Projector PSA Data Privacy Framework Statement

Introduction

Projector PSA complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.   Projector PSA has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  Projector PSA  has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Data Categories

We receive mostly business-related information from the EU, UK, and Switzerland, including contact information of individual representatives of the businesses with whom we are dealing, including, without limitation, names, addresses, work phone numbers, work email addresses, etc. of EU, UK, and Swiss Persons (“EU, UK, and Swiss Data”). In addition, our customers use our hosted technology platform to store and process EU, UK, and Swiss Data at their own discretion. Since EU and Swiss Data covered by this Notice is by definition sent to us by another company in the EU, UK, or Switzerland (i.e., a customer of Projector PSA, Inc.), the categories of data sent and the purposes of processing often depend on such other company, with whom the EU, UK and Swiss Persons typically have a closer employment or business relationship (and which, therefore, can provide additional information on categories of data shared with us). EU, UK, and Swiss Persons may make a request directly to that EU, UK, or Swiss customer company of Projector PSA, Inc. to limit the collection or use of EU, UK, and Swiss Data, which is at the discretion of that EU, UK, or Swiss company depending on their business practices, and is not controlled by Projector PSA.

Purposes

We collect and use EU, UK, and Swiss Data for purposes of providing products and services to our customers, communicating with corporate business partners about business matters, processing EU, UK, and Swiss Data on behalf of corporate customers, providing information on our services, and conducting related tasks for legitimate business purposes. Your personal information will not be disclosed by us to a third party or used for a purpose that is incompatible with the purpose(s) for which it was originally collected or subsequently authorized.

Disclosure

We share EU, UK, and Swiss Data with our third-party service providers and contractors, who process EU, UK, and Swiss Data on behalf of Projector PSA, and are an important means by which Projector PSA provides its services. We also share EU, UK, and Swiss Data with other third parties for the purposes for which we receive the EU, UK, and Swiss Data (e.g., performance of contractual obligations and rights), and we may also disclose EU, UK, and Swiss Data where we are legally required to disclose (e.g., under statutes, contracts or otherwise) or the disclosure is permitted by law or the Data Privacy Framework Principles and we have a legitimate business interest in such disclosure. Projector PSA will take reasonable steps to ensure that these third-party service providers are obligated to protect personal Information on Projector PSA’s behalf.

With respect to marketing emails, EU, UK, and Swiss Persons may opt-out of receiving further email marketing communications from Projector PSA by contacting the Projector Administrator at the business that provided your EU, UK, or Swiss Data to us, or by following opt-out instructions that are contained in each marketing email.

Access and Review

If you are an EU, UK, or Swiss Person about whom we hold EU, UK, and Swiss Data, you have a right to request access to, and the opportunity to update, correct or delete, such EU, UK, and Swiss Data. To submit such requests or raise any other questions, please contact the business that provided your EU, UK, and Swiss Data to us. You can also contact us directly using the contact information below. We reserve the right to take appropriate steps to authenticate an applicant’s identity, and to assess potential impact to the privacy rights of other individuals or companies, in line with the Data Privacy Framework Principles.

Data Privacy Framework Contact

In compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), Projector PSA commits to resolve complaints about our collection or use of your personal information transferred to the U.S. pursuant to the EU-U.S. DPF, the UK extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. EU, UK, and Swiss individuals with inquiries or complaints should first contact Projector PSA at:

Chief Privacy Officer
Projector PSA, Inc.
98 N. Washington St.
Suite 410
Boston, Massachusetts 02114 USA
+1 617-431-4111
privacy@projectorpsa.com

Projector PSA has further committed to refer unresolved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf 

Projector PSA may potentially be liable in cases of onward transfer to third parties. If a third-party providing services on our behalf processes your Personal Data in a manner that violates Data Privacy Framework Principles, the third-party is liable for damages unless it is proven that Projector PSA is responsible for the event giving rise to the violation. Projector PSA’s Data Privacy Framework compliance is under the jurisdiction of the US Federal Trade Commission. 

Under certain limited conditions, individuals may invoke binding arbitration before the Data Privacy Framework Panel of the U.S. Department of Commerce and the European Commission.

Additionally, Projector PSA may be required to disclose personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.