EU-U.S. Privacy Shield and U.S.-Swiss Safe Harbor Certification

Casepoint is in compliance and certified with the EU-U.S. Privacy Shield and U.S.-Swiss Safe Harbor framework requirements.

Purpose statement

This policy sets forth the EU-U.S. Privacy Shield and U.S.-Swiss Safe Harbor frameworks for Casepoint.

Introduction

Casepoint respects individual privacy and values the confidence of its customers, their stakeholders, employees, business partners, and others who may use its services. Not only does Casepoint strive to collect, use and disclose personal information in a manner consistent with the laws of the countries in which it does business, but it also has a tradition of upholding the highest ethical standards in its business practices. This Privacy Policy sets forth the privacy principles under the EU-U.S. Privacy Shield Framework that Casepoint follows with respect to the protection and transfers of personal information from the European Union (EU). The Privacy Shield Framework includes the Member States of the EU, plus Iceland, Liechtenstein, and Norway. Additionally, this Privacy Policy adheres to the principles set forth in the U.S.-Swiss Safe Harbor Framework with respect to the protection and transfers of personal information from Switzerland to the United States.

EU-U.S. Privacy Shield and U.S.-Swiss Safe Harbor Frameworks

The United States Department of Commerce (DOC) and the European Commission (EC) have agreed on a set of data protection principles to enable U.S. companies to satisfy the requirement under European Union law that adequate protection be given to personal information transferred from the European Union to the United States (the “EU-U.S. Privacy Shield”). The EC has recognized the EU-U.S. Privacy Shield as providing adequate data protection (MEMO/16/2462). The DOC and the Federal Data Protection and Information Commissioner (FDPIC) of Switzerland have agreed on a similar set of principles that enable U.S. companies to satisfy the requirement under Swiss law that adequate protection be given to personal information transferred from Switzerland to the United States (the “U.S.-Swiss Safe Harbor”). Consistent with its commitment to protect personal privacy, Casepoint adheres to the principles set forth in the EU-U.S. Privacy Shield Framework and the U.S.-Swiss Safe Harbor Framework.

Scope

This Privacy Policy applies to all personal information received by Casepoint in the United States from the EU and from Switzerland, in any format, including electronic, paper, or verbal. Casepoint is an electronic discovery service provider. Electronic discovery (also called e-discovery or ediscovery) refers to any process in which electronic data is sought, located, secured, and searched with the intent of using it as evidence in a civil or criminal legal case. This policy applies to all personal information Casepoint handles (except as noted below), including on-line, off-line, and manually processed data. The types of personal data Casepoint collects, acting as an Agent-Processor includes name, mail, email addresses, biometric and any other data it is directed to collect.

Definitions

For purposes of this Privacy Policy, the following definitions shall apply:

“Processing” of personal data means any operation or set of operations that are performed upon personal data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.

“Agent-Processor” means any third party processor, non-Controller, which collects or uses personal information under the instructions of, and solely for, Controller.

“Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of personal data.

“Casepoint” means Casepoint, LLC (formerly known as @Legal Discovery, LLC), its predecessors, successors, subsidiaries, divisions, and groups in the United States.

Personal information” or “Personal Identifiable Information” means any information or set of information that identifies or could be used by or on behalf of Casepoint, its customers or agents of its customers, to identify an individual. Personal information does not include information that is encoded or anonymized or publicly available information that has not been combined with non-public personal information.

“Sensitive personal information” means personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, views or activities that concern health or sex life, information about social security benefits, or information on criminal or administrative proceedings and sanctions other than in the context of pending proceedings. In addition, Casepoint will treat as sensitive personal information any information received from a third party where that third party treats and identifies the information as sensitive.

Privacy Principles

The following privacy principles are based on the EU-U.S. Privacy Shield and the U.S.-Swiss Safe Harbor frameworks.

Notice and Choice

To the extent permitted by the EU-U.S. Privacy Shield and the U.S.-Swiss Safe Harbor frameworks, Casepoint reserves the right to process personal information in the course of providing professional services to its client-Controllers without the knowledge of individuals involved. Where Casepoint collects personal information directly from individuals in the EU, it will inform them about the purposes for which it collects and uses personal information about them, the types of third party Controllers for which Casepoint discloses that information, the choices Casepoint offers individuals for limiting the use and disclosure of personal information about them, and how to contact Casepoint.

Where Casepoint receives personal information from its subsidiaries, affiliates or other Controller entities in the EU, it will use and disclose such information in accordance with the notices provided by such entities and the choices made by the individuals to whom such personal information relates.

Data Integrity and Purpose Limitation Casepoint processes personal information only in ways compatible with the purpose for which it was collected or subsequently authorized by the individual. To the extent necessary for such purposes, Casepoint takes reasonable steps to make sure that personal information is accurate, complete, current, and otherwise reliable with regard to its intended use.

Onward Transfers and Disclosures

Casepoint processes personal information only in ways compatible with the purpose for which it was collected or subsequently authorized by the individual. To the extent necessary for such purposes, Casepoint takes reasonable steps to make sure that personal information is accurate, complete, current, and otherwise reliable with regard to its intended use.

  • Casepoint has provided Notice and Choice, consistent the EU-U.S. Privacy Shield principles;
  • To the extent necessary to meet national security, public interest, or law enforcement requirements;
  • The information in question is publicly available;
  • The disclosure is reasonably necessary for the establishment or defense of legal claims.

Casepoint may disclose an individual’s personal information to another Casepoint entity or to an Agent-Processor vendor providing services on Casepoint’ or the individual’s behalf consistent with the purpose for which the information was obtained, if the Agent-Processor, with respect to the information in question:

  • Acts only on instructions from the Controller; and
  • Controller remains responsibility for compliance with these Principles.

Casepoint is potentially liable for unlawful onward transfers to third parties. Permitted transfers of information, either to third parties or within Casepoint, include the transfer of data from one jurisdiction to another, including transfers to and from the United States of America. Because privacy laws vary from one jurisdiction to another, personal information may be transferred to a jurisdiction where the laws provide less or different protection than the jurisdiction in which the information originated.

EU-U.S. Privacy Shield

Casepoint complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. Casepoint has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

To learn more about the Privacy Shield program, and to view our certification page, please visit: https://www.privacyshield.gov/

List of Active Privacy Shield Participants: https://www.privacyshield.gov/list

U.S.-Swiss Safe Harbor Framework

Casepoint complies with the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from Switzerland.  Casepoint has certified to the Department of Commerce that that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Casepoint’s certification, please visit http://www.export.gov/safeharbor/. As our company name recently changed to Casepoint, our certification is listed under our former name “@Legal Discovery, LLC.”

Data Security

Casepoint will take reasonable precautions to protect personal information in its possession from loss, misuse, unauthorized access, disclosure, alteration, destruction; and ensure the appropriate use and confidentiality of information, either for its own purposes or on behalf of its clients. Casepoint has put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information it processes. However, Casepoint cannot guarantee the security of information on or transmitted via the Internet or a document review tool.

Access and Correction

EU consumers have a right to reasonable access to their personal information. If an EU consumer becomes aware that information Casepoint maintains about that individual is inaccurate, or if an individual would like to update or review his or her information, the individual may contact Casepoint using the contact information below. Casepoint will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate. The individual will need to provide sufficient identifying information, such as name, address, birthdate, and social security number. Casepoint may request additional identifying information as a security precaution. In addition, Casepoint may limit or deny access to personal information where providing such access would be unreasonably burdensome or expensive in the circumstances, or as otherwise permitted by the EU-U.S. Privacy Shield and/or the U.S.-Swiss Safe Harbor frameworks. In some circumstances, Casepoint may charge a reasonable fee, where warranted, for access to personal information.

Recourse & Dispute Resolution

Casepoint utilizes the self-assessment approach to assure its compliance with this privacy statement. Casepoint periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented, and in conformity with the principles. Casepoint encourages interested persons to raise any concerns with us using the contact information below. Casepoint will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this policy with forty-five days of receipt. Please see further down this page of this Privacy Policy for Casepoint contact information.

For complaints that cannot be resolved between Casepoint and the complainant, Casepoint has agreed to participate in the following dispute resolution procedures in the investigation and resolution of complaints to resolve disputes pursuant to the EU-U.S. Privacy Shield and the U.S.-Swiss Safe Harbor frameworks:

EU-U.S. Privacy Shield

For disputes involving all personal information received by Casepoint from the EU, in compliance with the EU-U.S. Privacy Shield Principles, Casepoint commits to resolve complaints about your privacy and our collection or use of your personal information. European Union individuals with inquiries or complaints regarding this privacy policy should first contact Casepoint at:

Vishal Rajpara
Executive Vice-President
Casepoint, LLC
2815 Hartland Rd, Suite 200
Falls Church, Virginia 22043
privacy@casepoint.com
Phone: 2012331227

Casepoint has further committed to refer unresolved privacy complaints under the EU-U.S. Privacy Shield Principles through TRUSTe, an independent third-party alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.truste.com/consumer-resources/privacy-shield/ for more information and to file a complaint.

Binding Arbitration is available under the EU-U.S. Privacy Shield Framework after an individual has (1) raised the claimed violation directly with Casepoint and has afforded Casepoint an opportunity to resolve the issue within forty-five days; (2) and has made use of the independent recourse mechanism (TRUSTe) listed above; and has (3) raised the issue through their Data Protection Authority to the Department of Commerce and afforded the Department of Commerce an opportunity to use best efforts to resolve the issue within the timeframes set forth in the Letter from the International Trade Administration of the Department of Commerce.

  • As set forth in the Arbitral Model of Annex I (EU-U.S. Privacy Shield Framework Principles Issued by the U.S. Dept. of Commerce), invoking binding arbitration is an option available to an individual to determine, for residual claims, whether Casepoint has violated its obligations under the Principles as to that individual, and whether any such violation remains fully or partially remedied. This option is available only for these purposes and is expressly limited by Section I.5 of the EU-U.S. Privacy Shield Framework Principles.

U.S.-Swiss Safe Harbor

In compliance with the U.S.-Swiss Safe Harbor Principles, Casepoint commits to resolve complaints about your privacy and our collection or use of your personal information. Swiss citizens with inquiries or complaints regarding this privacy policy should first contact Casepoint at:

Vishal Rajpara
Executive Vice-President
Casepoint, LLC
2815 Hartland Rd, Suite 200
Falls Church, Virginia 22043
privacy@casepoint.com
Phone: 2012331227

Casepoint has further committed to refer unresolved privacy complaints under the EU-U.S. Privacy Shield Principles through TRUSTe, an independent third-party alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.truste.com/consumer-resources/privacy-shield/ for more information and to file a complaint.

Enforcement and Liability

Casepoint will conduct compliance audits of its relevant privacy practices to verify adherence to this policy. Casepoint is subject to the jurisdiction of the Federal Trade Commission which is committed to the enforcement of the EU-U.S. Privacy Shield Framework. Additionally, any employee that Casepoint determines is in violation of this policy or other company privacy policies will be subject to disciplinary action up to and including termination of employment.

Limitation on Application of Principles Adherence by Casepoint to the Privacy Principles of the EU-U.S. Privacy Shield and the U.S.-Swiss Safe Harbor frameworks may be limited (a) to the extent required to respond to a legal or ethical obligation; (b) to the extent necessary to meet national security, public interest or law enforcement obligations; and (c) to the extent expressly permitted by an applicable law, rule or regulation.

Internet Privacy Casepoint sees the Internet and the use of other technologies as valuable tools to communicate and interact with consumers, employees, healthcare professionals, business partners, and others. Casepoint recognizes the importance of maintaining the privacy of information collected online and has created a specific Internet Privacy Policy governing the treatment of personal information collected through websites that it operates. With respect to personal information that is transferred from the European Union or Switzerland to the U.S., the Internet Privacy Policy is subordinate to this policy. However, the Internet Privacy Policy also reflects additional legal requirements and evolving standards with respect to Internet privacy. Casepoint’ Internet Privacy Policy can be provided upon request using the contact information below.

Contact Information

Questions or comments regarding Casepoint’s EU-U.S. Privacy Shield and/or U.S.- Swiss Safe Harbor certification, or access requests under these Frameworks, should be submitted to Casepoint by mail or e-mail as follows:

Amit Dungarani
Director, Corporate Initiatives
7900 Tysons One Place
Suite 680
Tysons, VA 22102
USA
adungarani@casepoint.com

Changes to the Privacy Shield Policy

This Policy may be amended from time to time, consistent with the requirements of the Privacy Shield Framework. A notice will be posted on the Casepoint website (https://www.casepoint.com) for 60 days whenever this Privacy Shield Privacy Policy is changed in a material way.

NOTICE OF FUTURE CHANGE:

Swiss-U.S. Privacy Shield Framework

On April 12, 2017, the Department of Commerce will begin accepting applications for the SWISS-U.S. Privacy Shield Framework (replacing the U.S.-Swiss Safe Harbor Framework). Casepoint will be submit our self-certification requirements to the Department of Commerce at that time after which the language below will take affect replacing the language in the first paragraph of the section entitled “EU-U.S. Privacy Shield and U.S.-Swiss Safe Harbor Frameworks”:

Casepoint complies with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively.  Casepoint has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

Give Casepoint a try

Why not see first-hand how Casepoint is revolutionizing eDiscovery?
Let us give you a tour.

Request a demo Any questions? See our FAQs or give us a call.