OMB clearance number
Expires:
Public
reporting for this collection is estimated to be 40 minutes per
response, including the time to review the instructions, complete,
and submit the collection of information, but not including time to
review and implement the requirements of the program. Send comments
regarding the burden estimate or any other aspect of this collection
of information, including suggestions for reducing this burden, to
the Reports Clearance Officer, International Trade Administration,
Department of Commerce, Room 4001, 14th and Constitution Avenue,
N.W., Washington, D.C. 20230.
The OMB clearance number and
expiration date cited above relates to the form itself rather than
your organization’s self-certification to the Privacy Shield
Framework.
SELF-CERTIFYING AN ORGANIZATION'S COMPLIANCE WITH THE EU-U.S. PRIVACY SHIELD FRAMEWORK
Please
review the EU-U.S. Privacy Shield Framework and prepare the required
information before completing this form.
If you have any
difficulty completing this form or have questions concerning the
Privacy Shield self-certification process, please contact the Privacy
Shield team at the International Trade Administration, U.S.
Department of Commerce (E-mail: [email protected]; Tel.:
202-482-4936 or 202-482-1512).
Note:
Please save periodically as you complete the form; doing so will
minimize the loss of information that you have entered into the form
should an unexpected system error occur.
ORGANIZATION
INFORMATION
Organization Name: [required] |
|
||
Address: [required] |
|
||
City: [required] |
|
||
|
|
||
Zip: [required] |
|
||
Phone: [required] |
|
||
Fax: [required] |
|
||
Website: [optional] |
|
ORGANIZATION
CONTACT
Provide
a contact office and individual within your organization for the
handling of complaints, access requests, and any other issues
concerning your organization’s compliance with the Privacy
Shield Framework.
Contact Office: [required] |
|
Contact Name: [required] |
|
Contact Title: [required] |
|
Contact Phone: [required] |
|
Contact Fax: [required] |
|
Contact Email: [required] |
|
ORGANIZATION
CORPORATE OFFICER
Provide
information about the individual certifying your organization’s
compliance with the Privacy Shield Framework. By submitting this
self-certification, the corporate officer attests that he/she is
authorized to submit the self-certification on behalf of your
organization and all entities or subsidiaries indicated below.
Corporate Officer Name: [required] |
|
Corporate Officer Title: [required] |
|
Corporate Officer Phone: [required] |
|
Corporate Officer Fax: [required] |
|
Corporate Officer Email: [required] |
|
DESCRIPTION OF YOUR ORGANIZATION’S ACTIVITIES WITH RESPECT TO ALL PERSONAL DATA RECEIVED FROM THE EU IN RELIANCE ON THE PRIVACY SHIELD
In addition to your organization, list all entities or subsidiaries of your organization that are also adhering to the Privacy Shield Principles and are covered under your organization’s self-certification. Note that references to “organization” in this form as well as in the Privacy Shield Principles include all covered entities and subsidiaries listed here.
{field, maximum 4,000 characters} [required]
What types of personal data does your organization’s Privacy Shield commitment cover?
Note that for purposes of this self-certification form, the term “human resources data” refers to personal data about employees, past or present, collected in the context of the employment relationship. Examples of other types of personal data that could be covered include the following: customer, client, visitor, and clinical trial data.
{select all that apply} [required]
Human resources data
Personal data other than human resources data
Briefly describe the purposes for which your organization processes personal data in reliance on the Privacy Shield, including the types of personal data processed by your organization (e.g. customer, client, visitor, and clinical trial data) and, if applicable, the type of third parties to which it discloses such personal information.
{field,
maximum 4,000 characters} [required]
DESCRIPTION OF
YOUR ORGANIZATION'S PRIVACY POLICY APPLICABLE TO PERSONAL DATA
COVERED UNDER YOUR ORGANIZATION’S SELF-CERTIFICATION
Enter
the effective date of your organization's privacy policy applicable
to the personal data covered under your organization’s
self-certification:
*
Enter a valid date. [required]
For
personal data other than human resources data:
If your organization has a public website, provide the relevant web address where the privacy policy is available:
{field, maximum 4,000 characters}
OR
If your organization does not have a public website, provide information regarding where the privacy policy is available for viewing by the general public and upload a copy of the relevant privacy policy which will be made available on the Privacy Shield website:
{field, maximum 4,000 characters} and {document upload capability}
For human resources data:
Although an organization that covers human resources data under its self-certification is not required to make available to the general public the relevant privacy policy that exclusively covers that human resources data, it must provide information regarding where the privacy policy is available for viewing by affected employees and provide a copy of that privacy policy statement to the Department of Commerce. The uploaded policy will not be viewable by the general public.
{field, maximum 4,000 characters} and {document upload capability}
[required]
Which
appropriate statutory body has jurisdiction to investigate claims
against your organization regarding possible unfair or deceptive
practices and violations of laws or regulations covering privacy?
Note
that to be transferred in reliance on the Privacy Shield, personal
data must be processed in connection with an activity that is subject
to the jurisdiction of at least one appropriate statutory body listed
below to investigate.
{select one} [required]
Federal Trade Commission
Department of Transportation
List
any privacy program in which your organization is a member:
{field, maximum 4,000 characters} [optional]
What is your organization's verification method?
{select one} [required]
self-assessment
outside compliance review
If your organization has chosen an outside compliance review, identify and provide a web address for the third party that conducts the review:
{field, maximum 4,000 characters} [required]
INDEPENDENT RECOURSE MECHANISM AVAILABLE TO INVESTIGATE COMPLAINTS CONCERNING YOUR ORGANIZATION’S COMPLIANCE WITH THE PRIVACY SHIELD FRAMEWORK
For personal data other than human resources data:
If your organization wishes its Privacy Shield commitments to cover personal data other than human resources data, on an annual basis you must designate a private sector developed independent recourse mechanism, or you may choose to cooperate with the EU data protection authorities (DPA) and have a DPA panel serve as your independent recourse mechanism. Your annual selection will apply to all information received by your organization under the Privacy Shield other than human resources data.
{select one} [required]
private sector developed independent recourse mechanism
EU data protection authorities
Provide the name and a web address for the designated private sector developed independent recourse mechanism:
{field, maximum 4,000 characters} [required]
For human resources data:
If your organization wishes its Privacy Shield commitments to cover human resources data, you must declare your organization’s commitment to cooperate with the EU authority or authorities concerned in conformity with the Supplemental Principles on Human Resources Data and the Role of the Data Protection Authorities and that you will comply with the advice given by such authorities.
{select one} [required]
My organization receives or processes human resources data under the Privacy Shield and agrees to cooperate with EU data protection authorities and comply with the advice given by such authorities with respect to this data.
Indicate your organization’s annual sales. This information will be used to determine the fee your organization must pay to self-certify to the Privacy Shield Framework and will not be viewable by the general public:
{select one} [required]
Under $5 million
Over $5-25 million
Over $25-500 million
Over $500 million - $5 billion
Over $5 billion
Although your organization is not required to do so for purposes of its self-certification, please provide the following information.
Select
the industry sector(s) applicable to your organization. This is for
information only but will be disclosed on the Privacy Shield website.
{select all that apply} [optional]
|
|
Indicate the number of employees in your organization. This information will not be publicly disclosed on the Privacy Shield website. |
|
{select one} [optional]
Fewer than 100
100-250
251-500
501 or more
Please
save your entries and print a copy of the completed form before
proceeding any further so that your organization can retain a copy of
this self-certification submission.
Please
click the Continue button, which is located immediately below, when
you are ready to make your organization’s self-certification
submission.
File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
File Modified | 0000-00-00 |
File Created | 2021-01-24 |