Transfers of personal data to Pagero Inc under the EU-US Data Privacy Framework
Accountability for Onward Transfer
We will not share, sell or distribute any of the information you provide to us without your consent, except as described in this privacy notice.
Pagero may share your information with external third parties, such as vendors, consultants and other service providers who are performing certain services on behalf of Pagero. Such third parties have access to Personal Data solely for the purposes of performing the services specified in the applicable service contract, and not for any other purpose. Pagero requires these third parties to undertake security measures consistent with the protections specified in this privacy notice.
Pagero will remain responsible for the processing of personal data it receives under the DPF and subsequently transfers to a third party acting as an agent on its behalf, unless Pagero proves that it is not responsible in an event giving rise to damage.
In the event Pagero transfer personal data covered by this DPF Policy to a third party acting as a controller, we will do so consistent with any notice provided to data subjects and any consent they have given (where applicable), and only if the third party has given us contractual assurances that it will (i) process the personal data for limited and specified purposes consistent with any consent provided, (ii) provide at least the same level of protection as is required by the DPF Principles and notify us if it makes a determination that it cannot do so; and (iii) cease processing of the personal data or take other reasonable and appropriate steps to remediate if it makes such a determination. If Pagero has knowledge that a third party acting as a controller is processing Personal Data covered by this DPF Policy in a way that is contrary to the DPF Principles, Pagero will take reasonable steps to prevent or stop such processing.
The Federal Trade Commission (FTC) has jurisdiction over Pagero’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. Pagero may be required to disclose Personal Data in response to lawful requests by public authorities, including meeting national security or law enforcement requirements.
Dispute Resolution under the Data Privacy Framework
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Pagero commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.To contact us regarding any transfers made under the Data Privacy Framework, please see section 13 “If you have questions”. If you have not received timely response to your concern, or we have not addressed your concern to your satisfaction, you may seek further assistance, at no cost to you, from the EU Data Protection Authorities panel. You can invoke this right by contacting your national data protection Authority (DPA). You may also invoke binding arbitration to determine whether a Pagero Inc has violated its obligations under the Data Privacy Framework Principles. Further information can be found on the official DPF website.
Transfers of personal data to third countries outside the EU/EEA
We have subsidiaries and affiliates in various countries both inside and outside of the EU/EEA. We share personal data between affiliates of the Pagero Group and your personal data will when shared between relevant affiliates be transferred to third countries outside the EU/EEA which may not provide an adequate level of protection for personal data. We have an intra-group data transfer agreement to ensure an essentially equivalent level of protection for your personal data and that personal data is processed by each Pagero affiliate in a lawful, fair, secure, and transparent manner. We comply with laws on the transfer of personal data between countries to help ensure your data is protected, wherever it may be.
Moreover, we use service providers, which also may use sub-contractors, that are established in third countries outside the EU/EEA. To ensure an essentially equivalent level of protection for your personal data when transferred (or otherwise made available) to service providers in third countries outside of the EU/EEA which do not provide an adequate level of protection, we use the EU Commission’s adopted standard contractual clauses for international transfers according to decision 2021/914 and implement – in light of the law and practices of the third country – necessary supplementary measures. Supplementary measures include technical, contractual and organisational measures that are necessary to bring the level of protection of the personal data transferred to an essentially equivalent level protection.
For more information on the safeguards that we have taken to protect personal data, please contact us. You will find contact details under “If you have questions” in section 12 below.