RiverStar as a hosting provider
Custom Solutions developed by our Professional Services team
In a PS context, we may be (partially or fully) developing the web application. In this case, our customer is in total control of the functionality of the application and we follow directives from our customer regarding privacy issues. We actively work with our customer to ensure that the U.S. – EU Privacy Shield Privacy Principles are followed in their environment if either:
1) The customer is based in the EU
2) The customer has specifically asked us to (if, for example, they also subscribe to the U.S. – EU Privacy Shield Privacy Principles)
U.S. – EU Privacy Shield Privacy Principles
Below we describe the Privacy Shield Privacy Principles Privacy Principles that the RiverStar PS team uses when helping a customer comply with EU privacy regulations:
RiverStar’s customers control what information is collected and communicate directly with the individuals providing their information about the information to be collected and the purposes for which it will be used. RiverStar has no control over or involvement with such communications. RiverStar’s sole role is as a hosting provider of such data. RiverStar will work with our customers to notify individuals about the purposes for which they collect and use information about them. This includes information about how individuals can contact the organization with any inquiries or complaints, the types of third parties to which it discloses the information and the choices and means the organization offers for limiting its use and disclosure. RiverStar does not access the information for its own use nor provide access to the information to anyone other than the customer who is collecting. Our customer controls any such access.
RiverStar will work with our customers to give individuals the opportunity to choose (opt out) whether their personal information will be disclosed to a third party or used for a purpose incompatible with the purpose for which it was originally collected or subsequently authorized by the individual. For sensitive information, affirmative or explicit (opt in) choice will be given if the information is to be disclosed to a third party or used for a purpose other than its original purpose or the purpose authorized subsequently by the individual.
Onward Transfer (Transfers to Third Parties)
RiverStar does not provide any onward transfer of individual information to third parties. Our customer controls all such onward transfer to third parties. We will work with our customer to ensure that notice and choice principles are followed. RiverStar may be liable for the appropriate onward transfer of personal information to third parties.
RiverStar acknowledges the right of individuals to access their personal data and will help our customers satisfy access requirements under US – EU privacy principles. As a data processor RiverStar must refer all individuals whose personal data we are handling to the entity (our customer) with whom an individual placed the data originally.
RiverStar will take reasonable precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction.
RiverStar will help our customers satisfy Data Integrity requirements under the U.S. – EU Privacy Principles. Personal information must be relevant for the purposes for which it is to be used. An organization should take reasonable steps to ensure that data is reliable for its intended use, accurate, complete, and current.
If a complaint or dispute cannot be resolved through our internal process, we agree to dispute resolution using BBB EU Privacy Shield as a third party resolution provider.
Privacy Complaints by European Union Citizens:
Attn: Security Officer
20 Danada Square West
Wheaton, IL 60189
RiverStar has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.