Privacy Shield Policy
Last updated: January 11, 2019
Resilinc Corporation (“Resilinc”) has adopted this Privacy Shield Policy (“Policy”) to establish and maintain an adequate level of protection for the processing of Personal Data that Resilinc obtains from Customers located in the European Union.
Resilinc complies with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom and Switzerland to the United States in reliance on Privacy Shield.
Resilinc has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such information.
All Resilinc employees, whether permanent, temporary, part-time, or contract, who handle Personal Data from Europe Union (EU) and Switzerland (Swiss) are required to comply with the Principles stated in this Policy.
This Policy applies to the processing of Individual Customer Personal Data that Resilinc receives in the United States concerning Individual Customers who reside in the EU and Swiss. Adherence by Resilinc to this policy may be limited to the extent required to meet legal, governmental, or national security obligations, including requirements to cooperate with law enforcement.
Resilinc has designated the Vice President, Operations to oversee its compliance with the EU Privacy Shield and Swiss Privacy Shield Program and shall review and approve any material changes to this program as necessary and oversee the overall enforcement of the policies and practices under Privacy Shield Program. Any questions, concerns, or comments regarding this Policy also may be directed to [email protected].
Resilinc has designated Compliance Manager for self-attestation audits and follow-ups on Privacy Shield Program at Resilinc.
Resilinc has a designated person who shall interface with USA authorities for Privacy Shield registration and other matters.
VP – Operations at Resilinc India shall oversee that all personal data processed / handled at Resilinc India follows the practices as defined in this policy.
Resilinc will renew its EU Privacy Shield and Swiss Privacy Shield certifications annually, unless it subsequently determines that it no longer needs such certification.
Prior to the re-certification, Resilinc will conduct an in-house verification to ensure that its attestations and assertions with regard to its treatment of Individual Customer Personal Data are accurate and that the company has appropriately implemented these practices.
Specifically, as part of the verification process, Resilinc will undertake the following:
- Review this Privacy Shield policy and its publicly posted website to ensure that these policies accurately describe the practices regarding the collection of Individual Customer Personal Data
- Ensure that this Policy continues to comply with the Privacy Shield principles
- Confirm that Individual Customers are made aware of the process for addressing complaints and any independent dispute resolution process (Resilinc may do so through its publicly posted website, Individual Customer contract, or other means)
- Review its processes and procedures for training Employees about Resilinc’s participation in the Privacy Shield and the appropriate handling of Individual’s Personal Data
- Resilinc will prepare an internal self-assessment audit statement on an annual basis
Resilinc collects Personal Data from Customer when they complete the Surveys, register with Resilinc Website, communicate with us or alternate contact provided by user to collect relevant information.
As a general matter, Resilinc collects the following types of Personal Data from its Customer: contact information, including, name, email ID, phone number, office address and designation in the organization.
Also while Customer visits Resilinc website for any form-fill event, Resilinc collects personal data such as name, title, company, phone, state, country (never street address).
Resilinc collect information that your browser sends whenever you visit our Site (“Log Data”). This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, and pages of Resilinc Site that they visit, the time and date of the visit, the time spent on those pages, cookies and other statistics. In addition, we may use third party services that assist in information gathering.
Resilinc uses Personal Data that it collects directly from its Individual Customers and for its suppliers indirectly in its role as a service provider for the following business purposes, without limitation:
- Establishing the business deal by contacting relevant customers;
- Maintaining and supporting its products, delivering and providing the requested products/services;
- Storing and processing data, including Personal Data, in computer databases and servers located in the United States;
- For other business-related purposes permitted or required under applicable local law and regulation;
- Email is sent to suppliers to collect the information requested by Customer; Customers will receive emails on updates or events;
- Prospective customers will receive regular communication on proposals and update on the requirements;
Google Play and Apple IOS privacy policies –
Resilinc use below set of permissions for personal data in Android and IOS App for the users using mobile app.
Accounts – Resilinc use this permission to store user account details in account manager. This information is store securely on device with OS level data security.
Read Phone State – Resilinc use this permission to uniquely identify user device and link their devices to their accounts.
Call – Resilinc use this permission for allowing users to make call to partner and sites.
Resilinc offers individuals the opportunity to choose (OPT OUT) whether their personal information is to be disclosed to a third party or to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individuals.
Resilinc may provide Personal Data to Third Parties that act as vendors, consultants, and contractors to perform tasks on behalf of and under our instructions like storage of data. For example, Resilinc may store such Personal Data in the facilities /cloud environment operated by Third Parties.
Resilinc India is used for data processing and data storage, these platforms are used for the communication with the interested parties, secured FTP – for data transfer and Backup storage. Local Laptop is backed up in Carbonite.
Such Third Parties (e.g. independent FTP service provider, cloud service provider(s) etc.) must agree to use such Personal Data only for the purposes for which they have been engaged by Resilinc and they must either comply with the Privacy Shield principles or another mechanism permitted by the applicable EU data protection law(s) for transfers and processing of Personal Data; or agree to provide adequate protections for the Personal Data that are no less protective than those set out in this Policy;
Resilinc also may disclose Personal Data for other purposes or to other Third Parties when a Data Subject has consented to or requested such disclosure. Please be aware that Resilinc may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. Resilinc is liable for appropriate onward transfers of personal data to third parties.
Personal Data is handled by Resilinc USA as well as Resilinc India. Resilinc India is 100% owned subsidiary of Resilinc Corporation. Resilinc India is handling data processing. Customers of Resilinc are aware that information is collected by Resilinc USA and processed by Resilinc India. All Personal Data is stored on cloud, India office handles the data. All data is backed up once in a month and stored on Secure FTP site and data team from Resilinc India takes the backup.
Resilinc does not collect Sensitive Data from its Individual Customers. There is no Human Resource data (personal data of employees of EU including sensitive data) transferred from Resilinc Europe to Resilinc USA.
Resilinc use the Personal Data only for the business purpose as mention in the section “COLLECTION AND USE OF PERSONAL DATA” and not for any other reasons. Resilinc takes reasonable efforts to maintain the accuracy and integrity of Personal Data and to update it as appropriate. Resilinc will retain such information no longer than appropriate to fulfill the purpose.
Resilinc shall implement physical and logical safeguards to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alternation, or destruction.
Resilinc has formal procedures for protection of Personal Data. For example, Personal Data is stored on the cloud with proper access control. Resilinc applies access restrictions, limiting the scope of personnel who have access to Individual Customer Personal Data. Access to Resilinc’s electronic information systems like servers and databases requires user authentication via password or similar means. Adequate antivirus/anti-malware shall be installed on all systems processing personal information.
Team members working from home and accessing personal data from their official laptops, shall access over secure means such as HTTPS enabled browser. All employees and vendors having access to personal data shall execute a signed non-disclosure/confidentiality agreement (NDA). Appropriate disciplinary action shall be taken by Resilinc wherever any employee or staff violates the practices as mentioned in the policy and the privacy procedures.
Resilinc India office at Pune has formal Information Security Policies and Procedures based on ISO 27001 standard and has implemented adequate physical and technical safeguards to provide the level of security as required by Privacy Shield.
Where Resilinc collects personal information directly from individuals in the EU and Swiss, it will inform them about the purposes for which it collects and uses personal information about them, the type of third parties to which Resilinc discloses that information, and the choices and means, if any, that Resilinc offers individuals for limiting the use and disclosure of personal information. Notice will be provided in clear language when individuals are first asked to provide personal information to Resilinc, or as soon as practical thereafter, and in any event before Resilinc uses the information for a purpose other than for which it was originally collected.
Resilinc notifies Individual Customers about its adherence to the EU-US Privacy Shield and Swiss US Privacy Shield through its publicly posted website Privacy Shield policy, available at: https://info.resilinc.com/privacy-shield-policy
Customers of Resilinc are aware that information is collected by Resilinc USA and processed by Resilinc India.
Resilinc personnel may access and use Personal Data only if they are authorized to do so and only for the purpose for which they are authorized. Individual Customers have the right to know what Personal Data about them is included in the databases and to ensure that such Personal Data is accurate and relevant for the purposes for which Resilinc collected it.
Individual Customers may review their own Personal Data stored in the databases and correct or erase any data that is incorrect, as permitted by applicable law and Resilinc policies.
Upon reasonable request and as required by the Privacy Shield principles, Resilinc allows Individual Customers access to their Personal Data, in order to correct or amend such data where inaccurate.
Partner Portal Users can modify the information from portal and or they can send the request to [email protected] and the request can be taken care by Resilinc USA or Resilinc India team. Existing Customer information will be communicated from customer to Resilinc through secured FTP and will be updated on Resilinc Solutions.
In making modifications to their Personal Data, Data Subjects must provide only truthful, complete, and accurate information. To request erasure of Personal Data, Individual Customers should submit a written request to [email protected]
Resilinc shall endeavor to respond in a timely manner to all reasonable written requests to view, modify, or delete Personal Data.
This Policy may be amended from time to time, consistent with the Privacy Shield Principles and applicable data protection and privacy laws and principles. We will make employees available of changes to this policy either by posting to our intranet, through email, or other means. We will notify Customers if we make changes that materially affect the way we handle Personal Data previously collected, and we will allow them to choose whether their Personal Data may be used in any materially different manner.
EU and Swiss Individual customers may contact Resilinc with questions or complaints concerning this Policy at the following address: [email protected]. Resilinc has defined the detailed complaint handling procedures for handling the complaints.
Resilinc relies on its Information Technology Resources (“Resources”), including its internal Internet connections and network (“Network”), and internal computer systems and programs (“Environment”) to support its business processes. To ensure that its Resources are used properly by its employees, independent contractors, agents, and other Users, Resilinc has implemented this Information Acceptable Use Policy (AUP).
- This Policy applies to all Users of Resilinc’s Resources, wherever they may be located. It is each User’s duty to use Resilinc’s Resources responsibly, professionally, ethically, and lawfully
- Each User is responsible for the security of the Information Technology Environment. A User should notify the Resilinc Management Representative / Resilinc IT team if he or she feels that security may have been compromised in any way. Users responsible for implementing new applications, services or hardware should coordinate activities with the Resilinc IT team to determine if the new application, service or hardware complies with the previously defined Resilinc security architecture
- Any violation of this Policy may lead to disciplinary action (up to and including termination of employment) and/or appropriate legal action. The Resilinc Management Representative or Administrator of the application may deny or revoke access privileges if there is a reasonable belief that a violation has occurred. Access privileges may be restored only after consultation between the Management Representative and Resilinc Management and/or Resilinc Senior Management personnel
- The policies stated in this AUP are intended as guidelines only for Resilinc Resource usage. The language should not be construed as creating a contract of employment, express or implied, between Resilinc and any Resilinc employee. Unless Resilinc employees have a written employment contract, either the employee or Resilinc may terminate the employment relationship at any time, for any reason, with or without cause. In addition, no provision of this AUP shall create an employer-employee relationship between Resilinc and any User who is not a Resilinc employee, such as an affiliate contractor, third party vendor, or other User of Resilinc Resources who is not a Resilinc employee
- Resilinc reserves the right to add, delete, or revise any provision of the AUP at any time, or any Information Security Policy without prior notice to Users
- Users shall adhere to Resilinc retention and destruction schedules for all electronic files, including e-mails, electronic documents and records, and other electronic files
3 No Expectation of Privacy
- No Expectation of Privacy: The Resilinc Resources and User accounts are issued to Users to assist them in the performance of their jobs and, therefore, remain the property of Resilinc. Users do not have an expectation of privacy in anything Users create, store, send, or receive on Resilinc Resources. Resources belong to Resilinc and are to be used solely for the purpose of Resilinc business, the User’s usual duties, and or other purposes authorized by management
- Waiver of Privacy Rights: Users expressly waive any right of privacy in anything Users create, store, send, or receive on Resilinc Resources. Users consent to allowing authorized Resilinc IT Services personnel to access and review all materials Users create, store, send, or receive on Resilinc Resources. Resilinc may, but is not obligated to, use human or automated means to monitor use of its Resources
- No Privacy in Communication: Users must never consider electronic communications to be either private or secure. E-mail could potentially be stored indefinitely on any number of Resilinc Resources as well as non-Resilinc resources. Copies of your message may be forwarded to others electronically or on paper. In addition, e-mail sent to non-existent or incorrect usernames may be delivered to the wrong person(s)
4 Prohibited Activity
- Unlawful Material: Material that constitutes harassment, discrimination, libel, pornography, a threat of violence, or is otherwise unlawful may not be sent by e-mail, electronic text messages or any other form of electronic communication (such as bulletin board systems, newsgroups, chat groups) or displayed on or stored in any Resilinc Resource. Users encountering or receiving this kind of material should immediately report the incident to the Management Representative / IT team
- Disclaimer of Liability for Internet Use: The Internet is a worldwide network of computers that contains millions of pages of information, some of which may contain offensive or inappropriate material. Resilinc has implemented Internet blocking software to restrict access to certain Internet sites that pose a risk to its Resources. In the event Users nonetheless encounter material on the Internet that poses a risk to Resilinc Resources, Users should immediately disconnect from the site and report the site to the Resilinc IT Help Desk. Resilinc is not responsible for material viewed by Users on the Internet. Users accessing the Internet do so at their own risk
- Prohibited Uses: Resilinc Resources may not be used for dissemination or storage of commercial or personal advertisements, solicitations, promotions, destructive programs (viruses), political material, or any other use prohibited by this Policy
- Waste of IT Resources: Users may not perform acts that waste Resilinc Resources or unfairly monopolize Resilinc Resources to the exclusion of other Users. These acts include, but are not limited to: sending non-business related mass distribution e-mails or chain letters; subscribing to non-business related mailing lists; spending excessive amounts of time on the Internet or on social networking sites; playing, streaming, or downloading non-business related computer games, music or video; or otherwise creating unnecessary network traffic
- Communication of Confidential Information: Unless expressly authorized by Resilinc Senior Management, sending, transmitting, or otherwise disseminating proprietary data, trade secrets or other confidential information is strictly prohibited. Always keep in mind that e-mail and the Internet are public methods of communication. When you send information via e-mail or make it available on the Internet, there is always a possibility that the information will be viewed by unauthorized individuals. This type of information is a valuable asset of the company and each of us must make sure that it is protected from unauthorized disclosure
- Altering Identity (Spoofing): Users may not alter the “From:” line or other attribution-of-origin or time-stamp information in e-mail, messages, or postings sent or received from Resilinc Resources. Anonymous or pseudonymous electronic communication is prohibited when using Resilinc Resources; Users must identify themselves honestly and accurately when sending e-mail
- Personal Use: Any use of Resilinc Resources not approved by Resilinc IT Management is prohibited. Resilinc management is aware that personal communications between Resilinc coworkers and external contacts does occur, as well as some limited personal use. Management expects Users to limit such communications and personal use to a minimum. Excessive or abusive volume of personal communications, activities of a personal nature that tie up resources or employees, or violate any other provision of this agreement are expressly prohibited. Users are reminded that there are no expectations of privacy when using Resilinc Systems
- Software and Copyright Violations: The distribution, retrieval, or reproduction of any material without the permission of the copyright holder is expressly prohibited. The import or installation of any software which has not been properly authorized and purchased by Resilinc IT management is expressly prohibited. No User may modify, revise, transform, adapt, disassemble, decompile, or otherwise alter any software licensed to Resilinc without prior written authorization from Resilinc
- No Forward Policy: Some information that is transmitted via electronic communications is intended for specific individuals, and therefore, should not be shared with others. Users should exercise caution when forwarding communications to other Resilinc Users. Resilinc information that is confidential in nature may not be forwarded to external parties without the expressed permission of senior management. Resilinc e-mail users are prohibited from modifying the settings of their e-mail account or otherwise causing e-mail received by them to be automatically forwarded to a non-Resilinc e-mail address
5 Logins and Passwords
- Login Accounts: A unique login account consisting of a User ID and password (see 17.5, point 2, 3, 4) is required for each User of the IT Environment. Users are responsible for all transactions made using his or her User ID. No User may access Resilinc Resources using another User’s account. All Users are expected to logoff the workstation when they are away from their work area for extended periods of time. All Users are required to logoff at the end of each day before they leave. Users may not disguise their identity while using any Resilinc Resource
- Responsibility for Passwords: Users are responsible for safeguarding their passwords for access to Resilinc Resources. Individual passwords should not be printed, stored online, shared or given to others. Users are prohibited from using or disclosing another User’s password
- Password Maintenance: Passwords should contain a minimum of eight characters in length. Passwords must include uppercase, lowercase and numerical characters. The use of special characters (e.g. “@”,”!”,”&”,”%”) if supported, is strongly suggested
- Passwords do not Imply Privacy: Use of passwords to gain access to Resilinc Resources does not imply that Users have an expectation of privacy in the material they create, store, send, or receive on Resilinc Resources. Resilinc has the right to access, inspect, read, and/or print without prior notice, all material stored on Resilinc Resources
- Disclosure of Information: All information accessed by Users of Resilinc systems is to be kept confidential, and only discussed or shared with another User who has been properly authorized to view the information as part of his or her job responsibilities. Information is stored with the expectation that it will only be used or accessed by authorized persons
- Physical Security: Users shall take all reasonable and prudent measures to physically secure all Resilinc Resources. Users shall not attempt to circumvent any system that secures Resilinc Resources or its components
- Accessing Other Computers and Networks: A User’s ability to connect to other computers or networks does not imply a right to connect to those systems or to make use of those systems unless specifically authorized by the operators of those systems. Users should not access or view any Resilinc information without having the proper authorization to do so
- Computer Security: Each User is responsible for ensuring that the use of external computers and networks, including the Internet generally, does not compromise the security of the Resilinc Environment. This duty includes preventing intruders from accessing the Resilinc Network without authorization and taking reasonable precautions to avoid the introduction and spread of viruses, malware and other harmful software
- Information Technology Security: Users shall not connect to the Resilinc Network by any means other than by those specifically allowed and defined by the Resilinc IT team. Personally owned computers or other equipment should not be connected to the Resilinc Network without prior approval of the Resilinc Management / IT team. Users shall not disable or otherwise alter Resilinc Resource functions (passwords, virus scan, distribution software, audit trails) implemented by Resilinc IT Services
- Monitoring: Resilinc’s IT team reserves the right to monitor its Resources, Environment, and Network. Monitoring includes, without limitation, reviewing Internet sites visited, reviewing material downloaded/uploaded by Users to/from the Internet, and reviewing e-mail sent from and received by Users in their Resilinc e-mail account. This may be done at any time and without prior notice to Users
- Circumventing Established Security: Users may not attempt to circumvent Resilinc’s data protection measures or attempt to uncover security loopholes. Users may not gain or attempt to gain unauthorized access to restricted areas or files on Resilinc Resources. Users should not tamper with any hardware or software protections or restrictions placed by Resilinc on its computers, computer applications, files, directories, or other electronic equipment or information
- Encryption: Users sending e-mail containing confidential information, such as business plans or budgets, to non- Resilinc e-mail addresses must encrypt the e-mail message
- Sending E-mail to Verified Addresses: Users must verify that the e-mail address to which they are sending Resilinc information is correct
- Virus Detection: Viruses can cause substantial damage to computer systems. Each User is responsible for taking reasonable precautions to ensure that he or she does not introduce viruses into the Resilinc Environment. To that end, Users should not disable virus protection software installed on Resilinc Resources. Users should comply with virus software update announcements as required, and report suspected virus activity to the Resilinc IT Help Desk as soon as possible
- Voicemail Setup: Once training is attended, each User should record an internal and external greeting in accordance with the guidelines presented in training. Users should also change the voicemail password from the system default
- Voicemail Usage: Users should be cautious when including confidential information in voicemail messages, either internally or externally. Users should take care not to play voicemail over speakerphones where other employees might overhear confidential information
9 Intellectual Property Rights
Any information developed or compiled by the User—including documents such as writings, diagrams, spreadsheets, and databases, regardless of form—and any invention, discovery, development, modification, system, program, or design that results from the use of Resilinc Environment by the User, shall be the exclusive property of Resilinc.
10 Malicious Destruction of Resilinc Software/Hardware
Resilinc has made considerable investments in software and hardware to provide the computing environment needed by its employees. Users shall not maliciously destroy or otherwise damage/delete any software licensed to or owned by, or any hardware owned, leased, or otherwise in the possession of Resilinc. Any such damage or destruction shall subject the User to disciplinary action under this Policy. In addition, Resilinc reserves the right to seek compensation through legal action, if appropriate, for any damages caused by the User.
11 Attorney-client Communications
E-mail sent to or from in-house counsel or an attorney representing Resilinc should include this warning: “ATTORNEY-CLIENT PRIVILEGED. DO NOT FORWARD WITHOUT PERMISSION.” Users who receive communication from counsel should not forward such communications without the permission of counsel. Users are reminded that e-mail should not be considered as a secure means of communication.
12 Incident Response
Users must immediately report to the Management Representative or his or her Supervisor any suspected or confirmed security incident or threat. This would include, but not be limited to, a computer virus, breach of security, or security weakness, loss or disclosure of data, or any unauthorized access or use of data. Users should not discuss the specifics of a security problem with anyone else except the Management Representative or Supervisor, unless specifically authorized to do so. Additionally, Users must take no independent actions to remedy or address the incident or threat, unless expressly authorized to do so. Incidents will be administered as per Incident Management procedure.
Exceptions to this Policy can be made with written approval of Resilinc Management.
Upon termination of employment or any other termination of access rights, all Resilinc computers, equipment, programs, files, hardware, and intellectual property must be returned to Resilinc, and any further access to Resilinc systems is strictly prohibited.
In compliance with the EU-US Privacy Shield and Swiss US Privacy Shield Principles, Resilinc commits to resolve complaints about your privacy and our collection or use of your personal information. EU and Swiss individuals with questions or concerns about the use of their Personal Data should contact us at: [email protected].
Resilinc’s Data Protection Officer can be reached at [email protected].
EU Representative: You can contact our EU representative as follows:
Resilinc UK Ltd.
Slough – SL1 4XX
Email: [email protected].
Resilinc will investigate and attempt to resolve complaints in accordance with the Privacy Shield principles within 45 days of receiving a complaint.
If a Customer’s question or complaint cannot be satisfied through this process, Resilinc has further committed to refer unresolved privacy complaints under EU-US Privacy Shield and Swiss US Privacy Shield to an independent dispute resolution mechanism operated by BBB EU Privacy Shield and provide appropriate recourse, which will be provided free of charge to the individual.
If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit the below mentioned website for more information and to file a complaint.
Resilinc is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
Finally, as a last resort and in limited situations, EU and Swiss individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.
For more information on The Swiss-U.S. Privacy Shield Annex I Binding Arbitration Mechanism – http://go.adr.org/SwissAnnexIFiling.html
“Customer” means any client / partner /supplier engaged with Resilinc to avail its product and services.
“Data Subject” means an identified or identifiable natural living person. An identifiable person is one who can be identified, directly or indirectly, by reference to a name, or to one or more factors unique to his or her personal physical, psychological, mental, economic, cultural or social characteristics.
“Personal Data” as defined under the European Union Directive 95/46/EC means data that personally identifies or may be used to personally identify a person, including an individual’s name in combination with country of birth, marital status, emergency contact, salary information, terms of employment, job qualifications (such as educational degrees earned), address, phone number, e-mail address, user ID, password, and identification numbers. Personal Data does not include data that is de-identified, anonymous, or publicly available.
“Personal Data” and “Personal Information” are data about an identified or identifiable individual that are within the scope of the FADP, received by an organization in the United States from Switzerland, and recorded in any form.
“Sensitive Data” means Personal Data that discloses a Data Subject’s medical or health condition, race or ethnicity, political, religious or philosophical affiliations or opinions, sexual orientation, or trade union membership. And ideological or trade union related views or activities, or information on social security measures or administrative or criminal proceedings and sanctions, which are treated outside pending proceedings.