ChargaCard, Inc. EU-U.S. Privacy Shield Notice
Effective: October 22, 2018
CERTIFICATION OF PRIVACY SHIELD
ChargaCard has certified with the EU-U.S.Privacy Shield with respect to the personal data we receive and process on behalf of our customers through our file handling mechanisms (the “Services”). ChargaCard certifies that it adheres and enforces the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access of personal data submitted by our customers residing in European countries through the Services, and our EU-U.S.Privacy Shield certification is available HERE
We provide the Services in such a way so that our customers don’t have to build their own solutions for handling files (uploads, processing, storage, and delivery) for web and mobile apps. In providing these Services, we process data our customers submit to the Services or instruct us to process on their behalves in connection with the Services (“Customer Data”).
PURPOSE OF DATA PROTECTION
In order to provide our Services, we capture and store some information about customers, and also users uploading material to the service. Depending on the services or products we provide, we can obtain the following information from our users:
1. IP Addresses
2. First name, Last name, physical address, email address
3. Information entered on our website
4. Photo of Driver License/Passport (back and front side)
5. Photo of a User showing his ID (passport or Driver License) in his hand
6. Billing information
7. Invoiсes from Businesses and other information that we need for providing services
8. Phone number
The data listed above are stored on secure servers. We don’t use data from uploaded files for anything, except for:
1. Detecting its MIME-type (Multipurpose Internet Mail Extensions)
2. Generating preview on request
3. Converting or modifying the files on request from a ChargaCard User who owns that file
4. Verification of the users
5. Fraud prevention purposes and provision of our internet security services
6. Internal marketing (not third party marketing)
8. Account management
All data stored by us is only used for internal processing, and never sold or otherwise given away excluding possible data transferring to agents on our behalf.
THIRD PARTIES WITH WHOM WE MAY SHARE CUSTOMER DATA
We use a limited number of third party providers to assist us in providing the Services to our customers. As of the date hereof, these third party providers perform technical operations such as database monitoring, data storage and delivery, hosting services, and customer support software tools. These third parties may access, process or store personal data in the course of providing these services, but based on our instructions only.
Also to assist us in verification and identification our customers and for our AML/CFT/KYC Policy compliance we may involve our partners/contractors who provide us Anti-fraud solutions.
If we receive personal data subject to our certification under the Privacy Shield and then transfer it to a third-party service provider acting as an agent on our behalf, we have certain liability under the Privacy Shield - if the agent on our behalf processes the personal data in a manner inconsistent with the Privacy Shield, in this case we are responsible for the event giving rise to the damage.
We may share your personal information we collect from you, including, but not limited to, your name, contact details, and transactions and activities, with:
Anyway, ChargaCard.Inc liable in cases of onward transfers of personal information to third parties.
Questions or Complaints
In compliance with the Privacy Shield Principles, ChargaCard.Inc commits to resolve complaints about our collection or use of your personal information.
If you are a resident of a European country participating in the Privacy Shield and you believe we maintain your personal data within the scope of this Privacy Shield certification, you may direct any questions or complaints concerning our Privacy Shield compliance to our Data Protection Officer at firstname.lastname@example.org or at our mailing address:
2060 Broadway, Suite B1
Boulder, Colorado 80302, USA
We will work with you to resolve your issue.
If you are a resident of a European country participating in the Privacy Shield and you have not received timely response to your concern, or we have not addressed your concern to your satisfaction, you may seek further assistance, at no cost to you, from EU Data Protection Authorities for EU/EEA Data Subjects which is an independent dispute resolution bodies.
Also, ChargaCard.Inc commits to cooperate with EU data protection authorities (DPAs) and comply with the advice given by such authorities with regard to personal data transferring from the EU.
You may also be able to invoke binding arbitration as outlined in Annex I of the Binding Arbitration Mechanism for unresolved complaints but previously, to initiating such arbitration, a resident of a European country participating in the Privacy Shield must first:
1) contact us and afford us the opportunity to resolve the issue;
2) seek assistance from EU Data Protection Authorities for EU/EEA Data Subjects;
3) contact the International Centre for Dispute Resolution (ICDR)
If such a resident invokes binding arbitration, each party shall be responsible for its own attorney’s fees. Please be advised that in accordance with the Privacy Shield, the arbitrator(s) may only provide individual-specific, non-monetary, equitable relief necessary to remedy any violation of the Privacy Shield Principles with respect to the resident.
The International Centre for Dispute Resolution (ICDR), the international division of the American Arbitration Association (AAA), has been selected by the U.S. Department of Commerce to manage the Privacy Shield Arbitration Mechanism and Arbitral Fund. The ICDR’s primary functions in this regard are to administer arbitrations that may arise and to establish and manage an Arbitral Fund to cover the arbitral costs.
The EU-U.S. Privacy Shield Arbitration Mechanism is for EU individuals is seek to determine whether an organization participating in the Privacy Shield Framework has violated its obligations under the Privacy Shield Principles as to that individual, and whether any such violation remains fully or partially unremedied ("residual claims").
The arbitral tribunal has the authority to impose individual-specific, non-monetary equitable relief (such as access, correction deletion, or return of the individual's data in question) necessary to remedy the violation of the Principles only with respect to the individual.
For full information on how this arbitration mechanism works, please see the Arbitration Rules by clicking HERE.
U.S. FEDERAL TRADE COMMISSION ENFORCEMENT
Our Privacy Shield compliance is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
RIGHT TO ACCESS
Some international users (including those whose personal data is within the scope of this Privacy Shield certification) have legal rights to access certain personal data we hold about them and to provide its correction, amendment or deletion. Those users may exercise those rights through the options described in their Dashboard and Account settings or by contacting us via email@example.com.
REQUIREMENT TO DISCLOSE
We may disclose personal data when we have a belief that such action is necessary to: conform to legal requirements or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements; or to enforce our contractual obligations.