Aspect Safe Harbor Policy
Last updated on December 29, 2014
Aspect Software, Inc. (“Aspect”) complies with the U.S.-EU Safe Harbor program and the U.S.-Swiss Safe Harbor program for the collection, use, and retention of personal information Aspect receives from customers located in the European Economic Area (“EEA”) and Switzerland. Aspect is committed to handling such personal information in accordance with the Safe Harbor Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. For more information about the Safe Harbor program and to view Aspect’s Safe Harbor certification visit the U.S. Department of Commerce’s Web site at http://export.gov/safeharbor/.
For the purposes of this Aspect Safe Harbor Policy (“Policy”), the following definitions apply:
“Personal Information” means any information that identifies or could be used to identify a Data Subject. Personal Information does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public personal information.
“Data Subject” means any natural person who is located in the EEA or Switzerland.
This Policy applies to Personal Information (i) uploaded and potentially stored at the request of or by Aspect customers using Aspect hosted services or (ii) sent or made available to Aspect by Aspect customers using managed or support services provided by Aspect if such Personal Information is stored in the U.S. or accessed from the U.S. Aspect processes Personal Information solely on behalf of our customers and in accordance with our customers’ instructions. For the majority of Aspect’s hosted services, Aspect customers control Data Subjects’ Personal Information and, alone or jointly with others, determine the purposes and means of processing Personal Information. For Aspect’s managed and support services to Aspect customers using either hosted services or premise-based products, Personal Information may be contained in log files accessed by Aspect during support or maintenance services. Any such Personal Information is protected by Aspect in accordance with the Safe Harbor Principles and not used for any purpose other than providing such services to Aspect customers.
The privacy principles in this Policy are based on the Safe Harbor Principles.
This Policy serves as notice about the purposes for which Aspect collects and uses Personal Information. For Aspect’s hosted, managed, and support services, Aspect acts as an agent processing Personal Information (i) under the direction of and (ii) in performance of services for Aspect customers. Aspect has no direct relationship with the Data Subjects whose Personal Information it may process. Aspect requires all our customers to comply with local laws, which include a responsibility to notify Data Subjects about how their Personal Information may be collected and used.
Aspect only processes Personal Information (i) under the direction of the Aspect customer who collected the Personal Information, or (ii) in some, but not all, log files during the performance of managed or support services for the Aspect customer. Personal Information within the support log files is not used by Aspect.
Aspect’s customers are responsible for ensuring compliance with the EU Data Protection Directive 95/46/EC or the Swiss Federal Act on Data Protection when determining whether to provide opt-out and opt-in choices to Data Subjects with respect to the processing of such Data Subjects’ Personal Information. In cases where the Aspect customer must provide the Data Subject with such choices, the Aspect customer must ensure that any data provided to Aspect for processing does not contain Personal Information about a Data Subject who (i) has opted out of disclosure to any third parties or (ii) has not authorized disclosure if that Personal Information will be used in a manner other than that which was originally agreed to by the Data Subject.
Aspect requires third parties to whom it discloses Personal Information and who are not subject to the EU Data Privacy Directive 95/46/EC or the Swiss Federal Act on Data Protection to either (i) subscribe to the relevant Safe Harbor Principles or (ii) contractually agree to provide at least the same level of protection for Personal Information as is required by the relevant Safe Harbor Principles.
Aspect processes customer data (i) at the direction of the Aspect customer or (ii) as part of performing managed or support services for Aspect customers and Aspect has no direct relationship with the Data Subjects whose Personal Information it may process. A Data Subject who seeks access, or seeks to correct, amend, or delete inaccurate data should direct questions to the Aspect customer who has transferred that Data Subject’s Personal Information to Aspect for processing. The Aspect customer will then facilitate the Data Subject’s request to amend or delete such inaccurate Personal Information as needed. In cases where a Data Subject contacts Aspect regarding access, Aspect will broker communication between the Data Subject and Aspect customer until such time when a direct connection between the two parties can be made. Aspect will assist and implement an Aspect customer’s instructions for compliance with this principle to the extent applicable.
For (i) the components of Aspect’s products and services under Aspect’s control and (ii) any log files and other data in Aspect’s possession as part of performing managed or support services for Aspect customers, Aspect has a security program in place that is consistent with normal commercial standards and provides reasonable technical, organizational, and security measures to protect Personal Information from loss, misuse or unauthorized access, disclosure, alteration or destruction. Aspect’s products and services include features and recommended practices necessary to protect information in accordance with the EU Data Privacy Directive 95/46/EC and the Swiss Federal Act on Data Protection, but it is ultimately the Aspect customer’s responsibility to utilize the features and recommended practices under the customer’s controll.
Aspect only processes Personal Information that is relevant to the services it provides at the instruction or on behalf of the Aspect customer and only for purposes compatible with those for which the Personal Information was collected by the Aspect customer. In most cases the Aspect customer is the only party that can control and modify any Personal Data. However, as an agent processing Personal Data under the direction of our customers, Aspect will work with its customers to connect them with Data Subjects as necessary to implement Safe Harbor Principles. In addition, Aspect does not modify any Personal Data that may be contained in log files resulting from managed or support services provided to Aspect customers.
For any questions or complaints regarding the Personal Information of a Data Subject, Aspect implements procedures to broker communication between the Data Subject and the Aspect customer who collected that Data Subject’s Personal Information.
If a Data Subject complaint cannot be resolved through our internal processes, we agree to utilize the dispute resolution mechanisms provided for by JAMS and Data Subjects may submit a complaint to JAMS (see http://www.jamsadr.com/).
Changes to this Aspect Safe Harbor Policy
Aspect may make changes to this Policy at any time. When we do, we will change the last updated date at the beginning of this Policy. Please review this Policy frequently. If we make material changes to this Policy, we will notify you by placing a prominent notice on the home page of this Web site.
For further information about Aspect’s Safe Harbor practices, please contact:
Aspect Software Legal Department
300 Apollo Drive
Chelmsford, MA 01824
978 250 7900 (phone)
978 244 7410 (fax)