To learn more about our privacy practices, please see our Privacy Statement at http://www.pentaho.com/privacy.
SAFE HARBOR OVERVIEW
Pentaho Corporation complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Pentaho Corporation has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Pentaho Corporation’s certification, please visit http://www.export.gov/safeharbor/
This Policy applies to all personal information, either in electronic or paper format, received by Pentaho in the United States from the EEA and Switzerland.
1. Notice. When Pentaho collects personal information, it will give timely and appropriate notice about the purposes for which it collects and uses personal information, the types of non-agent third parties to which Pentaho discloses that information and the choices and means, if any, Pentaho offers individuals for limiting the use and disclosure of their personal information.
2. Choice. Should Pentaho wish to share personal information, Pentaho will provide choices about the ways it uses and shares personal information, and it will respect the choices made.
3. Relevance. Pentaho will collect only as much personal information as is needed for specific, identified purposes. Such information will not be used for other purposes without obtaining consent.
4. Retention. Pentaho will keep personal information only as long as needed for the purposes for which it was collected, or as permitted by law.
5. Accuracy. Pentaho will take appropriate steps to make sure the personal information in its records is accurate.
6. Access. Pentaho will provide ways for users to access personal information, as required by law, in order to correct any inaccuracies.
7. Security. Pentaho will take appropriate physical, technical, and organizational measures to protect personal information from loss, misuse, unauthorized access or disclosure, alteration, and destruction.
8. Sharing. Except as described in this policy, Pentaho will not share personal information with non-agent third parties without consent.
9. International Transfer. If Pentaho transfers personal information to another country, it will take appropriate measures to protect the privacy of the personal information being transferred.
10. Enforcement. Pentaho will regularly review how it is meeting these privacy promises, and will provide an independent way to resolve any complaints about its privacy practices.
DISPUTE RESOLUTION and PRIVACY COMPLAINTS
Any questions or concerns regarding the use or disclosure of personal information should be directed to the Pentaho Data Protection Officer at the address given below. Pentaho will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information, in accordance with the principles contained in this Policy.
For complaints that cannot be resolved between Pentaho and the complainant, Pentaho has agreed:
a) To participate in the dispute resolution procedures established by the EU Data Protection Authorities to resolve disputes pursuant to the Safe Harbor Principles in respect of personal information received from the EEA, and
b) For personal information received from Switzerland, Pentaho will cooperate with and comply with any advice given by the Swiss FDPIC, in the investigation and resolution of complaints brought under the US – Swiss Safe Harbor.
Questions or comments related to this policy should be submitted to the Pentaho Data Protection Officer by mail as follows:
Data Protection Officer: Anthony Carter
5950 Hazeltine National Drive, Suite 460
Orlando, FL 32822-5023, USA
Pentaho’s adherence to the Safe Harbor Principles may be limited by any applicable legal, regulatory ethical or public interest consideration and as expressly permitted or required by any applicable law, rule or regulation.
CHANGES TO THIS POLICY
This Policy is effective as of November 7, 2013.