CASRO Safe Harbor Program Privacy Policy Tips
Share |
CASRO Safe Harbor Program


What is the US-EU Safe Harbor

Get Started


Related Links




What is US EU Safe Harbor


About CASRO Safe Harbor Program


Is Your Company Eligible for Safe Harbor


Pricing Information


Get Started


Information for EU & Swiss Citizens - File a Complaint


Privacy Policy Requirements

Renewal Application


Contact us

Privacy Policy Requirements

We will review and approve your company’s privacy policy prior to acceptance in the CASRO Safe Harbor Program. Your privacy policy must comply with our program requirements and with the requirements of the Department of Commerce for participants in the US-EU Safe Harbor, and if applicable, the US-Swiss Safe Harbor.

Important: Your company can certify to one or both (US-EU and US-Swiss) of the Safe Harbor Frameworks. If your company represents that it collects data from Switzerland you are self-certifying compliance with the US-Swiss Safe Harbor Framework. In that case, your privacy policy must contain language indicating that you adhere to both frameworks.


To ensure that your privacy policy is satisfactory:

1) Include an affirmative statement of your commitment to adhere to the Safe Harbor Privacy Principles and the 15 FAQs that constitute the Safe Harbor Framework(s). Provide a link to the US Commerce Department website, www.export.gov/safeharbor for readers to learn more and view your self-certification.




--Suggested Privacy Policy Language--





Where self-certifying to both the US-EU and US-Swiss Safe harbor Frameworks:

(your company name) complies with the US-EU Safe Harbor Framework and US-Swiss Safe Harbor Framework established by the US Department of Commerce which relates to the collection, use, and retention of personal information from EU member countries and Switzerland. (your company name) has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view our certification, please visit http://www.export.gov/safeharbor/

Where self-certifying to the US-EU Safe harbor Framework only:

(your company name) complies with the US-EU Safe Harbor Framework established by the US Department of Commerce which relates to the collection, use, and retention of personal information from EU member countries and Switzerland. (your company name) has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view our certification, please visit http://www.export.gov/safeharbor/

 


2) Make your privacy policy publicly available and readily accessible on your company website.

3) Identify CASRO Safe Harbor Program as your independent recourse mechanism for Safe Harbor complaints and provide a link to our consumer complaints page, https://www.casro.org/?page=complaintcasrosh.

--Suggested Privacy Policy Language--


Where self-certifying to both the US-EU and US-Swiss Safe harbor Frameworks:

In compliance with the US-EU and US-Swiss Safe Harbor Principles, (your company name), commits to resolve complaints about our consumer's privacy and our collection or use of consumer's personal information. EU or Swiss citizens with inquiries of complaints regarding this privacy policy should first contact (your company name) at:

(Add name and address of your company's internal complaints mechanism)

(your company name) has further committed to refer unresolved privacy complaints under the US-EU and US-Swiss Safe Harbor Privacy Principles to an independent dispute resolution mechanism, the CASRO SAFE HARBOR PROGRAM. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by (your company name), please visit the CASRO SAFE HARBOR PROGRAM website at https://www.casro.org/?complaintcasrosh for more information and to file a complaint.

Where self-certifying to the US-EU Safe harbor Framework only:

In compliance with the US-EU Safe Harbor Principles, (your company name), commits to resolve complaints about our consumer's privacy and our collection or use of consumer's personal information. EU citizens with inquiries of complaints regarding this privacy policy should first contact (your company name) at:

(Add name and address of your company's internal complaints mechanism)

(your company name) has further committed to refer unresolved privacy complaints under the US-EU Safe Harbor Privacy Principles to an independent dispute resolution mechanism, the CASRO SAFE HARBOR PROGRAM. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by (your company name), please visit the CASRO SAFE HARBOR PROGRAM website at https://www.casro.org/?complaintcasrosh for more information and to file a complaint.



4) Provide the contact information for your company’s internal complaint mechanism to encourage respondents to resolve issues directly with your company prior to filing a formal Safe Harbor complaint.

 

Sample privacy policies provided by the Department of Commerce can be found here.

Additional resources for crafting an effective privacy policy for your company are provided by CASRO here.

 

Community Search
Member Log In


Forgot your password?

Not A CASRO Member?

Calendar

10/24/2016 » 10/27/2016

Annual Conference

Latest News
Website Underwriters