Global Alert Link Privacy Policy
FINAL
Effective Date: 2/15/11
[Statement recognizing the Safe Harbor Policy and GAL’s choice to become certified]
Global AlertLink (GAL) is an active adherent to the U.S.-European Union (EU) Safe Harbor Policy. This policy was a response to the European Commission’s Directive on Data Protection, effective October 1998, which restricted the flow of data from EU countries to countries that do not meet EU requirements on privacy protection. The U.S. Department of Commerce has since set up the Safe Harbor Policy to facilitate the flow of information between the EU and U.S. organizations deemed compliant with such privacy principles. GAL has made the necessary efforts to bring its privacy policy in line with the requisite framework and principles as outlined by the Safe Harbor program.
[Overview of Privacy Principles]
GAL recognizes and respects each individual’s right to privacy. In handling data the company will conform to best practices and industry norms. In so doing it recognizes the seven principles of data handling outlined by the Safe Harbor Policy: Notice, Choice, Onward Transfer, Access, Security, Data Integrity, and Enforcement.
[GAL’s use of data or Notice]
As a crisis planning and management provider, GAL works with personnel data from its customer organizations. GAL systems store personnel information for use in emergency situations or during crisis events. All personnel information is either 1) provided by secured automated feeds from customer organizations or 2) provided by customers’ employees through self subscription. GAL Customers are soley responsible for obtaining permission from each individual for applicable use of their personnel information. These data uses are necessary and vital to perform approved tasks for client organizations. No unnecessary or sensitive data is requested by GAL to carry out the aforementioned services.
[Choice]
[Describe how an individual may opt out of data collection.]
Individuals within organizations receiving GAL services may choose to opt out of having their personal data collected and/or stored by GAL. To opt out please send an email to support@globalalertlink.com or call 1-877-291-1646. GAL will make reasonable efforts to remedy situation with customer organization from which personal information was obtained.
[Lay out situations in which GAL may collect sensitive information, if at all.]
In situations where it is in the immediate interest of the individual, GAL may process/hold sensitive information. All such information will only come at the discretion of the customer organization. Under such situations as medical emergencies it may be necessary for GAL to store sensitive personal data in order to effectively assist in crisis management services. This data is anonymized and falls under the jurisdiction of the Health Insurance Portability and Accountability Act (HIPAA) with which GAL complies.
[Onward Transfer]
[Give conditions under which GAL would pass data to a third party.]
GAL will not pass personal data to a third party without the consent of the organization from which the data originated. It will also verify that any such third party adheres to the Safe Harbor Privacy Principles or agrees to a contract of privacy protection in line with such principles.
[Access]
[Detail how an individual could access personal information on him/her held by GAL]
To request personal information held by GAL please contact us by sending an email to support@globalalertlink.com or by calling 1-877-291-1646. GAL recognizes individuals have the right to check their personal data and make corrections or amendments when necessary. Appropriate identification will be required of any individual before GAL can offer access. Individuals of which personal information was obtained from a GAL customer organization may be required to work with employer organization to obtain permission for access or GAL may be required to obtain permission from GAL customer to release such information.
[Security]
[Outline how GAL protects personal data]
GAL takes reasonable precautions, including administrative, technical, personnel and physical measures, to safeguard Personal Information against loss, misuse, unauthorized access, disclosure, alteration, destruction and theft.
[Data Integrity]
[Confirm that GAL uses data only for appropriate purposes and that it keeps data accurate and up to date.]
In line with its mission to assist organizations in crisis management and communications GAL only uses data vital to these core competencies. This data mainly consists of contact information and vital communications. GAL is always available to update personal data from a participating organization. It is of vital interest to GAL in performing crisis management solutions that correct contact information is implemented. Thus, GAL is vigilant in confirming data accuracy at regular intervals.
[Enforcement]
[Detail how individuals can submit complaints to an independent arm of the company or relevant third party. Then, outline how the process for complaint resolution will proceed. Provide timelines if possible. Remark on how GAL is subject to compliance with EU data protection authorities because it handles employee data. Remark on continuing process of verifying company compliance. Give list of remedies for any mishandling of data if possible. State that the company self-certifies annually to maintain Self Harbor status.]
GAL takes complaints regarding its privacy policy extremely seriously. If you have a complaint, please contact us by email at support@globalalertlink.com. A policy representative will examine your complaint and promptly decide on the best course of action. You will receive a notice of the corrective action within 2 weeks. If you are dissatisfied with the action taken by our policy representative, please contact the Federal Trade Commission (FTC) and submit a complaint using their Complaint Assistant site or call 1-877-382-4357. GAL is under the jurisdiction of the FTC and will abide by its enforcement.
Since GAL handles personnel data from EU organizations it is also subject to compliance with a board of EU Data Protection Authorities (DPAs). GAL pays an annual fee to a DPA panel to cover the panel’s operating costs and agrees to abide by its decisions as provided. Failure to recognize DPA decisions will put GAL under Section 5 of the FTC Act, which regulates deceptive practices by U.S. organizations.
GAL conducts regular compliance inspections to make sure it is operating in line with Safe Harbor Privacy Principles. An officer has been dedicated with the responsibility of handling compliance with these principles. GAL intends to self-certify annually with the Department of Commerce to maintain its Safe Harbor status.
For more information and to view this policy online, please visit www.globalalertlink.com.
END.