This Safe Harbor Privacy Policy (this “Policy”) sets forth the privacy principles Continuity Logic LLC (“Continuity Logic”) follows with respect to all Personal Information (defined below) received by Continuity Logic from the European Economic Area (“EEA”) (which includes the twenty-seven member states of the European Union (“EU”) plus Iceland, Liechtenstein and Norway) and from Switzerland.

Safe Harbor

The United States Department of Commerce and the European Commission have agreed on a set of data protection principles and frequently asked questions to enable United States companies to satisfy the requirement under European Union law that adequate protection be given to Personal Information transferred from the EEA to the United States (the “U.S.-EU Safe Harbor”). The EEA also has recognized the U.S.-EU Safe Harbor as providing “adequate” data protection. The United States Department of Commerce and the Federal Data Protection and Information Commissioner of Switzerland (“Swiss FDPIC”) have agreed on a similar set of principles and frequently asked questions to enable U.S. companies to satisfy the requirement under Swiss law that adequate protection be given to Personal Information transferred from Switzerland to the United States (the “U.S.-Swiss Safe Harbor”). Continuity Logic complies with the principles set forth in the U.S.-EU Safe Harbor and the U.S.-Swiss Safe Harbor.  To learn more about the Safe Harbor program, and to view Continuity Logic’s certification, please visit http://www.export.gov/safeharbor/.

SCOPE

This Policy applies to all Personal Information received by Continuity Logic in the United States from the EEA and from Switzerland, in any format, including electronic, paper or verbal.

DEFINITIONS

For purposes of this Policy, the following definitions shall apply:

“Agent” means any third party that collects or uses Personal Information under the instructions of, and solely for, Continuity Logic or to which Continuity Logic discloses Personal Information for use on Continuity Logic’s behalf.

“Personal Information” or “Information” means information that (1) is transferred from the EEA or Switzerland to the United States; (2) is recorded in any form; (3) is about, or pertains to a specific individual; and (4) can be linked to that individual.  Personal information does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public Personal Information.

“Sensitive Personal Information” means Personal Information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership or that concerns an individual’s health.

DATA PROCESSOR

Continuity Logic acts in the capacity of a “data processor” on behalf of its “data controller” clients with respect to Personal Information.  Continuity Logic acts only on the instructions of its data controller clients and does not control or share such data without direction from the client.  For such processing, Continuity Logic enters into appropriate agreements with its clients providing that the client is the data controller for the purpose of the EU Data Directive and is in compliance with the applicable data protection laws.  Continuity Logic does NOT act in the capacity of a “data controller” in its engagements.

PRIVACY PRINCIPLES

Notice

As an agent processing Personal Information under the direction of its “data controller” clients, Continuity Logic has no direct relationship with the individuals whose Personal Information it processes.  Prior to the transfer of any Personal Information from the EEA or Switzerland to the United States, Continuity Logic requires its clients to certify that the Personal Information has been collected in accordance with applicable data protection laws, including that the client has provided appropriate notice to individuals, including information concerning (1) the purposes for which Personal Information is collected and used; (2) a contact person to whom enquiries or complaints may be directed; (3) the types of third parties to whom Personal Information is disclosed; and (4) the choices and means that individuals are offered for limiting use and disclosure of Personal Information.

Choice

As an agent processing Personal Information under the direction of its “data controller” clients, Continuity Logic has no direct relationship with the individuals whose Personal Information it processes.  Prior to the transfer of any Personal Information from the EEA or Switzerland to the United States, Continuity Logic requires its clients to certify the Personal Information has been provided to Continuity Logic in accordance with the applicable data protection laws to ensure the individuals have been provided with appropriate choice regarding how their Information may be used, including the opportunity (1) to choose (opt-out) whether their Personal Information is disclosed to a third party or used for a purpose incompatible with the purpose for which it was originally collected or subsequently authorized by the individual, and with respect to Sensitive Personal Information, (2) to affirmatively  consent (opt-in) to the disclosure of their Sensitive Personal Information to a third party or used for a purpose other than its original purpose or the purpose authorized subsequently by the individual.  Continuity Logic only processes Personal Information for purposes that are compatible with those for which it was originally collected or subsequently authorized by the individual.  Continuity Logic only discloses Personal Information to third parties at the direction of its client as data controller or when required by law.

Onward Transfer

In the event Continuity Logic were to utilize Agents to perform tasks on behalf of Continuity Logic, Continuity Logic would require its Agents to enter into a written agreement with Continuity Logic to safeguard the Personal Information consistent with this Policy, the U.S.-EU Safe Harbor and the U.S.-Swiss Safe Harbor Principles.   Where Continuity Logic has knowledge that an Agent is using or disclosing Personal Information in a manner contrary to this Policy, the U.S.-EU Safe Harbor, or the U.S.-Swiss Safe Harbor Principles, Continuity Logic will take reasonable steps to prevent or stop the use or disclosure.

Security

Continuity Logic takes reasonable steps to protect the Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction. Continuity Logic has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the Information from loss, misuse, unauthorized access or disclosure, alteration or destruction.

Data Integrity

Continuity Logic will use Personal Information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. Continuity Logic will take reasonable steps to ensure that Personal Information is relevant to its intended use, accurate, complete, and current.

Access

As a data processor, Continuity Logic has no direct relationship with the individuals whose Personal Information it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to the data controller client of Continuity Logic which has transferred such data to Continuity Logic for processing.  Continuity Logic requires its data controller clients to agree to provide individuals reasonable access to their Personal Information and to correct, amend or delete Personal Information that is demonstrated to be incomplete or inaccurate, in accordance with applicable data protection laws.

Enforcement

Continuity Logic uses a self-assessment approach to assure compliance with this Policy and periodically verifies that this Policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible and in conformity with the U.S.-EU Safe Harbor and U.S.-Swiss Safe Harbor Principles.   Any employee that Continuity Logic determines is in violation of this Policy will be subject to disciplinary action up to and including termination of employment.  We encourage interested persons to raise any concerns using the contact information provided below and we will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of Personal Information in accordance with the U.S.-EU Safe Harbor and/or U.S.-Swiss Safe Harbor Principles.  If a complaint or dispute cannot be resolved through our internal process, we have agreed to cooperate and to participate in the dispute resolution procedures with the data protection authorities located in the EU or their authorized representative (for Personal Information received from the EEA) or with the Swiss FDPIC (for Personal Information received from Switzerland).

LIMITATION ON APPLICATION OF PRIVACY PRINCIPLES

Adherence by Continuity Logic to these privacy principles may be limited to the extent necessary to respond to a legal or ethical obligation or to meet national security, public interest or law enforcement obligations.

CONTACT INFORMATION

Questions or comments regarding this Policy should be submitted to Continuity Logic as follows:

Continuity Logic LLC
Attn: EU Safe Harbor Compliance
55 Lane Road
Fairfield, NJ 07004
Email – peter.christensen@continuitylogic.com

CHANGES TO THIS POLICY

Continuity Logic may update or amend this Policy from time to time, consistent with the requirements of the U.S.-EU Safe Harbor and U.S.-Swiss Safe Harbor Principles.  A notice will be posted on the Continuity Logic’s web site (www. continuitylogic.com) for 30 days whenever this Policy is updated or amended.  Policy updates shall be effective the date the change is first posted on the web site.