Introduction

RiverStar provides customer service solutions to companies that need it. This includes development software used to develop applications to facilitate customer service, professional services (PS) work to develop custom web applications using that tool, and hosting of web applications developed by our customers or PS team. These custom web applications in turn sometimes collect personal information of our customer’s customers. This privacy policy outlines our involvement in safeguarding the privacy of these participants.

RiverStar complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. RiverStar has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/  RiverStar is subject to the investigative and enforcement authority of the US Federal Trade Commission (FTC).

RiverStar as a hosting provider

In a hosting context, RiverStar never shares hosted data with third parties unless required to by law.  Please note that RiverStar may be required to share personal data in response to lawful requests by public authorities including tomeet national security and law enforcement requirements.  Responsibility for implementation of privacy policy to end customers rests with the developers of the web application hosted by us. RiverStar will take reasonable precautions to protect data at the server level from loss, misuse and unauthorized access, disclosure, alteration and destruction.

Custom Solutions developed by our Professional Services team

In a PS context, we may be (partially or fully) developing the web application. In this case, our customer is in total control of the functionality of the application and we follow directives from our customer regarding privacy issues. We actively work with our customer to ensure that the U.S. – EU Privacy Shield Privacy Principles are followed in their environment if either:

1) The customer is based in the EU

2) The customer has specifically asked us to (if, for example, they also subscribe to the U.S. – EU Privacy Shield Privacy Principles)

U.S. – EU Privacy Shield Privacy Principles

Below we describe the Privacy Shield Privacy Principles Privacy Principles that the RiverStar PS team uses when helping a customer comply with EU privacy regulations:

Notice

RiverStar’s customers control what information is collected and communicate directly with the individuals providing their information about the information to be collected and the purposes for which it will be used.  RiverStar has no control over or involvement with such communications.  RiverStar’s sole role is as a hosting provider of such data. RiverStar will work with our customers to notify individuals about the purposes for which they collect and use information about them. This includes information about how individuals can contact the organization with any inquiries or complaints, the types of third parties to which it discloses the information and the choices and means the organization offers for limiting its use and disclosure. RiverStar does not access the information for its own use nor provide access to the information to anyone other than the customer who is collecting.  Our customer controls any such access.

Choice

RiverStar will work with our customers to give individuals the opportunity to choose (opt out) whether their personal information will be disclosed to a third party or used for a purpose incompatible with the purpose for which it was originally collected or subsequently authorized by the individual. For sensitive information, affirmative or explicit (opt in) choice will be given if the information is to be disclosed to a third party or used for a purpose other than its original purpose or the purpose authorized subsequently by the individual.

Onward Transfer (Transfers to Third Parties)

RiverStar does not provide any onward transfer of individual information to third parties.  Our customer controls all such onward transfer to third parties. We will work with our customer to ensure that notice and choice principles are followed. RiverStar may be liable for the appropriate onward transfer of personal information to third parties.

Access

RiverStar acknowledges the right of individuals to access their personal data and will help our customers satisfy access requirements under US – EU privacy principles. As a data processor RiverStar must refer all individuals whose personal data we are handling to the entity (our customer) with whom an individual placed the data originally.

Security

RiverStar will take reasonable precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction.

Data Integrity

RiverStar will help our customers satisfy Data Integrity requirements under the U.S. – EU Privacy Principles. Personal information must be relevant for the purposes for which it is to be used. An organization should take reasonable steps to ensure that data is reliable for its intended use, accurate, complete, and current.

Enforcement

RiverStar uses a self assessment approach to assure compliance with this privacy policy and periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, and completely implemented and accessible in conformity with the Principles. We encourage interested persons to raise any concerns using the contact information provided and we will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of Personal Information in accordance with the Principles.

If a complaint or dispute cannot be resolved through our internal process, we agree to dispute resolution using BBB EU Privacy Shield as a third party resolution provider.

Amendments

This privacy policy may be amended from time to time consistent with the requirements of Privacy Shield. We will post any revised policy on this website.

Privacy Complaints by European Union Citizens:

In compliance with the EU-US Privacy Shield Principles, RiverStar commits to resolve complaints about your privacy and our customer’s collection or use of your personal information. European Union individuals with inquiries or complaints regarding this privacy policy should first contact RiverStar at:

RiverStar Software
Attn: Security Officer
20 Danada Square West
Suite 260
Wheaton, IL 60189
security@riverstar.com

RiverStar has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.

Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.