Safe Harbor Policy | FilterQueen

Introduction

The transfer of Personal Data to non-European Union nations that do not meet the European “adequacy” standard for privacy protection is prohibited by the European Commission’s Directive on Data Protection (October, 1998). In order to provide a streamlined means for U.S. organizations to comply with the Directive and to bridge these various privacy approaches, the U.S. Department of Commerce, in consultation with the European Commission, developed a “Safe Harbor” framework. The Safe Harbor, which was approved by the EU in July 2000, is a way for U.S. companies to avoid experiencing problems in their dealings with the EU or potentially facing prosecution by EU authorities under European privacy laws.

Scope and Purpose

Health-Mor and its affiliated companies located in the US are committed to protecting the privacy of individuals who entrust Health-Mor with their Personal Data, including Health-Mor’s customers, employees, and business partners. Consistent with this commitment to protect personal privacy, Health-Mor adheres to the Safe Harbor Principles and the Frequently Asked Questions for the purpose of safeguarding Personal Data transferred on Health-Mor’s behalf from the EU to the US. This Safe Harbor Privacy Policy (the Policy) describes our practices for implementing the U.S. Department of Commerce’s Safe Harbor Principles as approved by the European Commission, and applies to all Personal Data received by Health-Mor in the US from the EU via a transmission in any format, including electronic, paper, or verbal."Agent" is a company or individual authorized to collect, process or have access to personal data on behalf of Health-Mor."

Personal Data" is data about an identified or identifiable individual, received by Health-Mor in the US from the EU, and recorded in any form. Personal Data does not include publicly available data, anonymized data, encoded data or data reported in the aggregate, but does include Sensitive Personal Data."Safe Harbor Principles" means the principles agreed to by the European Commission and the U.S. Department of Commerce that US companies can choose to follow to protect Personal Data received from EU individuals, in compliance with the European Directive on Data Protection.

"Sensitive Personal Data" means Personal Data that reveals race, ethnic origin, sexual orientation, political opinion, religion, or philosophical beliefs, trade union membership, or personal health.

The Safe Harbor Principles

Notice: Where Health-Mor collects personal information from individuals in the EU, HMI will inform them about the types of personal information collected, the purpose for which it collects such data, and the types of third parties to which it discloses or may disclose such data. Notice will be provided in clear and conspicuous language at the time of collection, or as soon as practicable thereafter, and in any event before Health-Mor uses or discloses the information for a purpose other than that for which it was originally collected.

Choice: Health-Mor will offer individuals the opportunity to decline to have their data disclosed to a non-agent third party or to be used for a purpose incompatible with the purpose for which the data was originally collected or subsequently authorized by the individual. In the event sensitive personal data is to be used for a new purpose or transferred to a non-agent third party, then the individual will be given the opportunity to expressly consent to the disclosure prior to the use or transfer of the data.

Outward Transfers: Health-Mor will only transfer Personal Data to Agents when assurances have been provided by that Agent(s) that he will safeguard the information consistent with the same level of privacy required by the Policy. Where Health-Mor becomes aware that an agent is using or disclosing information in a manner contrary to this Policy, Health-Mor will take reasonable steps to prevent or stop the use or disclosure.

Security: Health-Mor takes reasonable steps to protect Personal Data from loss, misuse disclosure, unauthorized access and destruction.Data Integrity: Health-Mor will use Personal Data only in ways that are compatible with the purpose for which it was collected or subsequently authorized by the individual. Health-Mor will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete and current.

Access: An individual has the right to inquire as to the nature of the Personal Data stored or processed by Health-Mor about that individual. Where inaccurate, that individual may correct, amend or delete it, except where the burden or expense of providing access would be disproportionate to the risk to the individual's privacy.

Enforcement: Health-Mor will conduct self-assessment audits of the Policy to verify its compliance with these principles. Any employee that Health-Mor determines is in violation of the Policy will be subject to disciplinary action.

Dispute Resolution: Any questions regarding the use or disclosure of personal information should be directed to Health-Mor at the address given below, which will investigate and try to resolve any disputes in accordance with this Policy. Health-Mor agrees to participate in the dispute resolution procedure administered by the European Data Protection Authorities to resolve disputes pursuant to the Safe Harbor Principles.

Limitations on Scope of Policy

Adherence by Health-Mor to the Safe Harbor Principles and this Policy may be limited to the extent required to meet legal or ethical obligations and to the extent expressly permitted by law.

Contact Information

Please contact the following with questions regarding this Policy at:

Health-Mor

Attention: Timothy Duggan

1 American Road, Suite 1250

Brooklyn, OH 44144

Telephone: 440-846-7800

Email: tduggan@filterqeen.com

Changes to Policy States

This Policy may be amended from time to time, consistent with the requirements of the Safe Harbor principle. A notice will be posted on Health-Mor's website (www.filterqueen.com) advising of material changes to this Policy. Effective Date: April 1, 2016