Care2 complies with the Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information fromSwitzerland. Care2 has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about Swiss-U.S. Privacy Shield programs, and to view Care2's certification, please visit www.privacyshield.gov/welcome.
Care2 respects individual privacy and values the confidence of its users, customers, employees, business partners and others. Not only does Care2 strive to collect, use and disclose personal information in a manner consistent with the laws of the countries in which it does business, it also has a tradition of upholding the highest ethical standards in its business practices. This Swiss – U.S. Data Transfer Policy (the "Policy") sets forth the privacy principles that Care2 follows with respect to transfers of personal information from Switzerland to the United States.
The United States Department of Commerce and Switzerland have agreed on a set of data protection principles and frequently asked questions (Swiss-U.S. Privacy Shield Frameworks") to enable U.S. companies to satisfy the requirement under Swiss law that adequate protection be given to personal information transferred from the Switzerland to the United States.
Although the Swiss-U.S. Privacy Shield Framework is no longer considered by the Swiss supervisory authority as a legitimate data transfer mechanism for personal information from Switzerland to the U.S., Care2 will continue to maintain its Swiss-U.S. Privacy Shield certification, because we want to continue to honor our commitments to our Swiss clients, because we want to continue to honor our commitments to the U.S. Department of Commerce, and because this framework is based on sound data privacy principles which help to protect the personal information of our Swiss clients and individuals in Switzerland.
Further to our adherence to the Swiss-U.S. Privacy Shield Principles, our Data Processing Addendum, available for any of our clients and vendors to sign, includes Standard Contractual Clauses (SCCs) holding our clients, our vendors and ourselves to certain standards, to ensure that the personal information of individuals in Switzerland remains adequately protected. In terms of Swiss-U.S. personal information transfers, we are also monitoring new guidance on from the Swiss supervisory authority in order to stay abreast of any recommended modifications to the SCCs or our data protection practices.
Care2 is committed to keeping your personal information safe and secure and we have appropriate and proportionate security policies and organisational and technical measures in place to help protect your information.
This includes corporate policies and staff training regarding how your personal information should be handled, as well as physical security, encryption, and network security for IT infrastructure. Your personal information is only accessible by appropriately trained staff.
We self-certify compliance with: Swiss-US Privacy Shield.
Care2's Swiss-U.S. Privacy Shield Certification also extends to data that we receive directly through Care2's publicly accessible websites (care2.com and thepetitionsite.com). More information on the Swiss-U.S. Privacy Shield and Care2's scope of participation in the Swiss-U.S. Privacy Shield Frameworks is available at www.privacyshield.gov/welcome.
Client personal information processed or stored by Care2 may be subject to contractual agreements with our clients that require more stringent privacy and security safeguards than the requirements in the Swiss-U.S. Privacy Shield. At a minimum, however, Care2 handles Client personal information in accordance with our Swiss-U.S. Privacy Shield Policy, which is based upon the seven principles identified in the Swiss-U.S. Privacy Shield Framework.
This Notice addresses data subjects residing in Switzerland whose data we may receive from one of our customers, suppliers or other business partners in Switzerland, e.g., referral partners, integration partners, etc. When Care2 receives client personal information for processing pursuant to instructions of clients or their partners, we are acting as an agent for our client and do not provide notice to individuals regarding the collection and use of their personal information. Our clients remain responsible for providing notice, if and to the extent they believe such notice is necessary under applicable Swiss law.
Care2 allows individuals around the world to create and sign petitions on topics of public interest. As part of that signing process, we collect personal name and address information to validate the identity of the signer. Our treatment of that information is described here.
As part of the petition signing process, individuals may be offered opportunities to provide their information to receive ongoing communications from our clients.
Our Swiss clients may provide us with lists of email addresses or phone numbers of their existing members, encrypted with one-way hashes, to ensure that Care2 does not present signup opportunities to their existing members. As Swiss Data covered by this Policy is by definition sent to us by another company in Switzerland (e.g., a client of Care2), the client functions as the Data Controller and Care2 as the Data Processor in these cases. Care2 will not use client personal information for any other purposes than for the purposes that Care2 clients provide such information.
Care2 collects and uses Swiss Data for purposes of providing products and services to our users, communicating with petition targets, and processing Swiss Data on behalf of clients, and conducting related tasks for legitimate business purposes.
In compliance with the Privacy Shield Principles, Care2 commits to resolve complaints about our collection or use of your personal information. Swiss and US individuals with inquiries or complaints regarding our Privacy Shield policy should first contact our support team by email at support@care2team.com.
Care2 has further committed to refer unresolved Privacy Shield complaints to Verasafe, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.verasafe.com/about-verasafe/contact-us/ for more information or to file a complaint. The services of Verasafe are provided at no cost to you.
Care2 complies with the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the Switzerland to the United States. Care2 has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov.
Care2 has self-certified with the US Department of Commerce that it adheres to the seven Privacy Shield principles. Care2 is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Under certain conditions an individual has the right to invoke binding arbitration. Care2 acknowledges liability in cases of onward transfers to third parties.
Care2 shares ersonal information with its service providers and among Care2's affiliates. With respect to the personal information we share with third parties, we provide our users with an opportunity to opt-out of such sharing. Contact Care2's Privacy Officer (address below) if you would like to opt-out. We do not use personal information for purposes incompatible with the purposes for which the information was originally collected without notifying the relevant consumers, customers, suppliers and others of such uses and offering an opportunity to opt-out.
In addition, we may disclose personal information (i) if we are required to do so by law or legal process, (ii) to law enforcement authorities or other government officials based on an enforceable government request or as may be required under applicable law, or (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity.
With respect to emails, Swiss Persons may opt-out of receiving further email communications from Care2 or Care2 clients by following opt-out or "unsubscribe" instructions contained within the email message in question.
Swiss Persons may request access to, and the opportunity to update, correct or delete, EEA or Swiss Data. Please contact our Privacy Officer (address below). We reserve the right to take appropriate steps to authenticate an applicant's identity, and to deny requests, except as required by the Swiss-U.S. Privacy Shield Framework.
Note too that users can view, edit, revise, and delete most of the personal information stored by Care2 via the Care2.com website's self-serve "member profile" tools, available after logging in to the Care2.com website.
Care2 recognizes potential liability in cases of onward transfer to third parties. Care2 will not transfer any personal information to a third-party without first ensuring that the third-party adheres to the Privacy Shield principles. Care2 does not transfer client personal information to unrelated third parties, unless lawfully directed by a client, or in certain limited or exceptional circumstances in accordance with the Swiss-U.S. Privacy Shield Framework.
Care2 may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In the event that Care2 is requested to transfer Client Personal Data to an unrelated third party, Care2 will ensure that such party is either subject to the Swiss-U.S. Privacy Shield Agreement, subject to similar laws providing an adequate and equivalent level of privacy protection, or will enter into a written agreement with the third party requiring them to provide protections consistent with the Swiss-U.S. Privacy Shield Framework and Care2's Privacy Shield Policy. Should Care2 learn that an unrelated third party to which personal information has been transferred by Care2 is using or disclosing personal information in a manner contrary to this Policy, Care2 will take reasonable steps to prevent or stop the use or disclosure.
Contact information and client personal information is accessible only by those Care2 employees and consultants who have a reasonable need to access such information in order for us to fulfill contractual, legal and professional obligations. All of our employees and consultants have entered into strict confidentiality agreements, and/or have been subjected to thorough criminal background checks requiring that they maintain the confidentiality of client personal information.
Care2 is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
Care2 also assures compliance with this Swiss-U.S. Privacy Shield Policy and the Swiss-U.S. Privacy Shield Framework by fully investigating and attempting to resolve any complaint or dispute regarding the use and disclosure of personal data in violation of this Privacy Policy.
For complaints that cannot be resolved by Care2 and the complainant, The U.S. Direct Marketing Association (DMA) serves as Care2's third-party dispute resolution provider, as required under the Privacy Shield Principles. If by contacting Care2 without satisfactory resolution, complaint(s) may be filed with the U.S. Direct Marketing Association using the following contacts:
The Care2 Swiss – U.S. Data Transfer Policy may be updated or amended occasionally, in compliance with the requirements of the Privacy Shield principles. Appropriate notice will be given concerning such amendments. The date of the latest revision will appear at the bottom of this document.
In compliance with Swiss-U.S. Privacy Shield policies, Care2 commits to resolve complaints about your privacy and our collection or use of your personal information. Swiss individuals with inquiries or complaints regarding this privacy policy should first contact Care2.
If you have questions, please contact Care2's Security Officer by email: privacy@care2team.com
Alternatively, call our Privacy team at +1-888-655-8345.
We will promptly investigate and attempt to resolve complaints and disputes in a manner that complies with the principles described in this Policy.
For complaints that cannot be resolved by Care2 and the complainant, The U.S. Direct Marketing Association (DMA) serves as Care2's third-party dispute resolution provider, as required under the Privacy Shield Principles. If by contacting Care2 without satisfactory resolution, complaint(s) may be filed with the U.S. Direct Marketing Association using the following contacts:
Swiss Persons (Swiss Data Subjects) may complain to their home data protection authority and can invoke binding arbitration for some residual claims not resolved by other redress mechanisms.
If you have a comment or concern that cannot be resolved with us directly, you may contact the competent local data protection authority.
Care2 assures compliance with this Swiss-U.S. Privacy Shield Policy and the Swiss-U.S. Privacy Shield Framework by utilizing the self-assessment approach as specified by the U.S. Department of Commerce. The assessment is conducted on an annual basis to ensure that all of Care2's relevant privacy practices are being followed in conformance with this Swiss-U.S. Privacy Shield Policy and the Swiss-U.S. Privacy Shield Framework. Any employee that Care2 determines is in violation of these policies will be subject to discipline, up to and including termination of employment and/or criminal prosecution.
Swiss-U.S. Privacy Shield Policy Update Date: 10/08/2020