Effective date
This notice was updated on November 15, 2023.
Griffin Systems Solutions Privacy Policy
Griffin Systems Solutions, LLC in the United States (“GSS”) has created this Privacy Policy to help you learn how we comply with the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework, as set forth by the U.S. Department of Commerce, regarding the collection, use and retention of Personal Information that is collected by our customers located in the European Economic Area (the “EEA”) and Switzerland and transferred to GSS in the U.S.
GSS has subscribed to the Privacy Shield program, which covers both the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, and, therefore, GSS has certified that it adheres to the EU-U.S. Privacy Shield Principles and the Swiss-U.S. Privacy Shield Principles, both of which include Supplemental Principles (collectively, the “EU-U.S. and Swiss-U.S. Privacy Shield Principles”) for Personal Information covered by the Policy. More information about the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield, including the list of certified organizations, can be found at https://www.privacyshield.gov. This Policy applies to GSS. If there is any conflict between the terms in this Policy and the EU-U.S. and Swiss-U.S. Privacy Shield Principles, the EU-U.S. and Swiss-U.S. Privacy Shield Principles will govern.
GSS is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
Personal Information that is transferred to GSS from the EEA and Switzerland falls into two categories: 1) Personal Information regarding personnel from GSS’ customers in the EEA and Switzerland, such as name and email address; and 2) Personal Information from customers’ end users in the EEA and Switzerland that GSS processes on behalf of its customers, such as end user name, email address, and site use information. In the case of the latter category, GSS acts as a data processor and processes such information only under the instructions of its customers. This information is controlled by GSS’s customers in the EEA and Switzerland.
Because the requirements of the Data Privacy Framework vary depending on whether GSS is acting as a processor on behalf of its customers or as a data controller, GSS policies and practices are described below.
GSS Acting As A Data Processor on Behalf of its Customers
When GSS acts as a processor on behalf of its customers, the following policies apply to all data processing operations concerning Personal Information that has been transferred from the EEA and Switzerland to the United States.
Use of Personal Information
GSS will process the Personal Information only for the purposes requested by the customer.
Access and Correction
GSS will assist the controller (the customer) in responding to individuals exercising their rights under the Principles.
Agents and Service Providers
GSS will not transfer Personal Information to third parties except where permitted or required by the customer and then in accordance with the EU-U.S. and Swiss-U.S. Data Privacy Framework.
Notice & Choice
Because the Personal Information is under the control of GSS’s customers, appropriate notice and choice to the individual are provided by GSS’s customers. As the data processor, GSS typically does not have a direct relationship with the customers’ end users.
GSS Acting As A Data Controller
GSS may receive Personal Information from customers in the EEA and Switzerland regarding their employees.
Use of Personal Information
Any Personal Information sent to us may be used by GSS and its agents for the following purposes: communications, analytics, and customized client reports. If we intend to use your information for a purpose that is materially different from these purposes or if we intend to disclose it to a third party (a non-agent) not previously identified, we will notify you and offer you the opportunity to opt-out of such uses and/or disclosures where it involves non-sensitive information or opt-in where sensitive information is involved.
Use of your data is at your choice. You may opt out of any future use of your data from us at any time. You can do the following at any time by contacting us via the email address provided in this policy:
• See what data we have about you, if any.
• Change/correct any data we have about you.
• Have us delete any data we have about you.
• Express any concern you have about our use of your data.
Disclosures to Affiliates and Third Parties
We do not disclose your personal information to any third parties.
Disclosures to Agents and Service Providers
We sometimes contract with other companies and individuals to perform functions or services on our behalf such as website hosting, data analysis, information technology and related infrastructure design, auditing and other services. They may have access to Personal Information needed to perform their functions but are restricted from using the Personal Information for purposes other than providing services for us or to us. GSS requires that its agents and service providers that have access to Personal Information received from the EEA and Switzerland provide the same level of protection as required by the EU-U.S. and Swiss-U.S. Privacy Shield Principles.
We are responsible for ensuring that our agents, service providers and other third parties to whom we disclose your Personal Information process the information in a manner consistent with our obligations under the EU-U.S. and Swiss-U.S. Privacy Shield Principles.
Data Security
We use reasonable physical, electronic, and administrative safeguards to protect your Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the nature of the Personal Information and the risks involved in the processing that information.
Data Integrity and Purpose Limitation
We limit the collection and use of Personal Information to the information that is relevant for the purposes of processing and will not process Personal Information in a way that is incompatible with the purposes for which the information has been collected or subsequently authorized by you. We take reasonable steps to ensure the personal information is reliable for its intended use, accurate, complete, and current to the extent necessary for the purposes for which we use the Personal Information.
Access to Personal Data
You can ask to access, review and correct Personal Information that we maintain about you by sending a written request to: mferrara@drivingperformance360.com.
Enforcement and Dispute Resolution
If you have any questions or concerns, please write to us at the address listed below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information in accordance with the EU-U.S. and Swiss-U.S. Privacy Shield Principles.
If an individual has an unresolved complaint or concern that is not addressed satisfactorily, that individual may contact our U.S. based third party dispute resolution provider (free of charge), the International Centre for Dispute Resolution/American Arbitration Association (“ICDR/AAA”). Please contact or visit ICDR/AAA for more information or to file a complaint. You may have the option to select binding arbitration under the Privacy Shield Panel for the resolution of your complaint under certain circumstances. For further information, please see the Privacy Shield website. To learn more about the Data Privacy Framework, and to view GSS’s certification, please visit https://www.dataprivacyframework.gov/.
Disclosures Required By Law
We may need to disclose Personal Information in response to lawful requests by public authorities for law enforcement or national security reasons or when such action is necessary to comply with a judicial proceeding or court order, or when otherwise required by law.
Contact Information
If you have any questions regarding this Data Privacy Framework Policy please contact us by email at mferrara@drivingperformance360.com, or please write to the following address:
Griffin Systems Solutions
59 Van Zandt Drive, Hillsborough, NJ 08844
Privacy Policy Changes
This policy may be changed from time to time, consistent with the requirements of the Privacy Shield program. You can determine when this Policy was last revised by referring to the “LAST UPDATED” legend at the top of this page. Any changes to our Policy will become effective upon our posting of the revised Policy on the Site.