Data Privacy Framework
EU-U.S. and SWISS-U.S. Data Privacy Framework Notice
Red e App, Inc. (“Red e App”, “we” or “our”) commits to comply with E.U. data protection laws around international data transfer. This Notice sets out the privacy principals we follow with respect to transfers of personal data from the European Economic Area (“EEA”) and Switzerland to the United States, including personal data we receive from individuals residing in the EEA or Switzerland. Red e App adheres to the EU-U.S. Data Privacy Framework Principles and the Swiss-U.S. Data Privacy Framework Principles (together “Data Privacy Framework”) with respect to the personal data we receive and process on behalf of the European Union member countries and Switzerland customers through our workplace communication platform (the “Services”).
Red e App has certified that it adheres to and will abide by the Data Privacy Framework Principles of Notice, Choice, Onward Transfer, Security, Data Integrity, Access and Enforcement for personal data submitted by our customers in participating European countries through the Services. We also receive some personal data in reliance on other compliance mechanisms, including data processing agreements based on the EU Standard Contractual Clauses.
Information regarding the Data Privacy Framework framework and our certification can be found at: https://www.dataprivacyframework.gov/.
Types of Data Processed
We provide a platform for our customers to communicate with their workforce and operate certain other aspects of their businesses. In order to provide these Services, we process the data users submit to the Services or instruct us to process on their behalf in connection with the Services. Our Privacy Policy provides descriptions of the categories of personal data we may receive in the U.S. and the purposes for which we use that personal data in providing our Services.
Purposes of Data Processing
We process and use personal data submitted by our users in order to provide the Services to our customers. In doing so, we may access data to provide the Services, to provide information about our Services, to personalize visitors’ experience, to prevent or address service or technical problems, to respond to customer support matters, to conduct related tasks for legitimate business purposes, to follow the instructions of our customer who submitted the data, in response to contractual requirements with our customers, to aggregate data and other purposes disclosed at the time of collection.
Third Parties With Whom We May Disclose Customer Data
We may share personal data with contractors or third party providers who process personal data on our behalf, to assist us, in providing the Services to our customers, as well as other business-related functions. These third party providers include: subsidiaries, affiliates and contractors, channel partners, service providers, and partners or sponsors we may work with. These third party providers assist us in providing the Services, performing technical operations, database monitoring, data storage, hosting services, customer support, software tools, backup and disaster recovery and email service providers. When we engage a third party to perform such functions, we provide them with information and instructions on how to access, process or store personal data in the course of performing such functions on our behalf.
If we receive personal data in the U.S. subject to our certification under the Data Privacy Framework and then subsequently transfer that information to a third party agent or service provider for processing, we remain responsible for ensuring that the third party agent or service provider processes your personal data to the standard required by our Data Privacy Framework commitments.
Requirement to Disclose
We may disclose personal data in special cases when we have a good faith belief that disclosure is necessary to: comply with legal requirements or to respond to lawful requests by public authorities or to meet national security or law enforcement requirements; enforce our Terms and Conditions; protect and defend our rights or property; protect the interests of our users or others; or to enforce our contractual obligations.
Security
We maintain reasonable and appropriate security measures to protect personal data from loss, unauthorized access, disclosure, alteration, misuse or destruction in accordance with the Data Privacy Framework.
Your Choices
Our users may choose to change personal data, request we stop using certain personal data or cancel an account by contacting Red e App via the contact information in the “Questions or Complaints” section below. A user may choose to unsubscribe from our marketing communications by following the instructions or unsubscribe mechanism in the email message, or by updating their email preferences within the Services.
Right to Access
Some users may have the right to access personal data that we hold about them and request that we correct, amend, or delete such data, if it is inaccurate or processed in violation of the Data Privacy Framework. These access rights may not be applicable in some cases, including where providing access is unreasonably burdensome or expensive or where disclosure would violate the rights of a third person other than the requesting individual. If a user would like to request access to, or a correction, amendment, or deletion of its personal data, the user can submit a written request to the contact information provided below. For security, we may request information about a user to prove their identity and in some cases we may charge a reasonable fee for access to requested user information.
Dispute Resolution & Arbitration
In compliance with the Data Privacy Framework Principles, Red e App commits to resolve complaints about our collection or use of personal data. If a user is a resident of a European country participating in the Data Privacy Framework and has inquiries or complaints regarding this Notice, the user should first contact Red e App via the information provided below. Red e App, Inc has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Data Privacy Framework complaints concerning human resources data transferred from the EU in the context of the employment relationship. If we do not address a user’s issues directly or in a manner that is satisfactory to said user, we further commit to cooperate with the panel of European data protection authorities and the Swiss Federal Data Protection and Information Commissioner, as applicable and comply with the advice given by the panel or Commissioner, with regard to data transferred from the EU and Switzerland, as applicable.
Under certain conditions, more fully described on the Data Privacy Framework website, users located in the EU or Switzerland may invoke binding arbitration when other dispute resolution procedures have been exhausted.
Investigatory & Enforcement Powers of the U.S. Federal Trade Commission
Red e App’s Data Privacy Framework compliance is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
Questions or Complaints
If you have any questions regarding this Notice or if you need to request access to, or update, change or remove personal data that we control, you can do so by contacting privacy@workrede.com or by regular mail addressed to:
Red e App, Inc.
Attn: Privacy Concerns
828 E Market Street
Louisville, KY 40206
United States
Changes to this Notice
We reserve the right to amend this Notice from time to time consistent with the Data Privacy Framework’s requirements.
Effective Date: February 1, 2019