Privacy Policy

EU-U.S. PRIVACY SHIELD COMMERCIAL PRIVACY POLICY STATEMENT

OF

ASENDIA USA, INC.

 

Purpose & Scope

 

It is the policy of Asendia USA, Inc. (“Asendia USA”) to respect and protect Personal Information we receive from our Clients. In furtherance of this commitment, Asendia USA has certified to the EU-U.S. Privacy Shield Framework (“Privacy Shield”), as set forth by the U.S. Department of Commerce and the Federal Trade Commission (“FTC”), regarding the collection, use and retention of Personal Information transferred from the EEA to the United States. If there is any conflict between the terms in this Statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about Privacy Shield, and to view Asendia USA’s certification, please visit https://www.privacyshield.gov. Adherence to these Privacy Shield Principles may be limited (i) to the extent required or allowed by applicable law, rule or regulation; (ii) to the extent necessary to respond to lawful requests by public authorities, including to meet national security, law enforcement, legal or governmental requirements; and/or (iii) to protect the health or safety of a Citizen.

 

Asendia USA provides international mail and parcel services, including mail and parcel preparation and distribution as well as computer services (“Services”), designed to help companies (our Clients, as defined below) manage engagement with their customers and their customers’ Personal Information.

 

In the ordinary course of our business providing the Services, we act as agents (Data Processors) to process Personal Information on behalf of our Clients (Data Controllers), including information regarding citizens of the EEA. For example, the Services that we perform include the personalization and addressing of mail pieces and parcels from files provided by our Clients, where the data files may include name, title, company, address, city, postal region, country, postal code, email address, phone number, and customer number of our Clients’ customers. Additionally, in the ordinary course of business, our Clients, some of whom may be located in the EEA, provide us with their business contact and billing information, which we use to provide the Services.

 

Definitions

 

The following capitalized terms are used throughout this document and are defined as follows:

• “Agent” or collectively, “Agents” means any third party that Processes Personal Information pursuant to the instructions of, and solely for, Asendia USA or to which Asendia USA discloses Personal Information for use on its behalf.
• “Asendia USA” or the “Company” collectively refers to Asendia USA, Inc. a Delaware corporation, and any and all subsidiaries and affiliates thereof that are incorporated in any state or territory of the United States.
• “Citizen” or collectively, “Citizens” means a lawful citizen or citizens of any EEA country and includes the customers of our Clients.
• “Client” or collectively, “Clients” means the current, prospective and former companies for whom Asendia USA performs Services.
• “Data Controller” and “Data Processor” shall have the same meanings as in European Union Data Protection Directive 95/46/EC (or any replacement legislation).
• “EEA” means the European Economic Area which is composed of the following thirty-one (31) countries: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Italy, Ireland, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and United Kingdom.
• “Personal Information” means any information or set of information about an identified or identifiable Citizen, including, but not limited to: (a) first name or initial and last name; (b) home or other physical address; (c) telephone number; (d) email address or online identifier associated with the Citizen; (e) Social Security number or other similar identifier; (f) employment, financial or health information; or (g) any other information relating to a Citizen that is combined with any of the above. The term “Personal Information” does not include anonymized information or information that is reported in the aggregate (provided that such aggregated information is not identifiable to a natural person).
• “Privacy Shield Principles” collectively means the following seven (7) privacy principles as described in the Privacy Shield: (1) Notice, (2) Choice, (3) Accountability for Onward Transfer, (4) Security, (5) Data Integrity and Purpose Limitation, (6) Access, and (7) Recourse, Enforcement and Liability, as well as the supplemental privacy principles and the associated guidance set forth in those certain “Frequently Asked Questions” as agreed to by the U.S. Department of Commerce and the European Commission.
• “Process” or “Processing” of Personal Information means any operation or set of operations which is performed upon Personal Information, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.
• “Sensitive Personal Information” means Personal Information that reveals race, ethnic origin, political opinion, religious or philosophical beliefs, trade union membership, genetic data, biometric data where Processed to uniquely identify a person, any information that concerns medical or health conditions or sex life, or information relating to the commission of a criminal offense.
• “Statement” means this EU-U.S. Privacy Shield Commercial Privacy Policy Statement.

Capitalized terms not defined above have the definitions set forth in the respective paragraphs of this Statement.

 

 

Privacy Shield Principles

 

Notice, Choice & Access

 

Asendia USA does not own or control any of the Personal Information it Processes on behalf of its’ Clients. All such information is owned and controlled by the respective Client. Processes performed by Asendia USA on behalf of its Clients are pursuant to the instructions of the applicable Client. Asendia USA therefore relies on its Clients to provide notices that clearly and conspicuously describe (i) the types of Personal Information that are collected about such Citizens; (ii) the purposes for which such information is collected; (iii) and the types of third parties to which such information is disclosed – including Processors such as Asendia USA – and the related purposes.

Where Asendia USA receives Personal Information from its Clients, Asendia USA and its Agents will endeavor to use such information in accordance with the notices provided by such Clients and the choices made by the Citizens to whom such Personal Information relates. In the event Clients’ customers seek to exercise their opportunity to opt-out of future Client-originated communications by contacting Asendia USA, Asendia USA will endeavor to timely communicate that choice to its Clients.

 

Additionally, when Asendia USA collects contact, billing and other Personal Information about its Clients, including EEA Citizens employed by our EEA Clients, we shall endeavor to provide notices to our Clients. In the event such EEA Citizen Personal Information is to be used for a new purpose that is materially different from the purpose(s) for which it was collected or subsequently authorized, or transferred to a non-Agent third party, Asendia USA will endeavor, where practical and appropriate, to provide such individual with an opportunity to decline to have their Personal Information so used or transferred.

 

Although Asendia USA will, as appropriate, assist our Clients (as Data Controllers) in responding to Citizens exercising their rights under the Privacy Shield Principles, Citizens should direct their requests to correct, amend or delete their information or obtain confirmation of Processing to our Clients. Our EEA Citizens employed by our EEA Clients may also seek confirmation regarding whether Asendia USA is Processing Personal Information about them, request access to their Personal Information and ask that Asendia USA correct, amend or delete that information, where it is inaccurate or has been Processed in violation of the Privacy Shield Principles.

 

Accountability for Onward Transfer

 

Asendia USA will endeavor to only transfer Personal Information to another third party/Agent where such third party has given assurances that it provides at least the same level of privacy protection as is required by the Privacy Shield Principles and this Statement and will notify Asendia USA if it makes a determination it can no longer meet this obligation. Where Asendia USA has knowledge that an Agent is using or sharing Personal Information in a way that is contrary to the Privacy Shield Principles and/or this Statement, Asendia USA will take reasonable steps to prevent or stop such Processing. With respect to onward transfers to third parties/Agents, Privacy Shield requires that, to the extent it is responsible for the event, Asendia USA shall remain liable should its Agents Process Personal Information in a manner inconsistent with the Privacy Shield Principles.

 

Security

 

Asendia USA endeavors to take reasonable and appropriate administrative, technical and physical precautions designed to protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction, regardless of whether such Personal Information is in electronic or tangible, hard copy form.

 

Data Integrity and Purpose Limitation

 

Asendia USA endeavors only to Process Personal Information that is relevant to the Services it provides, and only for purposes compatible with those for which the Personal Information was collected. Asendia USA depends on its Clients to take reasonable steps to ensure that their customers’ Personal Information is reliable, accurate, complete and current. Asendia USA similarly takes reasonable steps designed to ensure the reliability, accuracy, completeness and currentness of Personal Information it collects about EEA Citizens employed by our Clients.

 

Processes performed by Asendia USA, as Data Processor, on behalf of its Clients, as Data Controllers, are pursuant to the instructions of the applicable Client. In order to provide international mailing and shipping services to its Clients, Asendia USA must provide our Clients’ mail and parcels, which include the recipients’ names and addresses on the mail or parcels, to Third-Party Service Providers, such as foreign postal administrations, to handle the final delivery to the recipients. Where necessary to perform services requested by specific Clients, Asendia USA may provide Personal Information to Third-Party Service Providers to perform hosting and sending of emails. In either case, these Third-Party Service Providers may have access to personal information if needed to perform their functions. If such access is required, the third parties will be obligated to maintain the confidentiality and security of that personal information. They are restricted from using, selling, distributing, or altering this data in any way other than to provide the requested services to Asendia USA.

 

Recourse, Enforcement and Liability

 

Asendia USA has implemented mechanisms to verify its ongoing compliance with the Privacy Shield Principles and this Statement. Any party that violates the Privacy Principles and/or this Statement will be subject to disciplinary procedures in accordance with Asendia USA’s disciplinary procedures.

 

In the event of a dispute, Citizens are able to seek resolution of their questions or complaints regarding use and disclosure of their Personal Information in accordance with the Privacy Shield Principles contained in this Statement. If you feel that Asendia USA is not abiding by the terms of this Statement, or is not in compliance with the Privacy Shield Principles, please contact Asendia USA at the contact information provided below. In addition, Asendia USA has agreed to refer unresolved complaints to JAMS, a dispute resolution provider which has locations in the United States and the EU. For more information and to submit a complaint through JAMS Privacy Shield Dispute Resolution Program, visit https://www.jamsadr.com/eu-us-privacy-shield. Such independent dispute resolution mechanisms are available to Citizens free of charge. If any request remains unresolved, Citizens may, under certain circumstances, have a right to invoke binding arbitration under Privacy Shield; for additional information, see https://www.privacyshield.gov/article?id=ANNEX-I-introduction. The FTC has jurisdiction over Asendia USA’s compliance with the Privacy Shield.

 

 

Contact Information

 

If you have questions regarding this Statement or any of Asendia USA’s privacy practices, please contact us by mail or e-mail at the following addresses:

 

Asendia USA

Attn: Data Privacy Team

701C Ashland Avenue

Folcroft, PA 19032

Phone: 1-800-624-5287

Email: dataprivacy.usa@asendia.com

 

 

Changes to this Statement

 

This Statement may be amended from time to time in a manner that is consistent with the requirements of the Privacy Principles. When this Statement is updated, the “Last Updated” date at the bottom of this document shall be amended accordingly. Any material changes to this Statement will be posted on Asendia USA’s website and available to the general public at https://www.asendiausa.com/privacy-policy/.

 

 

THIS STATEMENT HAS BEEN INITIALLY ADOPTED

BY ASENDIA USA, INC. AS OF THE 30th DAY OF SEPTEMBER, 2016.

 

Last Updated: JANUARY 7, 2020