is reasonably necessary so that we can provide you with the service. On the data submission form, we shall indicate by way of an asterisk, which information is optional and which information is mandatory. This information can include information you provide on applications or other forms, which may include your name, address, email address, and payment information.
Following an inquiry into receiving services from us, if you decide to proceed, we will collect Personal Information necessary to proceed with the transaction, such as your name, address, post code, contact telephone number, e-mail address, billing address or payment details, and other Personal Information as relevant to the product. We will use your Personal Information to administer your account, process requests etc. and generally manage your relationship with us.
Website Navigational Information
As you navigate the Site, we may also collect information through the use of commonly-used information-gathering tools, such as cookies and web beacons (collectively “Website Navigational Information”). Website Navigational Information includes standard information from your web browser (such as browser type and browser language), your Internet Protocol (“IP”) address, and the actions you take on the Site (such as the web pages viewed and the links clicked).
There are different kinds of cookies with different functions:
- Session cookies: these are only stored on your computer during your web session. They are automatically deleted when the browser is closed. They usually store an anonymous session ID allowing you to browse a website without having to log in to each page. They do not collect any information from your computer.
- Persistent cookies: a persistent cookie is one stored as a file on your computer, and it remains there when you close your web browser. The cookie can be read by the website that created it when you visit that website again.
- First-party cookies: the function of this type of cookie is to retain your preferences for a particular website for the entity that owns that website. They are stored and sent between Aurico’s servers and your computer’s hard drive. They are not used for anything other than for personalization as set by you. These cookies may be either Session or Persistent cookies.
- Third-party cookies: the function of this type of cookie is to retain your interaction with a particular website for an entity that does not own that website. They are stored and sent between the Third-party’s server and your computer’s hard drive. These cookies are usually Persistent cookies.
The major browsers have attempted to implement the draft “Do Not Track” (“DNT”) standard of the World Wide Web Consortium (“W3C”) in their latest releases. As this standard has not been finalized, Aurico’s Sites are not compatible with DNT and so do not recognize DNT settings.
Where strictly necessary
These cookies are essential in order to enable you to move around the Site and use its features, such as accessing secure areas of the Site. Without these cookies, services you have asked for, such as obtaining a quote or logging into your account, cannot be provided. These cookies do not gather information about you that could be used for marketing or remembering where you have been on the internet.
These cookies collect information about how visitors use a Site, for instance which pages visitors go to most often, and if they get error messages from web pages. They also allow us to record and count the number of visitors to the Site, all of which enables us to see how visitors use the Site in order to improve the way that our Site works. These cookies do not collect information that identifies a person, as all information these cookies collect is anonymous and is used to improve how our Site works.
These cookies allow our Site to remember choices you make (such as your user name, language or the region you are in) and provide enhanced features. For instance, a Site may be able to remember your log in details, so that you do not have to repeatedly sign in to your account when using a particular device to access our Site. These cookies can also be used to remember changes you have made to text size, font and other parts of web pages that you can customize. They may also be used to provide services you have requested such as viewing or commenting on content on the Site. The information these cookies collect is usually anonymized. They do not gather any information about you that could be used for advertising or remember where you have been on the internet.
Please consult your web browser's ‘Help’ documentation or visit aboutcookies.org [hyperlink]. For more information about how to turn cookies on and off for your browser.
When you visit our Sites, Aurico collects your Internet Protocol (“IP”) addresses to track and aggregate non-Personal Information. For example, Aurico uses IP addresses to monitor the regions from which users navigate the Sites. IP addresses will be stored in such a way so that you cannot be identified from the IP address.
DISCLOSURE OF INFORMATION TO OTHERS
Third parties to whom we disclose information are required by law and contractual undertakings to keep your Personal Information confidential and secure, and to use and disclose it for purposes that a reasonable person would consider appropriate in the circumstances, in compliance with all applicable legislation, which purposes are as follows:
- To provide the products and services you have requested from us;
- To notify you or allow our affiliated companies to notify you of certain products or services offered by our affiliated companies;
- For legal, regulatory, and employment services;
- To process transactions through data processing service providers;
- If the information is a credit card number, to process credit card payments—through third party payment processing, clearing and settlement systems in association with various banks; and
If these third parties wish to use your Personal Information for any other purpose, they will have a legal obligation to notify you of this and, where required, to obtain your consent. Contact us on [e-mail address] for more information on these third parties.
In the normal course of performing services for our clients, Personal Information may be shared within Aurico and its affiliates for research and statistical purposes, system administration and crime prevention or detection. When you supply us with information containing third party Personal Information (names, addresses, or other information relating to living individuals), we will hold and use that Personal Information to perform general screening and other services for you on the understanding that the individuals to whom the Personal Information relates have been informed of the reason(s) for obtaining the Personal Information, the fact that it may be disclosed to third parties such as Aurico, and have consented to such disclosure and use.
Because a number of the service providers we use are located in the United States, including certain Aurico affiliates, your Personal Information will be processed and stored inside the United States, and the U.S. government, courts, or law enforcement or regulatory agencies may be able to obtain disclosure of your Personal Information under US laws.
Aurico's service suppliers adhere to the same protections regarding the collection, use, and retention of data as we do.
As we continue to develop our business, we might sell or buy assets. In such transactions, user information, including Personal Information, generally is one of the transferred business assets. Also, if either Aurico itself or substantially all of Aurico assets were acquired, your Personal Information may be one of the transferred assets. Therefore, we may disclose and/or transfer your Personal Information to a third party purchaser in these circumstances
Other Legally Required Disclosures
Aurico preserves the right to disclose without your prior permission any Personal Information about you or your use of this Site if Aurico has a good faith belief that such action is necessary to: (a) protect and defend the rights, property or safety of Aurico, employees, other users of this Site, or the public; (b) enforce the terms and conditions that apply to use of this Site; (c) as required by a legally valid request from a competent governmental authority; or (d) respond to claims that any content violates the rights of third-parties. We may also disclose Personal Information as we deem necessary to satisfy any applicable law, regulation, legal process or governmental request
CALIFORNIA’S “SHINE THE LIGHT” LAW
California Civil Code Section 1798.83 requires any operator of a website to permit its California-resident customers to request and obtain from the operator a list of what personal information the operator disclosed to third parties for direct marketing purposes, for the preceding calendar year; and the addresses and names of such third parties. Aurico does not share any personal information collected from this site with third parties for their direct marketing purposes.
Your knowledge of and consent to Aurico’s collection, use and disclosure of your Personal Information is important. We rely on the following actions by you as indications of your consent to our existing and future Personal Information practices:
- Your voluntary provision of Personal Information to us directly;
- Your express consent or acknowledgement contained within a written, verbal or electronic application process; and
- Your verbal consent solicited by Aurico (or our agent) for a specified purpose.
Where Aurico relies on consent for the fair and lawful processing of Personal Information, the opportunity to consent will be provided when the Personal Information in question is collected. Your consent may be given through your authorized representative such as a legal guardian, agent or holder of a power of attorney.
Aurico maintains servers and other storage facilities in the United States. As a consequence of your use of the site, your Personal Information may be used or stored in the United States. By using the Site you hereby affirmatively consent to the processing of your Personal Information in a country which may not have the same level of privacy protection as your country of residence. Should you withdraw this consent, you agree that you will not use or visit the Site subsequent to your withdrawal of such consent.
Subject to certain legal or contractual restrictions and reasonable notice, you may withdraw this consent at any time. Aurico will inform you of the consequences of withdrawing your consent. In some cases, refusing to provide certain Personal Information or withdrawing consent for Aurico to collect, use or disclose your Personal Information could mean that we cannot provide the requested services or information for you.
If you wish to withdraw your consent please refer to the contact information section (Section 8) below.
However, there are a number of instances where Aurico does not require your consent to engage in the processing or disclosure of Personal Information. Aurico may not solicit your consent for the processing or transfer of Personal information for those purposes which have a statutory basis, such as:
- The transfer or processing is necessary for the performance of a contract between you and Aurico (or one of its affiliates);
- The transfer or processing is necessary for the performance of a contract, concluded in your interest, between Aurico (or one of its affiliates) and a third party;
- The transfer or processing is necessary, or legally required, on important public interest grounds, for the establishment, exercise, or defense of legal claims, or to protect your vital interests; or
- The transfer or processing is required by applicable law.
3. Accountability for Onward Transfer:
Aurico may share an individual's information with contractors, government agencies and/or partners of Aurico in connection with services that these individuals or entities perform for, or with, Aurico. As noted earlier, where legally possible, third parties to whom we disclose information are required by law and contractual undertakings to keep your Personal Information confidential and secure, and to use and disclose it for purposes that a reasonable person would consider appropriate in the circumstances.
Where Aurico has knowledge that a consultant, independent contractor or partner is using or disclosing personal information in a manner inconsistent with this Policy, Aurico will take reasonable steps to prevent or stop such improper use and/or disclosure.
4. Data Security:
Aurico will employ reasonable safeguards to protect personal information in its possession from loss, misuse, unauthorized access, disclosure, alteration or destruction. For personal information subject to electronic storage or transmission, Aurico maintains an internal private, secure network that is protected from computer malicious software and monitored for unauthorized access. Both electronic and paper based records holding personal information are maintained in access controlled facilities for which business continuity plans are required.
5. Data Integrity and Purpose Limitation:
Aurico will collect, use, or disclose Personal Information that is necessary for the Identified Purposes or as permitted by law. If we require Personal Information for any other purpose, you will be notified of the new purpose, and subject to your consent (where appropriate), that new purpose will become an Identified Purpose.
Aurico takes reasonable steps to ensure that Personal Information is reliable for its intended use; as well as being current, accurate, and complete. As part of maintaining Personal Information which is accurate, current, and complete; we need your help. If you know that your Personal Information which you have provided to us is no longer accurate or complete, please let us know by contacting us via the point of contact described in Section 8 below. Aurico cannot be responsible for the accuracy or completeness of information whose source Aurico does not control.
We will normally retain Personal Information as long as necessary for the fulfillment of the Identified Purposes. However, some Personal Information may be retained for longer periods as required by law, contract, or auditing requirements.
6. Data Access:
Upon request, individuals will be granted reasonable access to personal information that Aurico maintains about them. In addition, upon request, Aurico will take reasonable steps to permit individuals to correct, amend or delete information that is found to be inaccurate, incomplete or out-of-date. However, there are some circumstances where Aurico cannot grant an individual access to Personal Information.
Aurico will not provide access or correction rights to an individual where the granting of such access or correction rights will impose a burden on Aurico to provide such access or correction that is disproportionate to the risk to the individual’s privacy; or where the access to the individual’s Personal Information places another individual’s privacy rights at risk. If Aurico does not allow the individual the right of access or correction under this section, we will provide the impacted individual with the reasons why they are not permitted such access.
7. Recourse and Enforcement:
Any questions or concerns regarding the use or disclosure of personal information should be directed to the Compliance Officer at the address given below. We will respond to any reasonable and valid complaint within 45 days of receipt of such complaint. Aurico will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy.
Should you still feel that your concerns have not been adequately addressed after contacting us, you may file a complaint with JAMS at: https://www.jamsadr.com/eu-us-privacy-shield. In the event that you are unable to resolve your complaint with Aurico via JAMS, you may then contact the FTC, or the Data Protection Authority in your country of residence, directly in order to engage with the US Department of Commerce to resolve your complaint.
In the event that you cannot fully resolve your complaint through the Department of Commerce, it is possible that you may invoke binding arbitration as a final resort. In order to invoke this arbitration option you must take the following steps prior to initiating an arbitration claim: (1) raise the claimed violation directly with Aurico and afford us an opportunity to respond to the issue within 45 days; (2) make use of the independent recourse mechanism, in this case JAMS, which is at no cost to you; and (3) raise the issue through your Data Protection Authority to the Department of Commerce and afford the Department of Commerce an opportunity to use best efforts to resolve the issue.
This arbitration option may not be invoked if your same claimed violation (1) has previously been subject to binding arbitration; (2) was the subject of a final judgment entered in a court action to which you were a party; or (3) was previously settled by you and us. In addition, you may not invoke this option where the Data Protection Authority of the country of your residence already has jurisdiction to resolve your compliant.
You may initiate binding arbitration, subject to the pre-arbitration requirements provision above, by delivering a “Notice” to the organization. The Notice shall contain a summary of steps taken to resolve the claim, a description of the alleged violation, and, at the choice of the individual, any supporting documents and materials and/or a discussion of law relating to the alleged claim. For more information on how to invoke arbitration under the Privacy Shield framework, please visit https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
Finally, you may only use binding arbitration to ensure Aurico follows the data handling practices set out in this Policy. No other form of remedy is available by any arbitration under this section.
Aurico will conduct compliance audits of its privacy practices to verify adherence to this Policy. All reported breaches or potential breaches will be investigated by the Compliance Officer, who will take such action as deemed appropriate in the investigation.
8. Contact Information:
Questions or comments regarding this Policy should be submitted to the Aurico Compliance Officer at the following address:
Aurico Reports, LLC
Attn: Compliance Officer
Atrium Corporate Center
3800 Golf Road, Suite 120
Rolling Meadows, IL 60008
This Policy may be amended from time to time, consistent with the requirements of the Safe Harbor Principles. Appropriate public notice will be given concerning such amendments when they are made.