Safe Harbor Framework Privacy Policy

I. Declaration
By managing and processing client's marketing database in compliance with the Safe Harbor Principles, 89 Degrees Inc. (‘The Company') provides professional services to support its clients' consumer marketing communications on behalf of and in consistency with its Client's direction.

The Company complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. The Company has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view 89 Degrees' certification, please visit http://www.export.gov/safeharbor/

II. Definitions

For purposes of this Policy, the following definitions shall apply:

  1. "The Company" means 89 Degrees Inc. headquartered at 25 Mall Road, Suite 610, Burlington, MA 01803 of the United Started of America (USA).
  2. "Personal Information" means any information or set of information transferred by the Company from or to the EEA (European Economic Area) that identifies or could be used by or on behalf of the Company or its clients to identify an individual covered by the Safe Harbor Framework. Personal Information does not include information that is encoded or publicly available information that has not been combined with non-public Personal Information. Personal information does not include information pertaining to or about a specific individual, but from which an individual could not be reasonably identified.
  3. "Sensitive Personal Information" means Personal Information that reveals race, medical or health conditions, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or information concerning the sex life of the individual. In addition, the Company will treat as Sensitive Personal Information for any information received from a Third Party where that Third Party treats and identifies the information as sensitive.
  4. "Third Party" means any person that is not an employee or a subsidiary of the Company.
  5. "Client" means a Third Party, on whose behalf and whose directions that The Company provides data processing and other professional services.

III. Personal Information
This Policy applies to all Personal Information received by the Company in any format and from any sources including electronic, paper or verbal.

The Company collects, receives, and processes Personal Information from current and former employees and their respective family members, as well as applicants for employment, customers, prospective clients, customers' end users (including, but not limited to customers' employees and customers).

The Company also collects, receives, and process Personal Information such as names of the Company's customers on behalf of its Client and in consistency with its Client's direction. The Company does not receive and store the Client's customer's personal names in combination with confidential data such as a social security number, a driver's license number, or a credit or debit card number.

All the information collected by the Company is the Company property. All the Client data is Client's property. All the Company data and Client data are guarded with security and integrity as proprietary.

All Personal Information collected or received by the Company will be used for legitimate business purposes in consistency with and in compliance with this Policy. The Company will not sell or share any of the Personal Information with Third Parties in ways different than what is disclosed in this Policy.

IV. Privacy Principles
The privacy principles in this Policy are developed in consistency with and in compliance with the Safe Harbor Principles by meeting the requirements of the seven safe harbor principles. Where a conflict exists between the provisions of this policy and the Safe Harbor Principles, the Safe Harbor Principles will govern.

  1. Notice When personal information is collected by the Company, The Company will notify individuals about the purposes for which it collects and uses information about them. The company will provide information about how individuals can contact The Company with any inquiries or complaints, the types of third parties to which it discloses the information and the choices and means the organization offers for limiting its use or/and disclosure.
  2. Choice On its own or on behalf of and in consistent with its Client's direction, The Company will give individuals the opportunity to choose (opt out) whether their personal information will be disclosed to a third party or used for a purpose incompatible with the purpose for which it was originally collected or subsequently authorized by the individual. For sensitive information, affirmative or explicit (opt in) choice will be given if the information is to be disclosed to a third party or used for a purpose other than its original purpose or the purpose authorized subsequently by the individual.
  3. Onward Transfer (Transfers to Third Parties) To disclose information to a third party, The Company will apply the notice and choice principles. Where an organization wishes to transfer information to a third party that is acting as an agent, it will make sure that the third party subscribes to the safe harbor principles or is subject to the Directive or another adequacy finding. Or as an alternative, The Company will enter into a contractual agreement with such third party requiring that the third party provides at least the same level of privacy protection as is required by the Safe Harbor Principles.
  4. Access The Company guarantees individuals to access to the personal information about them that the Company holds and be able to correct, amend, or delete that information where it is inaccurate, except where the burden or expense of providing access would be disproportionate to the risks to the individual's privacy in the case in question, or where the rights of persons other than the individual would be violated.
  5. Security The Company will take reasonable precautions to protect Personal Information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction. The Company limits access to Personal Information to those persons in the Company's organization, or as Agents of the Company, for and only for legitimate and specific business reasons and on basis of need to know. Any individuals who are granted access to Personal Information will have been made aware of their responsibilities to protect the security, confidentiality, and integrity of that information and will have been provided with training and instructions on how to do so in compliance with the Company's data security and privacy policy, including this policy.
  6. Data Integrity The Company will take reasonable efforts to ensure that data is reliable for its intended use, accurate, complete, and current.
  7. Enforcement The Company will conduct annual compliance audits of its relevant data security and privacy policies and practices to verify its adherence to this Policy and the Safe Harbor Principles. The audit will be conducted under the direction of the company human resource officer and the Privacy Officer. Any employee that the Company determines is in violation of this Policy will be subject to disciplinary action up to and including termination of employment. Any Agent or Third Party that violates this Policy shall be in material breach of all agreements with the Company and shall defend and indemnify the Company from claims related to such violations.

Any questions or concerns regarding the use or disclosure of Personal Information should be directed to the Company Privacy Officer. The Company will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information in accordance with the principles contained in this Policy.

For complaints that cannot be resolved between the Company and the complainant, the Company has agreed to participate in the dispute resolution procedures of the American Arbitration Association ("AAA") in accordance with its applicable commercial rules as well as the Safe Harbor Principles; provided further that any arbitrator shall be either an attorney or retired judge having significant and recognized experience with, and knowledge of, privacy issues and information technology. In addition, the exclusive location for such arbitration shall be Boston, MA (USA). All decisions of the arbitration panel shall be final and binding on the parties, which waive any right to further appeal the arbitration award, to the extent an appeal may be lawfully waived. The Company is also subject to the jurisdiction of the US Federal Trade Commission. The Federal Trade Commission may be contacted at the following address:

Federal Trade Commission
Attn: Consumer Response Center
600 Pennsylvania Avenue NW Washington, DC 20580 USA
consumerline@ftc.gov
www.ftc.gov

VI. Effective Date and Changes

The practices described in this Policy are the current Personal Information protection policies as of May 31, 2010. It shall be posted on the Company website at www.89degrees.com. The Company reserves the right to modify or amend this Policy at any time consistent with the requirements of the Safe Harbor Principles. Appropriate public notice will be given concerning such amendments.

V. Privacy Officer and Contact Information

The Company has information security infrastructure, procedures and policies, and best practices in place to provide secured data privacy protection for individuals and businesses as well.

The Company educates, trains, and mandates its employees' awareness most likely to be in possession of or accessing Personal Information concerning compliance with this Policy and to assure compliance.

David Simcik, The Company's Director of Consulting and Campaign Services, is designated as the Privacy Officer responsible for the Company's compliance with and enforcement of this Policy and The Company's data security practices.

The Privacy Officer is available to any of its valued employees, clients, customers, vendors, business partners or others who may have questions concerning this Policy or data security practices. Questions or complaints regarding this Policy and any privacy-related issue should be submitted by mail or email to the Privacy Officer, as indicated below:

David Simcik
25 Mall Road, Suite 610
Burlington, MA 01803
Email: simcik@89degrees.com