PRIVACY SHIELD POLICY

This Privacy Shield Policy (“Policy”) applies to all personal information received by ExecuTrain (“ExecuTrain”, “we”, “our”, or “us”) in the United States from the European Economic Area (EEA) (which includes the member states of the European Union (EU) plus Iceland, Liechtenstein and Norway) and from Switzerland. This Policy also applies to all personal information previously received under the U.S.-EU Safe Harbor Framework and U.S.-Swiss Safe Harbor Framework and still held by ExecuTrain. This Policy sets out our practices for collecting, using, maintaining, protecting and disclosing that personal information.

DEFINITIONS

For purposes of this Policy, the following definitions shall apply:

“Agent” means any third party that collects or uses personal information under the instructions of, and solely for, ExecuTrain or to which ExecuTrain discloses personal information for use on ExecuTrain’ behalf.

“ExecuTrain” means ExecuTrain, ExecuTrain Franchising Group, and any predecessors and successors Globally.

“Personal Information” means any information or set of information that identifies or could be used by or on behalf of ExecuTrain to identify (together with other information) a living individual. Personal information does not include information that is anonymized or aggregated.

“Sensitive information” means any personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; information that concerns health or sex life; information specifying personal sexuality, ideological, or trade union-related views or activities; and information about criminal or administrative proceedings and sanctions (which are treated outside pending proceedings), or social security measures.

EU-U.S. AND SWISS-U.S. PRIVACY SHIELDS

ExecuTrain participates in and complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (collectively, “Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the EEA and Switzerland to the United States, respectively. ExecuTrain has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfers, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability, which are the basis for the principles of this Policy. If there is any conflict between this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

PRINCIPLES

Notice
Where ExecuTrain receives personal information about individuals in the EEA and Switzerland collected by ExecuTrain and its franchisees, it will publicly inform them about its compliance with the Privacy Shield in clear, concise language. This personal information may include basic contact information like name and email address, billing information, and courses and training taken by students. ExecuTrain uses this information to provide our educational and training-related services to franchisees, customer support for such services, to bill customers, and to correspond with customers. This information also facilitates our affiliates’ and franchisees’ services. ExecuTrain also receives information about employees of ExecuTrain who are located in the EEA and Switzerland, and which is transferred in the context of the employment relationship. ExecuTrain uses this information for internal employment and human resources purposes. ExecuTrain commits to cooperate in investigations by and to comply with the advice of competent EEA and Swiss authorities. ExecuTrain will subject all personal information received via the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework to their respective Privacy Shield Principles. ExecuTrain is subject to the investigative and enforcement authority of the Federal Trade Commission (FTC), is obliged to disclose personal information in response to lawful requests by public authorities, for law enforcement, and national security purposes, and has potential liability for onward transfers to third parties. Additionally, an individual may be allowed to invoke binding arbitration to resolve disputes under certain limited conditions.

Choice
ExecuTrain will offer individuals the opportunity to choose whether their personal information is to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. An individual may opt-out of such uses of their personal information by contacting us at the address given below. ExecuTrain does not disclose personal information to non-agent third parties. If this changes, ExecuTrain will offer an opt-out to individuals. ExecuTrain will not use sensitive personal information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual unless ExecuTrain has received the individual’s affirmative and explicit consent (opt-in). ExecuTrain will treat as sensitive any personal information received from a third party where the third party identifies and treats it as sensitive.

Data Integrity
ExecuTrain will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. ExecuTrain will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete and current.

Transfers to Agents
ExecuTrain contracts with third parties who perform business functions on our behalf. ExecuTrain uses these third parties to manage its IT system infrastructure, provide live, online support to customers, and to manage email lists. These entities may have access to personal information if needed to perform their functions for ExecuTrain. ExecuTrain does not disclose personal information to non-agent third parties.
For information received under the Privacy Shield, ExecuTrain will require its agents to safeguard personal information consistent with this Policy by contract, obligating the agent to provide at least the same level of protection as is required by the Privacy Shield Principles.
Under certain circumstances, ExecuTrain may bear liability for onward transfers of personal information from the EEA or Switzerland where its agent processes such personal information inconsistent with the Privacy Shield Principles, unless ExecuTrain proves that it is not responsible for the event giving rise to the damage.

Access and Correction
ExecuTrain acknowledges the right of individuals to access their personal information. Upon request, ExecuTrain will grant individuals reasonable access to personal information that it holds about them. In addition, ExecuTrain will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete. An individual may request to access their information, or otherwise correct, amend, or delete their information by contacting us at the address given below.

Security
ExecuTrain will take reasonable and appropriate precautions to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.

Enforcement
ExecuTrain will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy. Any employee that ExecuTrain determines is in violation of this policy will be subject to disciplinary action.
ExecuTrain is subject to the investigative and enforcement authority of the FTC.

Dispute Resolution—Privacy Shield
In compliance with the Privacy Shield, ExecuTrain commits to resolve complaints about your privacy and our collection or use of your personal information. EEA or Swiss individuals with inquiries or complaints regarding this Policy should first contact ExecuTrain at the address given below. ExecuTrain will investigate and attempt to resolve complaints regarding use and disclosure of personal information by reference to the principles contained in this Policy. ExecuTrain commits to cooperating with European Data Protection Authorities and the Swiss Federal Data Protection and Information Commissioner.
ExecuTrain has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to the International Centre for Dispute Resolution (“ICDR”), the international division of the American Arbitration Association (“AAA”), a non-profit alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit the ICDR web site at http://go.adr.org/privacyshield.html for more information and to file a complaint. Under certain limited conditions, an individual may be able to invoke binding arbitration as provided under the Privacy Shield to address an otherwise unresolved complaint.

LIMITATIONS & CHANGES

We may also be required to disclose an individual’s personal information in response to a lawful request by public authorities or in connection with a legal obligation. Adherence by ExecuTrain to these Privacy Shield Principles may also be limited to the extent required to respond to a legal obligation, to the extent necessary to meet national security, public interest or law enforcement obligations, and to the extent expressly permitted by an applicable law, rule or regulation.

This Policy may be amended from time to time, consistent with the requirements of the Privacy Shield Principles. The amended Policy will be made publicly available via ExecuTrain’ website.