Data Privacy Framework Statement

BlueMatrix I LLC and BlueMatrix Research LTD (collectively "Blue Matrix”, "we," "us," or "our") adhere to the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) published by the U.S. Department of Commerce (“Principles”, “Data Privacy Framework” or “Data Privacy Framework Program”).

This Data Privacy Framework Statement (the “Statement”) outlines our general policy and practices for implementing the Data Privacy Framework Program, including the types of European Personal Data BlueMatrix gathers, how we use it, and the choices affected individuals have regarding our use of, and their ability to correct, the European Personal Data relating to them. If there is any conflict between this statement and the Principles, the Principles will govern. To learn more about the Data Privacy Framework Programs, and to view our certification, please visit: https://www.dataprivacyframework.gov

This Statement applies to “European Personal Data” that we handle. For purposes of this statement, "European Personal Data" means information that:

• Is transferred from the European Economic Area (EEA) and Switzerland to the United States in reliance on the Data Privacy Framework Program;
• Is about, or pertains to, a specific individual; and
• Can be linked either directly or indirectly to that individual.

Principles protecting individuals’ privacy notice and choice

With respect to European Personal Data, we comply with the following principles concerning individuals’ privacy notice and choice:

• We notify individuals about the European Personal Data we collect from them, how we use it and how to contact us with privacy concerns.
• We provide such notice through this Statement, our web site privacy policy or other similar documents, and direct communication with individuals from whom we collect European Personal Data.
• We collect and process European Personal Data about our customers for the purpose of providing our services to them.
• We collect European Personal Data from individuals only as permitted by the Data Privacy Framework Program.
• Consent for European Personal Data to be collected, used, and/or disclosed in certain ways (including opt-in consent for sensitive data) may be required in order for an individual to obtain or use our services. Such consent is provided through our web site privacy policy, our product installation agreements, and our other agreements with clients.

Disclosures and transfers

We do not disclose an individual's European Personal Data to third parties, except when one or more of the following conditions is true:

• We have the individual's permission to make the disclosure.
• The disclosure is required by lawful request by public authorities, including to meet national security or law enforcement requirements. Blue Matrix is also subject to the investigatory and enforcement powers of the Federal Trade Commission.
• The disclosure is required by law or mandatory professional standards. The disclosure is reasonably related to the sale or other disposition of all or part of our business.
• The information in question is publicly available.
• The disclosure is reasonably necessary for the establishment of legal claims.
• The disclosure is to another BlueMatrix entity or to persons or entities providing services on our or the individual's behalf (each a "transferee"), consistent with the purpose for which the information was obtained, if the transferee, with respect to the information in question, is subject to law providing an adequate level of privacy protection or has agreed to provide an adequate level of privacy protection. We will contract with these third parties to specify that if either the party ceases to provide the same level or protection or use the data for purposes consistent with the consent, the third party will cease processing or take other reasonable and appropriate steps to remediate

We may transfer European Personal Data from one jurisdiction to another. Privacy laws vary by jurisdiction, and some may provide less or different legal protection than others. However, we will protect European Personal Data in accordance with the Data Privacy Framework Program regardless of the jurisdiction in which the data resides. BlueMatrix remains responsible and liable under the Principles if third-party agents that it engages to process European Personal Data on its behalf do so in a manner inconsistent with the Principles, unless BlueMatrix proves that it is not responsible for the event giving rise to the damage.

Data, security, integrity, and access

BlueMatrix prohibits unauthorized use of European Personal Data and will implement reasonable measures to protect the personal data from unauthorized access, including regular updates to address evolving security risks, industry standard password controls, encrypting of limiting access to uploaded files that contain European Personal Data, and preventing cross-application access to European Personal Data. We employ various physical, electronic, and managerial measures, including education and training of our personnel, designed to reasonably protect personal information from loss, misuse or unauthorized access, disclosure, alteration or destruction. European Personal Data collected or displayed through a website is protected in transit by standard encryption processes. However, we cannot guarantee the security of information on or transmitted via the Internet.

We process European Personal Data only for the limited and specific purpose for which it was originally collected or authorized by the individual. To the extent necessary for such purposes, we take reasonable steps so that European Personal Data is accurate, complete, current, and otherwise reliable with regard to its intended use.

An individual has the right to access European Personal Data that BlueMatrix holds about them as specified by the Data Privacy Framework Program. An individual may contact us using the information below to correct, amend, or delete information where it is inaccurate or has been processed in violation of the principles. The individual should contact BlueMatrix via email at privacy@bluematrix.com to initiate a request. The individual will need to provide sufficient identifying information, and we may charge a reasonable fee, where warranted, for access to personal information.

EU individuals and Swiss individuals have rights to access personal data about them, to limit, or to opt-out from the usage of their personal data. With our Data Privacy Framework self-certification, BlueMatrix has committed to respect those rights. BlueMatrix personnel have limited ability to access data our customers submit to our services, if you wish to request access, to limit or opt-out from data usage, or to limit disclosure, please provide the name of the BlueMatrix customer who submitted your data to our services. We will refer your request to that customer, and will support them as needed in responding to your request

Accountability and enforcement

We have established a program to monitor our adherence to the Data Privacy Framework Program and to address questions and concerns regarding our adherence. This program will include a statement, at least once a year, signed by an authorized representative of BlueMatrix, verifying that this statement is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented, and accessible. We encourage interested persons to raise any concerns with us using the contact information below.

Individuals may file a complaint with our [US Privacy office] in connection with Blue Matrix’s processing of their European Personal Data under the Data Privacy Framework Program. Under the Data Privacy Framework, BlueMatrix must respond to individual complaints within 45 days. BlueMatrix has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Data Privacy Framework complaints concerning European Personal Data transferred from the EU and Switzerland.

Under the Data Privacy Framework, individuals have the right, under certain conditions, to invoke binding arbitration for complaints regarding Data Privacy Framework compliance not resolved by any of the other Data Privacy Framework mechanisms. For additional information, visit: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf

BlueMatrix is also subject to the investigatory and enforcement powers of the Federal Trade Commission.

Personnel who violate this Statement will be subject to disciplinary process.

Amendment

We may amend this policy from time to time by posting a revised policy on this website, or a similar website that replaces this site. If we amend the policy, the new policy will apply to European Personal Data previously collected only insofar as the rights of the individual affected are not reduced. So long as we adhere to the Data Privacy Framework Program, we will not amend our policy in a manner inconsistent with the Data Privacy Framework Program.

We are committed to following the Principles for all European Personal Data within the scope of the Data Privacy Framework Program. However, certain information is subject to policies of the firm that may differ in some respects from the general policies set forth in this statement.

Information obtained from or relating to clients or former clients is further subject to the terms of any privacy notice to the client, any engagement letter or other similar letters or agreements with the client, and applicable laws and professional standards.

Contact information
privacy@bluematrix.com

For further information or to file a complaint, please contact us.
privacy@bluematrix.com