Step 0
Getting Started
OMB control number: 0625-0276 Expiration date: 3/31/2020
Public
reporting for this collection is estimated to be 40 minutes per
response, including the time to review the instructions, complete,
and submit the collection of information, but not including time to
review and implement the requirements of the program. Send comments
regarding the burden estimate or any other aspect of this collection
of information, including suggestions for reducing this burden, to
the Reports Clearance Officer, International Trade Administration,
Department of Commerce, Room 4001, 14th and Constitution Avenue,
N.W., Washington, D.C. 20230.
The OMB clearance number and
expiration date cited above relates to the form itself rather than
your organization’s self-certification to the Privacy Shield
Framework(s).
Self-certifying an Organization’s Compliance with the EU-U.S. and/or the Swiss-U.S. Privacy Shield Framework(s)
Please
review the Privacy Shield Framework(s), as may be relevant to your
organization, and prepare the required information before completing
this form.
If
you have any difficulty completing this form or have questions
concerning the Privacy Shield self-certification process, please
contact the Privacy Shield team at the International Trade
Administration, U.S. Department of Commerce via the Privacy Shield
website, whenever possible, by using the “Assistance”
tool, or by phone at 202-482-1512.
Please indicate with which Privacy Shield Framework(s) your organization self-certifies its compliance:
{select all that apply} [required]
EU-U.S. Privacy Shield Framework
Swiss-U.S. Privacy Shield Framework
Additional information regarding the Privacy Shield Frameworks and cost structures is available here: https://www.privacyshield.gov/Program-Overview
Step 1
Organization Information
Organization Legal Name: [required]
Organization Display Name: [required]
Address: [required]
City: [required]
State: [required]
Zip Code: [required]
Step 2
ORGANIZATION
CONTACT
Provide
a contact office and individual within your organization for the
handling of complaints, access requests, and any other issues
concerning your organization’s compliance with the Privacy
Shield Framework(s).
Contact Office: [required] |
|
Contact Name: [required] |
|
Contact Title: [required] |
|
Contact Phone: [required] |
|
Contact Fax: [optional] |
|
Contact Email: [required] |
|
ORGANIZATION
CORPORATE OFFICER
Provide
information about the individual certifying your organization’s
compliance with the Privacy Shield Framework(s). By submitting this
self-certification, the corporate officer attests that he/she is
authorized to submit the self-certification on behalf of your
organization and all entities or subsidiaries indicated below.
Corporate Officer Name: [required] |
|
Corporate Officer Title: [required] |
|
Corporate Officer Phone: [required] |
|
Corporate Officer Fax: [optional] |
|
Corporate Officer Email: [required] |
|
Step 3
Organization Characteristics
Indicate your organization’s annual revenue.
Note: This information will be used to determine the fee your organization must pay to self-certify to the Privacy Shield Framework(s) and will not be disclosed on the Privacy Shield website.
{select one} [required]
Under $5 million
Over $5-25 million
Over $25-500 million
Over $500 million - $5 billion
Over $5 billion
Although your organization is not required to do so for purposes of its self-certification, please indicate the number of employees in your organization. Note: This information will not be publicly disclosed on the Privacy Shield website. |
|
{select one} [optional]
Fewer than 100
100-250
251-500
501 or more
Although your organization is not required to do so for purposes of its self-certification, please select the industry sector(s) applicable to your organization.
Note: This is for information only, but will be disclosed on the Privacy Shield website.
{select all that apply} [optional]
Step 4
Other Covered Entities
List all U.S. entities or subsidiaries of your organization that are also adhering to the Privacy Shield Principles and are covered under your organization’s self-certification.
Note: The references to an “organization” in this form, as well as in the Privacy Shield Principles, include all covered entities and subsidiaries listed herein.
{field, maximum 4,000 characters} [required]
Step 5
Covered Data and Dispute Resolution
What types of personal data does your organization’s Privacy Shield commitments cover?
Note: For purposes of this self-certification form, the term “human resources data” (human resources sometimes being abbreviated in this form and on the Privacy Shield website as HR) refers to personal data about employees, past or present, collected in the context of the employment relationship. Examples of other types of personal data that could be covered include the following: customer or client non-HR data, as well as clinical trial data.
{select all that apply} [required]
Human resources data
Personal
data other than human resources data
For personal data other than human resources data
Note regarding the independent recourse mechanism available to investigate unresolved complaints: If your organization wishes its Privacy Shield commitments to cover personal data other than human resources data, on an annual basis you must designate a private sector developed independent recourse mechanism, or you may choose to cooperate with the EU data protection authorities (DPA) and have a DPA panel serve as your independent recourse mechanism for such data transferred from the EU or the Swiss Federal Data Protection and Information Commissioner for such data transferred from Switzerland. Your annual selection will apply to all information received by your organization under Privacy Shield other than human resources data.
{select a recourse mechanism from the list that is provided or identify a recourse mechanism not on the list} [required]
If your organization has designated a private sector developed independent recourse mechanism, provide the name and a web address for the designated private sector developed independent recourse mechanism:
{field, maximum 4,000 characters} [required]
For human resources data
Note regarding the independent recourse mechanism available to investigate unresolved complaints: If your organization wishes its Privacy Shield commitments to cover human resources data transferred from the EU and/or Switzerland for use in the context of the employment relationship, you must declare your organization’s commitment to cooperate with the EU and/or Swiss authority concerned in conformity with the Supplemental Principles on Human Resources Data and on the Role of the Data Protection Authorities and that you will comply with the advice given by such authority.
{select all that apply} [required]
My organization receives or processes human resources data from the EU for use in the context of the employment relationship under Privacy Shield and agrees to cooperate with EU data protection authorities and comply with the advice given by such authorities with respect to this data.
My organization receives or processes human resources data from Switzerland for use in the context of the employment relationship under Privacy Shield and agrees to cooperate with the Swiss Federal Data Protection Information Commissioner and comply with the advice given by such authorities with respect to this data.
Briefly
describe the purposes for which your organization processes personal
data in reliance on Privacy Shield, including the types of personal
data processed by your organization (e.g., customer, client, visitor,
and clinical trial data) and, if applicable, the type of third
parties to which it discloses such personal information.
{field,
maximum 4,000 characters} [required]
Step 6
Enforcement and Verification
Which appropriate U.S. statutory body has jurisdiction to investigate claims against your organization regarding possible unfair or deceptive practices and violations of laws or regulations covering privacy?
Note
that to be transferred in reliance on Privacy Shield, personal data
must be processed in connection with an activity that is subject to
the jurisdiction of at least one appropriate statutory body listed
below to investigate.
{select one} [required]
Federal Trade Commission
Department of Transportation
List
any privacy program in which your organization is a member:
{field, maximum 4,000 characters} [optional]
What is your organization's verification method?
Note: Your organization must indicate whether the verification performed is through self-assessment or outside compliance reviews in conformity with the Supplemental Principle on Verification.
{select one} [required]
self-assessment
outside compliance review
If your organization has chosen an outside compliance review, identify and provide a web address for the third party that conducts the review:
{field, maximum 4,000 characters} [required]
Step 7
Privacy Policies
Enter
the effective date of your organization's privacy policy applicable
to the personal data covered under your organization’s
self-certification:
*
Enter a valid date. [required]
For
personal data other than human resources data
If your organization has a public website, provide the relevant web address where the privacy policy is available:
{field, maximum 4,000 characters}
OR
If your organization does not have a public website, provide information regarding where the privacy policy is available for viewing by the general public and upload a copy of the relevant privacy policy which will be made available on the Privacy Shield website:
{field, maximum 4,000 characters} and {document upload capability}
For human resources data
Although an organization that covers human resources data under its self-certification is not required to make available to the general public the relevant privacy policy that exclusively covers that human resources data, it must provide information regarding where the privacy policy is available for viewing by affected employees and provide a copy of that privacy policy statement to the Department of Commerce. The uploaded policy will not be made available on the Privacy Shield website.
{field, maximum 4,000 characters} and {document upload capability}
[required]
Step 8
Submit Payment and Application
The U.S. Department of Commerce’s International Trade Administration (ITA) has implemented a cost recovery program to support the operation of the Privacy Shield, which requires U.S. organizations to pay an annual fee to the ITA in order to participate in the program. The cost recovery program will support the administration and supervision of the Privacy Shield program and support the provision of the Privacy Shield-related services, including education and outreach. The fee a given organization is charged is based on the organization’s annual revenue.
By
clicking the Pay button on this page you will be redirected to the
Pay.gov payment site where you will submit your payment information.
Once you have submitted your payment information you will be
redirected back to this site, so that you can complete your payment
and submit your organization’s self-certification application
for review.
File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
File Modified | 0000-00-00 |
File Created | 2021-01-14 |