Originally Posted: March, 2010 | Last Reviewed: April, 2010
This Safe Harbor Information page sets forth the privacy principles that Janrain follows with respect to transfers of personal information, whether it is in electronic, paper or verbal format, between the United States and member states of the European Union, Switzerland, Iceland, Liechtenstein and Norway (the European Economic Area, herein referred to as "EEA").
The United States Department of Commerce and the European Commission have agreed on a set of data protection principles and frequently asked questions (the "Safe Harbor Principles") to enable U.S. companies to satisfy European Union law requirements for adequate protection of personal information transferred from the EU to the United States. The EEA also has recognized the U.S. Safe Harbor as providing adequate data protection. Consistent with its commitment to protect personal privacy, Janrain adheres to the Safe Harbor Principles.
"Personal Information" or "Information" means information that (1) is transferred from the EU to the United States; (2) is recorded in any form; (3) is about, or pertains to a specific individual; and (4) can be linked to that individual.
"Sensitive Personal Information" means personal information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership or that concerns an individual's health.
The following privacy principles are based on the Safe Harbor Principles.
Janrain is not responsible for the creation, management, or accuracy of the information it transfers from the IDP to the client organization, which may include personally identifying information, nor is Janrain responsible for the way its customers treat personally identifying information that is transferred.
CHOICE: Where Janrain collects personal information directly from individuals in the EEA, Janrain will offer individuals the opportunity to choose (opt-out) whether their personal information is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For sensitive personal information, Janrain will give individuals the opportunity to affirmatively and explicitly (opt-in) consent to the disclosure of the information to a non-agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Janrain will provide individuals with reasonable mechanisms to exercise their choices.
ONWARD TRANSFERS TO AGENTS: Janrain will obtain assurances from its agents that they will safeguard personal information consistent with our policies. Examples of appropriate assurances that may be provided by agents include: a contract obligating the agent to provide at least the same level of protection as is required by the relevant Safe Harbor Principles, being subject to EU Directive 95/46/EC (the EU Data Protection Directive), Safe Harbor certification by the agent, or being subject to another European Commission adequacy finding. Where Janrain has knowledge that an agent is using or disclosing personal information in a manner contrary to our policy, Janrain will take reasonable steps to prevent or stop the use or disclosure.
SECURITY: Janrain will take reasonable precautions to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.
DATA INTEGRITY: Janrain will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. Janrain will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current.
ACCESS: Upon request, Janrain will grant individuals reasonable access to personal information that it holds about them. In addition, Janrain will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete.
ENFORCEMENT: Janrain will conduct compliance audits of its relevant privacy practices to verify adherence to our policies. Any employee that Janrain determines is in violation of its policies will be subject to disciplinary action up to and including termination of employment.
Questions or comments regarding this Policy should be submitted to Janrain by mail or e-mail as follows:
519 SW 3rd Ave Ste 600
Portland, OR 97204 USA
If your inquiry is not satisfactorily addressed, contact BBB EU Safe Harbor (www.bbb.org) Dispute Resolution Process. BBB EU Safe Harbor will serve as a liaison with Janrain to resolve your concerns.