Privacy Shield Policy

Table of Contents

  1. Introduction
  2. Definitions
  3. Principles
  4. Amendments
  5. Contact Information
  6. Effective Date

1. Introduction – Vistex, Inc. (Vistex) believes in protecting the privacy of its clients and its employees. Vistex has adopted to abide by the rules governed by the Privacy Shield concerning the transfer of Personal Information from the European Union (EU) to the United States of America (U.S.). Accordingly, we comply with the EU-U.S. Privacy Shield Principles as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from EU member countries.

This privacy notice outlines our general policy and practices for implementing the Privacy Shield Principles, including the types of information we gather, how we use the information, and the choices that individuals have regarding our use of and their ability to correct that information. If there is any conflict between the policies in this privacy notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. This privacy notice applies to all personal information received by Vistex, whether in electronic, paper or verbal format. Additionally, this notice applies to all subsidiaries and affiliates of Vistex.

Vistex has certified that it adheres to the Privacy Shield Principles of notice, choice, and accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement, and liability. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. By participating in the Privacy Shield, we have agreed to abide by the investigatory and enforcement powers of the U.S. Federal Trade Commission or any other U.S. authorized statutory body.

2. Definitions

  • 2.1. “Personal Information” or “Information” means information that (1) is transferred from the EU to the U.S.; (2) is recorded in any form; (3) is about, pertains to a specific individual or; and (4) can be used to identify an individual, either directly or indirectly.
  • 2.2. “Sensitive Personal Information” is a subset of Personal Information and includes information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or the sex life of the individual.

3. Principles

  • 3.1. Notice – Vistex shall inform an individual of the purpose for which it collects and uses the Personal Information, the types of third parties to which Vistex discloses or may disclose that Information, and how to contact Vistex with privacy concerns or requests to access their Personal Information. Vistex shall also provide the individual with choice and means for limiting the uses of disclosures of their Personal Information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Information to Vistex, or as soon as practicable thereafter, and in any event before Vistex uses or discloses the Information for a purpose other than for which it was originally collected. Such notice may be disseminated, for example, through the provision of this EU-U.S. Privacy Shield Notice.
  • Vistex is a software and services firm that provides enterprise solutions that manage pricing, incentive, rebate, royalty and channel programs to enhance our clients’ business performance. The types of Personal Information that we may collect in order to provide services to our clients include, but are not limited to: (1) first and last names; (2) mailing addresses; (3) email addresses; (4) telephone numbers; (5) product usage data; and (6) billing information. We collect Personal Information from our clients for various purposes, which include, but are not limited to: (1) providing our services to our clients; (2) communicating with our clients regarding the provision of services to them; (3) completing transactions for services rendered; (4) assessing the quality and effectiveness of the products and services we provide to our clients, including analyzing how our clients’ employees use our products and services; and (5) marketing our products and services.
  • 3.2. Vistex also collects Personal Information from our employees, which include, but are not limited to: (1) first and last names; (2) mailing addresses; (3) email addresses; (4) telephone numbers; (5) national identification numbers; and (6) payroll information. Vistex collects personal information from its employees in order to perform human resources functions, including, but not limited to, providing compensation, insurance and other benefits, and employee management-related services.
  • 3.3. Choice – When required by the Privacy Shield, Vistex will offer individuals the opportunity to opt out of (1) disclosures of Personal Information to a third party, or (2) our use of Personal Information for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individual.
  • Regarding Sensitive Personal Information, Vistex will give individuals the opportunity, when applicable, to affirmatively or explicitly consent (i.e., provide opt-in consent) to (1) the disclosures of Sensitive Personal Information to a third party, or (2) our use of Sensitive Personal Information for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individual. Vistex shall treat Sensitive Personal Information received from an individual the same as the individual would treat and identify it as Sensitive Personal Information.
  • 3.4. Accountability for Onward Transfers – We are potentially responsible in cases of onward transfers of Personal Information to third parties, such as when third parties that act as agents on our behalf process Personal Information in a manner inconsistent with the Privacy Shield Principles. Vistex shall ensure that any third party for which Personal Information may be disclosed subscribes to the Privacy Shield Principles or will provide the same level of privacy protection as is required by the Privacy Shield Principles and agree in writing to provide an adequate level of privacy protection.
  • We may transfer Personal Information we collect from our clients to third-party agents, or service providers, who perform functions on our behalf, such as third parties who process payments for clients or third parties who conduct marketing activities for Vistex.
  • We may also transfer Personal Information we collect from our employees to third-party agents, or service providers, who perform human resources functions on our behalf, such as third parties who process our employees’ compensation or benefits information.
  • At this time, we do not transfer Personal Information to unaffiliated third parties acting as data controllers. If we choose to begin transferring your Personal Information to such third parties, we will notify you by updating this Privacy Policy and comply with the applicable Privacy Shield Principles with respect to disclosures to such third parties.
  • Please be aware that in rare situations, it may be necessary disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
  • 3.5. Data Security – Vistex shall only process Personal Information in a way that is compatible with and relevant for the purpose(s) for which it was collected or authorized by the individual. To the extent necessary for those purposes, Vistex shall take reasonable steps to ensure that Personal Information is accurate, complete, current and reliable for its intended use.
  • 3.6 Data Integrity – Vistex shall only process Personal Information in a way that is compatible with and relevant for the purpose(s) for which it was collected or authorized by the individual. To the extent necessary for those purposes, Vistex shall take reasonable steps to ensure that Personal Information is accurate, complete, current and reliable for its intended use.
  • 3.7 Access – An individual has the right to obtain Vistex’s confirmation of whether we maintain Personal Information relating to him or her. Upon request, we will provide an individual with access to your Personal Information within a reasonable time period. If an individual becomes aware that personal information we maintain about that individual is inaccurate, or if an individual would like to update, delete, review his or her personal information, the individual may contact us using the contact information below. In addition, we may limit or deny access to personal information where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question, where the rights of persons other than the individual would be violated, or for other reasons permitted by the Privacy Shield. If Vistex determines that your access should be restricted in a particular instance, we will provide you with an explanation of our determination and respond to any inquiries you may have.
  • 3.8 Recourse, Enforcement, and Liability – Vistex uses a self-assessment approach to assure compliance with this privacy notice and periodically verifies that the notice is accurate, comprehensive for the Personal Information intended to be covered, prominently displayed, completely implemented and accessible and in conformity with the Privacy Shield Principles. We encourage interested individuals or employees to raise any complaint about our privacy practices or our compliance with this notice using the contact information provided, and we will investigate and attempt to resolve any such complaints.
  • With respect to privacy complaints filed by our employees, we agree to participate in independent dispute resolution with the E.U. data protection authorities (DPAs). With respect to privacy complaints brought under the Privacy Shield, we will cooperate with the DPAs in the investigation and resolution of such complaints and we agree to comply with any advice given by the DPAs where the DPAs take the view that the organization needs to take specific action to comply with the Privacy Shield Principles. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU DPAs for more information or to file a complaint. The services of EU DPAs are provided at no cost to you.
  • Please note that if a complaint filed by either an individual or an employee is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.

4. Amendments – This privacy notice may be amended from time to time consistent with the requirements of the Privacy Shield Principles. Vistex will post any revised notice on this website. Vistex is committed to following the Privacy Shield Principles for all Personal Information within the scope of the EU-U.S. Privacy Shield framework. However, certain information is subject to policies of Vistex that may differ in some respects from the general policies set forth in this privacy notice by requiring enhanced privacy protections for that information.

5. Contact Information – To request access to Personal Information, raise questions or concerns about Vistex’s Privacy Shield Notice, or file a privacy complaint, an individual may contact us at the following mailing address or email address:

  • Vistex, Inc.
  • Robert Kay
  • Attn: Vistex Privacy Office
  • 2300 Barrington Road
  • Hoffman Estates, IL 60169
  • privacy@vistex.com

6. Effective Date – This policy was placed in effect on September 8, 2016.

Revision: 1