Datapro, Inc. (“Datapro”) is a leading provider of banking systems to the financial services industry. Datapro has adopted this Privacy Shield Policy (“Policy”) in order to maintain an adequate level of protection concerning the transfer of its serviced financial institutions (“Clients”) customers’ Personal Information from the European Union (EU) member countries to Datapro’s facilities in the United States of America.
Datapro complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce (DOC) regarding the collection, use, and retention of Personal Information from our Customers. Datapro has certified that it adheres to the EU-US Privacy Shield Framework Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability. If there is any conflict between Datapro’s Policy and the EU-US Privacy Shield Framework Principles, the EU-US Privacy Shield Framework Principles shall govern. To learn more about the US DOC Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov.
The Federal Trade Commission (FTC) has jurisdiction over Datapro’s compliance with the EU-US Privacy Shield Framework.
Datapro’s Policy applies only to Personal Information that is processed, maintained or stored on behalf of Datapro’s Clients. “Personal Information” for purposes of this policy means information relating to an identified or identifiable natural person. An “Identifiable Person” is one who can be identified, directly or indirectly, by reference to an identification number or to one or more factors specific to the individual’s physical, physiological, mental, economic, cultural or social identity that are within the scope of the EU-US Privacy Shield Framework, recorded in any form and that is received by a participant from the EU. For the purposes of this Policy, our Clients may use Datapro’s systems to store Personal Information on their customers that includes name, address and date of birth. “Processing” of personal data means any operation or set of operations which is performed upon Personal Information, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.
Datapro acts as a service provider to its Clients who use its banking products and services. Any Personal Information sent to us by our Clients is used exclusively for the purposes for which we were contracted.
The use of Personal Information from our Clients is governed by the service agreements with our Clients and this Policy. We do not rent or sell our Personal Information to any third parties. We do not collect sensitive information (e.g., Personal Information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual).
ACCOUNTABILITY FOR ONWARD TRANSFER
Except as otherwise provided herein, Datapro discloses Personal Information only to Third Parties who reasonably need to know such data and only for the scope of the services contracted and not for other purposes. Such recipients of Personal Information must agree to abide by confidentiality agreements.
Please be aware that Datapro may be required to disclose Personal Information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. Datapro is liable for appropriate onward transfers of Personal Information to Third Parties.
DATA INTEGRITY AND SECURITY
Datapro takes reasonable steps to ensure that Personal information we Process is reliable for its intended use, accurate, complete, and current to the extent necessary for the purposes for which we use the Personal Information. Additionally, Datapro has implemented physical, technical and administrative safeguards to protect Personal Information from loss, misuse, and unauthorized access, disclosure, alteration and destruction.
ACCESS TO PERSONAL INFORMATION
Datapro acknowledges that individuals have the right to access their Personal Information. Datapro maintains Personal Information solely as a processor on behalf of its Clients and, as a result, has no direct relationship with the individuals whose Personal Information we Process. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should first contact their financial institution in the European Union.
ENFORCEMENT AND DISPUTE RESOLUTION
Datapro uses a self-assessment approach to assure compliance with its Privacy Shield Policy and periodically verify that the Policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible and in conformity with the principles. In compliance with the EU-US Privacy Shield Framework Principles, Datapro commits to resolve complaints about your privacy and our collection or use of your Personal Information. EU individuals with questions or concerns regarding our Privacy Shield Policy should contact us at:
c/o Governance, Compliance & Risk Management
770 Ponce de Leon Blvd. – 2nd Floor
Coral Gables, Florida USA 33134
Office: (305) 374 – 0606 / Fax: (305) 374 – DATA
Datapro has further committed to refer unresolved EU-US Privacy Shield Framework complaints to the JAMS, an alternative dispute resolution provider. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit the JAMS website for more information or to file a complaint. The services of JAMS are provided at no cost to you. If claims are not remedied, under certain limited conditions, individuals may invoke binding arbitration as a last resort before the EU-US Privacy Shield Framework Panel.
AMENDMENTS / RENEWALS
Datapro’s Policy may be amended from time to time consistent with the requirements of the EU-US Privacy Shield Framework. Datapro also reviews this policy annually as part of the re-certification process.
It is DATAPRO, INC.’s formal policy to adhere to the requirements and guidelines of federal Regulation P, Privacy of Consumer Financial Information, as it relates to maintaining the confidentiality of customer records, when arid if, its staff and/or contract personnel are exposed to such records during the course of:
• Software installation
• System upgrades, maintenance or enhancements
• Employee/user training at a financial institution
• Problem resolution
• Customer support resolution
• Disaster Recovery Testing and/or Operation
DATAPRO, INC.’s employees or contractors will not remove from premises, share, copy or print customer information records unless specifically requested and/or authorized in writing by the client or financial institution that owns the data/ information.
DATAPRO, INC. will observe and enforce this policy within its employees, contractors or anyone representing DATAPRO, INC.. while servicing the client.
This statement of policy will apply to the client’s premises, DATAPRO, INC. premises and operation centers, DATAPRO, INC.’s. Disaster Recovery Operation Center, and anywhere where an employee of DATAPRO OUTSOURCE SERVIES, LLC becomes exposed to or in control of the client’s data.
DATAPRO, INC. will train its staff and contract employees in the required precautionary measures they must take to ensure customer information confidentiality and privacy.
The client and not DATAPRO, INC., is responsible to provide timely training to its staff in the handling of consumer/customer issues concerning financial information privacy. As part of its annual System Maintenance Billing, DATAPRO, INC. will incorporate the following or similar verbiage reiterating the Company’s policy regarding Consumer Information Privacy:
“It is the policy of DATAPRO, INC., Inc. to maintain the confidentiality of customer records it may come in contact with as a result of interacting with the client and while performing the services contracted in the outsource service agreement/contract between the client and DATAPRO, INC…
Under no circumstances will DATAPRO, INC. Inc., or one of its representatives, copy, share, print or disseminate the bank’s customer information records to anyone outside the bank.”
Policy Effective Date: March 15, 2017