Privacy Policy

Introduction

RiverStar provides customer service solutions to companies that need them. This includes development software used to develop applications to facilitate customer service, professional services (PS) work to develop custom web applications using our tools, and hosting of web applications developed by our customers or PS team on behalf of our customers. These custom web applications in turn sometimes collect personal information of our customer’s customers. All such data collected and the use to which such data are put, are controlled by our customers.

This privacy policy outlines our involvement in safe­guarding the privacy of these participants.

Our privacy policy has the intent to follow all applicable EU privacy laws. In doing so, we participate in the Privacy Shield program, a US Department of Commerce program that helps U.S. Organizations maintain compliance with EU privacy laws. To learn more about the Privacy Shield program, and to view RiverStar’s certification, please visit https://www.privacyshield.gov

RiverStar as a hosting provider

In a hosting context, RiverStar never shares hosted data with third parties unless required to by law, for example a court order. Responsibility for implementation of privacy policy to end customers rests with our customers who develop and control the web application hosted by us. RiverStar will take reasonable precautions to protect data at the server level from loss, misuse and unauthorized access, disclosure, alteration and destruction.

Custom Solutions developed by our Professional Services team

In a PS context, we may be (partially or fully) developing the web application specified by our customers. In this case, we follow directives from our customer regarding privacy issues. We actively work with our customer to ensure that the U.S.­EU Privacy Shield Principles are followed in their environment if either:

  1. The customer is based in the EU
  2. The customer has specifically asked us to (if, for example, they also subscribe to the U.S.­EU Privacy Shield Privacy Principles)

U.S.­EU Privacy Shield Principles

RiverStar complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, as applicable) to the United States.  RiverStar has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

RiverStar is subject to the regulatory and enforcement authority of the United States Federal Trade Commission (FTC).

Below we describe the Privacy Shield Principles that the RiverStar PS team uses when helping a customer comply with EU privacy regulations:

Notice

RiverStar does not control what information is collected by our customers or the purposes of such data collection. RiverStar does not own the data hosted for our customers nor does RiverStar have the authority to provide access to such data to anyone except under direct legal order.  RiverStar simply provides the tools used to build the applications used by our customers and the hosting for such applications and data.  If contacted, RiverStar will provide information about how individuals can contact our customers with any inquiries or complaints and the types of third parties to which a customer discloses the information. RiverStar will work with our customers to notify individuals about the purposes for which they collect and use information about them.

Choice

RiverStar will work with our customers to ensure they understand the need  to give individuals the opportunity to choose (opt out) whether their personal information will be disclosed to a third party or used for a purpose incompatible with the purpose for which it was originally collected or subsequently authorized by the individual. For sensitive information, RiverStar will work with our customers to ensure they understand the need   to provide affirmative or explicit (opt in) choice, if the information is to be disclosed to a third party or used for a purpose other than its original purpose or the purpose authorized subsequently by the individual.

Onward Transfer (Transfers to Third Parties)

RiverStar will only provide onward transfer to third parties directly requested by our customer.  We will work with our customer to ensure that they understand the need for notice and choice principles to be followed. We will also remind our customer of onward transfer requirements, if we are a part of selecting third parties. RiverStar has no control over the transfer of personal data to third parties except as noted below.  That is controlled by our customers.   Note that RiverStar may be required to release personal data in response to legal requests by public authorities including to meet national security or law enforcement requirements.

Access

RiverStar will help our customers satisfy access requirements under EU-US privacy principles. Individuals have the right to access personal information about them that an organization holds and be able to correct, amend, or delete that information where it is inaccurate, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated.  RiverStar has no ability to grant access or change/ delete any information held on behalf of our customers.  Our customers have all such control.  In the normal course of business, RiverStar does not access any of the data held on behalf of our customers.

Security

RiverStar will take reasonable precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction.

 Data Integrity

RiverStar will help our customers satisfy Data Integrity requirements under the U.S.­EU Privacy Principles. Personal information must be relevant for the purposes for which it is to be used. An organization should take reasonable steps to ensure that data is reliable for its intended use, accurate, complete, and current.  Again, RiverStar does not have any control over what data are collected or what use our customers make of such data.

Enforcement

RiverStar uses a self­-assessment approach to assure compliance with this privacy policy and periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, and completely implemented and accessible in conformity with the Principles. We encourage interested persons to raise any concerns using the contact information provided and we will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of Personal Information in accordance with the Principles. This will generally involve referral of the individual to the customer who is collecting the data.   If a complaint or dispute cannot be resolved through our internal process, we agree to dispute resolution using BBB EU Privacy Shield as a third party resolution provider.

Amendments

This privacy policy may be amended from time to time consistent with the requirements of the Privacy Shield. We will post any revised policy on this website.

Contact Information

Questions, comments or complaints regarding RiverStar’s Privacy Shield Policy can be mailed or emailed to:

RiverStar Software

Attn: Security Officer
20 Danada Square West
Suite 260
Wheaton, IL 60189
security@riverstar.com

Privacy Complaints by European Union Citizens:

In compliance with the U.S.­EU Privacy Shield Principles, RiverStar commits to resolve complaints about your privacy and our collection or use of your personal information. European Union citizens with inquiries or complaints regarding this privacy policy should first contact RiverStar at:

RiverStar Software
Attn: Security Officer
20 Danada Square West
Suite 260
Wheaton, IL 60189
security@riverstar.com

RiverStar has further committed to refer unresolved privacy complaints under the U.S.­EU Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by RiverStar, please visit the BBB EU PRIVACY SHIELD web site at https://www.bbb.org/EU-privacy-shield/file-a-complaint/  for more information or to file a complaint.

Finally, as a last resort and under limited circumstances EU individuals with unresolved privacy complaints may invoke binding arbitration before a Privacy Shield Panel.

Contact Us

Ready to get started? Want to learn more? Either way, we want to hear from you.

MAILING ADDRESS

20 Danada Square West Suite 260 Wheaton, Illinois 60189