Privacy Shield Policy

Table of Contents

  1. Introduction
  2. Definitions
  3. Principles
  4. Amendments
  5. Contact Information
  6. Effective Date

1. Introduction – Vistex, Inc. (Vistex) believes in protecting the privacy of its clients and its employees. Vistex has adopted to abide by the rules governed by the Privacy Shield concerning the transfer of Personal Information from the European Union (EU) to the United States of America (U.S.) and from Switzerland to the U.S. Accordingly, Vistex complies with the EU-U.S. and Swiss-U.S. Privacy Shield Principles (collectively, “Privacy Shield Principles”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from EU member countries and Switzerland.

This privacy notice outlines our general policy and practices for implementing the Privacy Shield Principles, including the types of information we gather, how we use the information, and the choices that individuals have regarding our use of and their ability to correct that information. If there is any conflict between the policies in this privacy notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. This privacy notice applies to all personal information received by Vistex, whether in electronic, paper or verbal format.

Vistex has certified that it adheres to the Privacy Shield Principles of notice, choice, and accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement, and liability. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. By participating in the Privacy Shield, we have agreed to abide by the investigatory and enforcement powers of the U.S. Federal Trade Commission or any other U.S. authorized statutory body.

2. Definitions

  • 2.1. “Personal Information” or “Information” means information that (1) is transferred from the EU to the U.S. or from Switzerland to the U.S.; (2) is recorded in any form; (3) is about, pertains to a specific individual or; and (4) can be used to identify an individual, either directly or indirectly.
  • 2.2. “Sensitive Personal Information” is a subset of Personal Information and includes information specifying medical or health conditions, racial or ethnic origin, political or ideological opinions or views, religious or philosophical beliefs, trade union membership or activities, or the sex life of the individual, or information on social security measures, administrative or criminal proceedings and sanctions which are treated outside pleading procedures.

3. Principles

  • 3.1. Notice – Vistex shall inform an individual of the purpose for which it collects and uses the Personal Information, the types of third parties to which Vistex discloses or may disclose that Information, and how to contact Vistex with privacy concerns or requests to access their Personal Information. Vistex shall also provide the individual with choice and means for limiting the uses of disclosures of their Personal Information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Information to Vistex, or as soon as practicable thereafter, and in any event before Vistex uses or discloses the Information for a purpose other than for which it was originally collected. Such notice may be disseminated, for example, through the provision of this EU-U.S. and Swiss-U.S. Privacy Shield Notice.
  • Vistex is a software and services firm that provides enterprise solutions that manage pricing, incentive, rebate, royalty and channel programs to enhance our clients’ business performance. The types of Personal Information that we may collect in order to provide services to our clients include, but are not limited to: (1) first and last names; (2) mailing addresses; (3) email addresses; (4) telephone numbers; (5) product usage data; and (6) billing information. We collect Personal Information from our clients for various purposes, which include, but are not limited to: (1) providing our services to our clients; (2) communicating with our clients regarding the provision of services to them; (3) completing transactions for services rendered; (4) assessing the quality and effectiveness of the products and services we provide to our clients, including analyzing how our clients’ employees use our products and services; and (5) marketing our products and services.
  • 3.2. Vistex also collects Personal Information from our employees, which include, but are not limited to: (1) first and last names; (2) mailing addresses; (3) email addresses; (4) telephone numbers; (5) national identification numbers; and (6) payroll information. Vistex collects personal information from its employees in order to perform human resources functions, including, but not limited to, providing compensation, insurance and other benefits, and employee management-related services.
  • 3.3. Choice – When required by the Privacy Shield, Vistex will offer individuals the opportunity to opt out of (1) disclosures of Personal Information to a third party, or (2) our use of Personal Information for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individual.
  • Regarding Sensitive Personal Information, Vistex will give individuals the opportunity, when applicable, to affirmatively or explicitly consent (i.e., provide opt-in consent) to (1) the disclosures of Sensitive Personal Information to a third party, or (2) our use of Sensitive Personal Information for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individual. Vistex shall treat Sensitive Personal Information received from an individual the same as the individual would treat and identify it as Sensitive Personal Information.
  • 3.4. Accountability for Onward Transfers – Vistex is potentially responsible in cases of onward transfers of Personal Information to third parties, such as when third parties that act as agents on our behalf process Personal Information in a manner inconsistent with the Privacy Shield Principles. Vistex shall ensure that any third party for which Personal Information may be disclosed subscribes to the Privacy Shield Principles or will provide the same level of privacy protection as is required by the Privacy Shield Principles and agree in writing to provide an adequate level of privacy protection.
  • Vistex may transfer Personal Information we collect from Vistex clients to third-party agents, or service providers, who perform functions on our behalf, such as third parties who process payments for clients or third parties who conduct marketing activities for Vistex.
  • Vistex may transfer Personal Information we collect from Vistex clients to third-party agents, or service providers, who perform functions on our behalf, such as third parties who process payments for clients or third parties who conduct marketing activities for Vistex.
  • At this time, Vistex does not transfer Personal Information to unaffiliated third parties acting as data controllers. If Vistex chooses to begin transferring your Personal Information to such third parties, Vistex will notify you by updating this Privacy Policy and comply with the applicable Privacy Shield Principles with respect to disclosures to such third parties.
  • Please be aware that in rare situations, it may be necessary disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
  • 3.5. Data Security – Vistex shall take reasonable steps to protect the Information from loss, misuse and unauthorized access, disclosure, alteration and destruction. Vistex has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the information from loss, misuse, unauthorized access or disclosure, alteration or destruction. Vistex cannot guarantee the security of Information on or transmitted via the Internet.
  • 3.6 Data Integrity – Vistex shall only process Personal Information in a way that is compatible with and relevant for the purpose(s) for which it was collected or authorized by the individual. To the extent necessary for those purposes, Vistex shall take reasonable steps to ensure that Personal Information is accurate, complete, current and reliable for its intended use.
  • 3.7 Access – An individual has the right to obtain Vistex’s confirmation of whether Vistex maintains Personal Information relating to him or her. Upon request, Vistex will provide an individual with access to your Personal Information within a reasonable time period. If an individual becomes aware that personal information Vistex maintains about that individual is inaccurate, or if an individual would like to update, delete, review his or her personal information, the individual may contact us using the contact information below. In addition, Vistex may limit or deny access to personal information where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question, where the rights of persons other than the individual would be violated, or for other reasons permitted by the Privacy Shield. If Vistex determines that your access should be restricted in a particular instance, Vistex will provide you with an explanation of such determination and respond to any inquiries you may have.
  • 3.8 Recourse, Enforcement, and Liability – Vistex uses a self-assessment approach to assure compliance with this privacy notice and periodically verifies that the notice is accurate, comprehensive for the Personal Information intended to be covered, prominently displayed, completely implemented and accessible and in conformity with the Privacy Shield Principles. We encourage interested individuals or employees to raise any complaint about our privacy practices or our compliance with this notice using the contact information provided, and we will investigate and attempt to resolve any such complaints.
  • With respect to E.U. privacy complaints for HR and non-HR data, we agree to participate in independent dispute resolution with the E.U. data protection authorities. With respect to Swiss privacy complaints for non-HR data, we agree to participate in independent dispute resolution with the Swiss Federal Data Protection and Information Commission (FDPIC). We will cooperate with the DPAs and the FDPIC in the investigation and resolution of complaints brought under the Privacy Shield and we agree to comply with any advice given by these authorities where they take the view that the organization needs to take specific action to comply with the Privacy Shield Principles.
  • Please note that if a complaint filed by either an individual or an employee is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.

4. Amendments – This privacy notice may be amended from time to time consistent with the requirements of the Privacy Shield Principles. Vistex will post any revised notice on this website. Vistex is committed to following the Privacy Shield Principles for all Personal Information within the scope of the EU-U.S. and Swiss-U.S. Privacy Shield frameworks. However, certain information is subject to policies of Vistex that may differ in some respects from the general policies set forth in this privacy notice by requiring enhanced privacy protections for that information.

5. Contact Information – To request access to Personal Information, raise questions or concerns about Vistex’s Privacy Shield Notice, or file a privacy complaint, an individual may contact us at the following mailing address or email address:

  • Vistex, Inc.
  • Robert Kay
  • Attn: Vistex Privacy Office
  • 2300 Barrington Road
  • Hoffman Estates, IL 60169
  • privacy@vistex.com

6. Effective Date – December 14, 2017.

Revision: 3