Loren Data Corp.
Privacy Policy – GDPR
2019.07.25

Overview

We trust this Loren Data Corp. Privacy Statement will be satisfactory to address questions of Loren Data Corp. customers and other business relations, related to the new privacy regulations. Every company and organization that processes or stores personal related information has to comply with the General Data Protection Regulations (GDPR).

Loren Data Corp. (“we,” “us,” or “our”) complies with the requirements of the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce (the “Principles”).  Loren Data Corp. has certified that it adheres to the Principles with respect to personal information (as described below) that is transferred from the European Union and its Member States, the European Economic Area, the United Kingdom and/or Switzerland (“EU”) to the United States.  If there is any conflict between the terms in this Privacy Shield Policy and the Principles, the Principles shall govern. 

This Privacy Policy applies to the web sites, web pages, platforms, interactive features, downloads, applications, widgets, blogs, and social networks, and other online or wireless offerings that are owned or operated by Loren Data Corp. and that are available through the web site or that interact with the web site and post a link to this Privacy Policy, whether accessed via computer, mobile device or other technology (collectively, the “Sites”).  Our Privacy Shield Policy applies to personal information within the scope of Loren Data Corp.’s Privacy Shield certification, which covers the following categories of information:

  • Personal information regarding current, former and prospective partners, principals and employees for the purposes of operating and managing Loren Data Corp., performing human resource administration and maintaining contact with individuals.
  • Personal information regarding current, former and prospective clients and their personnel or others for the purposes of delivering Loren Data Corp.’s services, maintaining ongoing relationships and performing business development activities.
  • Personal information regarding our third parties (e.g., vendors, service providers, etc.) and their personnel for the purposes of managing and administering Loren Data Corp.’s business relationships with such third parties.
  • Additionally, Loren Data Corp. may, from time to time, collect personal information from the general public in order to answer inquiries or provide information requested.
  • Subject to a contract Loren Data Corp. has concluded with your company or organization for the delivery of EDI or Cloud Services or any other services, it is determined that Loren Data Corp. receives, stores, processes and/or transmits certain data on a regular basis for your company/organization, or for the trading partners of your company/organization.
  • Although it is not the case that the data at all times will include personal related data, in some cases such personal data can be included. For example, the name of the company/organization contact on an invoice or purchase order document processed via the Loren Data Corp. EDI or Cloud services or e-mail or IP addresses, etc. Consequently, Loren Data Corp. is considered a processor of personal data as defined in the new privacy regulations and (in most cases) your company/organization as the responsible party. In case your company/organization processes personal data for third parties, your company/organization will be considered as a processor and Loren Data Corp. as a sub-processor.

For the purposes of this Privacy Shield Policy, “personal information” means information that is about, or pertains to a specific individual and can be linked either directly or indirectly to that individual.  In addition, certain personal information covered by Loren Data Corp.’s Privacy Shield certification may be subject to more specific privacy policies of Loren Data Corp., which are also consistent with the requirements of the Principles, and in the case of any conflict between these policies and the Principles, the Principles will control.

For example:

  • Certain Loren Data Corp. Sites maintain their own privacy policies that apply to personal information collected via those websites. These policies may be accessed through those websites.
  • Personal information obtained from or relating to clients or former clients is further subject to the terms of any specific privacy notice provided to the client, any contractual arrangements with the client and applicable laws and professional standards.
  • Loren Data Corp. communicates with users who subscribe to the Loren Data Corp. services on a regular basis via email, and Loren Data Corp. may also communicate by phone to resolve customer complaints or investigate suspicious transactions. Loren Data Corp. may use your email address to confirm your opening of an account, to send you notice of payments, to send you information about changes to our services, and to send notices and other disclosures as required by law.

Individual Notice and Choice

We collect and process personal information from certain individuals and for the purposes described in this Privacy Shield Policy.  Personal information covered by this Privacy Shield Policy is collected and processed only as permitted by the Principles. 

Notice to individuals regarding the personal information collected from them and how that information is used may be provided through this Privacy Shield Policy, other Loren Data Corp. website notices, or other direct forms of communication with appropriate parties, such as contracts or agreements.  Where necessary and appropriate, consent for personal information to be collected, used, and/or transferred may also be obtained through these same means of communication (including opt-in consent for sensitive personal information).

Disclosures & Accountability for Onward Transfers

Consistent with the Principles, Loren Data Corp. may transfer personal information to third parties, including transfers from one country to another.  We will only disclose an individual’s non-public personal information to third parties under one or more of the following conditions:

  • The disclosure is to a third party providing services to Loren Data Corp., or to the individual, in connection with the operation of our business, and as consistent with the purpose for which the personal information was collected. We maintain written contracts with these third parties and require that these third parties provide at least the same level of privacy protection and security as required by the Privacy Shield Principles. To the extent provided by the Principles, Loren Data Corp. remains responsible and liable under the Privacy Shield Principles if a third-party that it engages to process personal information on its behalf does so in a manner inconsistent with the Privacy Shield Principles, unless Loren Data Corp. proves that it is not responsible for the matter giving rise to the damage;
  • With the individual’s permission to make the disclosure;
  • Where required to the extent necessary to meet a legal obligation to which Loren Data Corp. is subject, including a lawful request by public authorities and national security or law enforcement obligations and applicable law, rule, order, or regulation.
  • Where reasonably necessary for compliance or regulatory purposes, or for the establishment of legal claims.

Access

Individuals whose personal information is covered by this Privacy Shield Policy have the right to access the personal information that Loren Data Corp. maintains about them as specified in the Principles. Individuals may contact us to correct, amend or delete such personal information if it is inaccurate or has been processed in violation of the Principles (except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to the individual’s privacy, or where the rights of persons other than the individual would be violated). Requests for access, correction, amendment or deletion should be sent to .

Security

Loren Data Corp. takes appropriate measures to protect personal information in its possession to ensure a level of security appropriate to the risk of loss, misuse, unauthorized access, disclosure, alteration, and destruction.  These measures take into account the nature of the personal information and the risks involved in its processing, as well as best practices in the industry for security and data protection.

Data Integrity and Purpose Limitation

Loren Data Corp. collects and processes personal information only to the extent that it is compatible with the purposes for which it was collected or subsequently authorized by the data subject.  Loren Data Corp. does not retain personal information after it no longer serves the purposes for which it was collected or subsequently authorized.  Loren Data Corp. takes reasonable steps to ensure that personal information is accurate, complete, current, and reliable for its intended use.

Enforcement

In compliance with the Principles, Loren Data Corp. commits to resolve complaints about our collection or use of your personal information.  Individuals with inquiries or complaints regarding our Privacy Shield Policy should first contact Loren Data Corp. at . Loren Data Corp. has a policy of responding to individuals within thirty (30) days of an inquiry or complaint.  If an individual has an unresolved complaint or concern that is not addressed satisfactorily, that individual may contact our U.S. based third party dispute resolution provider (free of charge), the International Centre for Dispute Resolution/American Arbitration Association (“ICDR/AAA”).  Please contact or visit ICDR/AAA for more information or to file a complaint.  If the dispute involved human resources personal information, or information collected in the context of an employment relationship, we will cooperate with the competent EU or Swiss data protection authorities and comply with the advice of such authorities. 

You may have the option to select binding arbitration under the Privacy Shield Panel for the resolution of your complaint under certain circumstances.  For further information, please see the Privacy Shield website. To learn more about the Privacy Shield Framework, and to view Loren Data Corp.’s certification, please visit https://www.privacyshield.gov.

Modifications

Loren Data Corp. may update this Policy at any time by publishing an updated version here. We will not update this Privacy Shield Policy in contravention to the Principles so long as we remain certified to the Privacy Shield.