Expedient is a participant in the U.S. Department of Commerce’s EU-US Data Privacy Framework Principles program, the UK Extension to the EU-US Data Privacy Framework Principles, and the Swiss-US Data Privacy Framework Principles (together, the “Data Privacy Frameworks”) and has certified that it adheres to the Data Privacy Frameworks. For more information about the Data Privacy Frameworks, visit the Department of Commerce’s Data Privacy Framework Principles website at https://www.dataprivacyframework.gov/s/program-overview.
Expedient is subject to the jurisdiction of the Federal Trade Commission.
Before storing any Personal Data from its clients at its Data Centers, Expedient will ask those clients to acknowledge and agree that they have complied with the Data Privacy Frameworks of transparency, legitimate purpose and proportionality. Expedient will cooperate with each client to ensure compliance with the Data Privacy Framework Principles. Expedient does not have any control over the uses its clients may make of the Personal Data disclosed to them and stored by Expedient.
Under the Data Privacy Framework Principles, any complaints that remain unresolved by Expedient will be referred to JAMS, an independent alternative dispute resolution organization located in the United States. Individuals whose complaints have not been satisfactorily addressed by Expedient can visit JAMS’ website at https://www.jamsadr.com/dpf-dispute-resolution for details on how to file a complaint. This recourse mechanism is free of charge to individuals. As a last resort, complaints that remain unresolved after pursuing these recourse mechanisms may be subject to binding arbitration. For more details about binding arbitration, contact Expedient at Privacy.Framework@expedient.com.
Expedient’s employees do not have access to Personal Data stored at Data Centers owned by Expedient, except incidental access if Client requests technical assistance based on the services purchased from Expedient. Expedient will comply with a request to provide access to its Data Centers that store information systems hosting Personal Data only in response to lawful requests by public authorities, including meeting national security or law enforcement requirements, in accordance with the Data Privacy Framework Principles.
Expedient works hard to protect Personal Data stored on information systems hosted at its Data Centers from unauthorized access, unauthorized alteration, disclosure or destruction. Expedient has strict policies regarding access to its Data Centers, has developed administrative, technical and organizational controls to protect Personal Data, and undertakes annual reviews of its security policies.
Expedient does not transfer Personal Data stored in information systems at its Data Centers unless it is directed to do so by its client. Each client is responsible for complying with the Accountability for Onward Transfer requirements for any transfer of Personal Data initiated by such client. If Expedient transfers Personal Data to a third party acting as an agent, Expedient will make sure that the third party subscribes to the Data Privacy Frameworks or can present evidence that such third party has otherwise complied with the requirements for permitted transfer under the EU’s General Data Protection Regulation.
If there is any conflict between the terms in this Policy and the Data Privacy Frameworks, the Data Privacy Frameworks shall govern. Expedient may amend this Policy from time to time by posting a revised Policy, which is located at https://www.expedient.com/services/managed-services/compliance-security/privacy-framework/. Expedient will amend this Policy in a manner consistent with the requirements of the Data Privacy Frameworks.
Attn: Privacy Shield Compliance Officer
Nova Tower 1
One Allegheny Square, STE 600
Pittsburgh, PA 15212