Privacy

OMB clearance number

Expires:

Public reporting for this collection is estimated to be 40 minutes per response, including the time to review the instructions, complete, and submit the collection of information, but not including time to review and implement the requirements of the program. Send comments regarding the burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, to the Reports Clearance Officer, International Trade Administration, Department of Commerce, Room 4001, 14th and Constitution Avenue, N.W., Washington, D.C. 20230.

The OMB clearance number and expiration date cited above relates to the form itself rather than your organization’s self-certification to the Privacy Shield Framework.

SELF-CERTIFYING AN ORGANIZATION'S COMPLIANCE WITH THE EU-U.S. PRIVACY SHIELD FRAMEWORK

Please review the EU-U.S. Privacy Shield Framework and prepare the required information before completing this form.

If you have any difficulty completing this form or have questions concerning the Privacy Shield self-certification process, please contact the Privacy Shield team at the International Trade Administration, U.S. Department of Commerce via the Privacy Shield website, whenever possible, by using the “Assistance” tool, or by phone at 202-482-1512.

Note: Please save periodically as you complete the form; doing so will minimize the loss of information that you have entered into the form should an unexpected system error occur.



ORGANIZATION INFORMATION

ORGANIZATION CONTACT Provide a contact office and individual within your organization for the handling of complaints, access requests, and any other issues concerning your organization’s compliance with the Privacy Shield Framework.

ORGANIZATION CORPORATE OFFICER Provide information about the individual certifying your organization’s compliance with the Privacy Shield Framework. By submitting this self-certification, the corporate officer attests that he/she is authorized to submit the self-certification on behalf of your organization and all entities or subsidiaries indicated below.

DESCRIPTION OF YOUR ORGANIZATION’S ACTIVITIES WITH RESPECT TO ALL PERSONAL DATA RECEIVED FROM THE EU IN RELIANCE ON THE PRIVACY SHIELD

In addition to your organization, list all entities or subsidiaries of your organization that are also adhering to the Privacy Shield Principles and are covered under your organization’s self-certification. Note that references to “organization” in this form as well as in the Privacy Shield Principles include all covered entities and subsidiaries listed here.

{field, maximum 4,000 characters} [required]

What types of personal data does your organization’s Privacy Shield commitment cover?

Note that for purposes of this self-certification form, the term “human resources data” refers to personal data about employees, past or present, collected in the context of the employment relationship. Examples of other types of personal data that could be covered include the following: customer, client, visitor, and clinical trial data.

{select all that apply} [required]

• Human resources data

• Personal data other than human resources data

Briefly describe the purposes for which your organization processes personal data in reliance on the Privacy Shield, including the types of personal data processed by your organization (e.g. customer, client, visitor, and clinical trial data) and, if applicable, the type of third parties to which it discloses such personal information.

{field, maximum 4,000 characters} [required]

DESCRIPTION OF YOUR ORGANIZATION'S PRIVACY POLICY APPLICABLE TO PERSONAL DATA COVERED UNDER YOUR ORGANIZATION’S SELF-CERTIFICATION

Enter the effective date of your organization's privacy policy applicable to the personal data covered under your organization’s self-certification: * Enter a valid date. [required]

For personal data other than human resources data:

If your organization has a public website, provide the relevant web address where the privacy policy is available:

{field, maximum 4,000 characters}

OR

If your organization does not have a public website, provide information regarding where the privacy policy is available for viewing by the general public and upload a copy of the relevant privacy policy which will be made available on the Privacy Shield website:

{field, maximum 4,000 characters} and {document upload capability}

For human resources data:

Although an organization that covers human resources data under its self-certification is not required to make available to the general public the relevant privacy policy that exclusively covers that human resources data, it must provide information regarding where the privacy policy is available for viewing by affected employees and provide a copy of that privacy policy statement to the Department of Commerce. The uploaded policy will not be viewable by the general public.

{field, maximum 4,000 characters} and {document upload capability}

[required]

Which appropriate statutory body has jurisdiction to investigate claims against your organization regarding possible unfair or deceptive practices and violations of laws or regulations covering privacy?

{select one} [required]

• Federal Trade Commission

• Department of Transportation

List any privacy program in which your organization is a member:

{field, maximum 4,000 characters} [optional]

What is your organization's verification method?

{select one} [required]

• self-assessment

• outside compliance review

If your organization has chosen an outside compliance review, identify and provide a web address for the third party that conducts the review:

{field, maximum 4,000 characters} [required]

INDEPENDENT RECOURSE MECHANISM AVAILABLE TO INVESTIGATE COMPLAINTS CONCERNING YOUR ORGANIZATION’S COMPLIANCE WITH THE PRIVACY SHIELD FRAMEWORK

For personal data other than human resources data:

If your organization wishes its Privacy Shield commitments to cover personal data other than human resources data, on an annual basis you must designate a private sector developed independent recourse mechanism, or you may choose to cooperate with the EU data protection authorities (DPA) and have a DPA panel serve as your independent recourse mechanism. Your annual selection will apply to all information received by your organization under the Privacy Shield other than human resources data.

{select one} [required]

• private sector developed independent recourse mechanism

• EU data protection authorities

Provide the name and a web address for the designated private sector developed independent recourse mechanism:

{field, maximum 4,000 characters} [required]

For human resources data:

If your organization wishes its Privacy Shield commitments to cover human resources data, you must declare your organization’s commitment to cooperate with the EU authority or authorities concerned in conformity with the Supplemental Principles on Human Resources Data and the Role of the Data Protection Authorities and that you will comply with the advice given by such authorities.

{select one} [required]

• My organization receives or processes human resources data under the Privacy Shield and agrees to cooperate with EU data protection authorities and comply with the advice given by such authorities with respect to this data.

Indicate your organization’s annual revenue. This information will be used to determine the fee your organization must pay to self-certify to the Privacy Shield Framework and will not be viewable by the general public:

{select one} [required]

• Under $5 million

• Over $5-25 million

• Over $25-500 million

• Over $500 million - $5 billion

• Over $5 billion

Although your organization is not required to do so for purposes of its self-certification, please provide the following information.

Select the industry sector(s) applicable to your organization. This is for information only but will be disclosed on the Privacy Shield website.

{select one} [optional]

• Fewer than 100

• 100-250

• 251-500

• 501 or more

Please save your entries and print a copy of the completed form before proceeding any further so that your organization can retain a copy of this self-certification submission.

Please click the Continue button, which is located immediately below, when you are ready to make your organization’s self-certification submission.