Effective Date: March 31, 2020
EU-U.S. AND SWISS-U.S. PRIVACY SHIELDS
For purposes of this Policy, the following definitions shall apply:
“Agent” means any third party that collects or uses personal information under the instructions of, and solely for, Government Executive or to which Government Executive discloses personal information for use on Government Executive’s behalf.
“GEMG” means Government Executive Media Group, LLC; DefenseOne; Government Executive; Nextgov; Route Fifty; Studio 2G; and any of their subsidiaries, predecessors and successors in the United States.
“Personal information” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal information does not include information that is anonymized or aggregated.
“Sensitive information” means any personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, information that concerns health or sex life, and information about criminal or administrative proceedings and sanctions.
EU-U.S. AND SWISS-U.S. PRIVACY SHIELD PRINCIPLES
GEMG participates in and complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from organizations subject to data protection law in the EEA, the United Kingdom, and/or Switzerland to the United States. GEMG has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms of this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view GEMG’s certification, visit https://www.privacyshield.gov/.
GEMG brands undertake lead generation and research activities on behalf of customers; in this context, GEMG may act as a processor of personal information on behalf of its customers, including of personal information about individuals in the EEA, the United Kingdom, and/or Switzerland such as contact information and sales lead information (including name, email address, and occupational information). GEMG shares this information with its customers and uses this information for the provision of services to its customers.
Many of GEMG’s brands may receive information from third parties about users of websites and applications in connection with advertising, including information from social media websites (such as account IDs or user names, email address, friend lists) and information from publicly or commercially available sources (such as demographic information, contact information, group affiliation, occupational information, and educational background).
GEMG will subject all personal information received via the Privacy Shield to the EU-U.S. and Swiss-U.S. Privacy Shield Principles. GEMG is subject to the investigative and enforcement authority of the Federal Trade Commission (FTC).
GEMG may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
GEMG will offer EEA, United Kingdom, and Swiss individuals whose personal information has been transferred to us the opportunity to choose whether the personal information it has received is to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. An individual may opt-out of such uses of their personal information by contacting us at the address given below.
GEMG will not use sensitive personal information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual unless GEMG has received the individual’s affirmative and explicit consent (opt-in).
Data Integrity and Purpose Limitation
GEMG will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. GEMG will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current.
Transfers to Agents
GEMG may disclose personal information to Agents, including but not limited to, providers of analytical, hosting, payment processing and other support services. Agents may have access to personal information if needed to perform their functions for GEMG. GEMG does not transfer the personal information of EEA, United Kingdom, or Swiss residents to non-Agent third parties unless the resident is provided with an opt-out opportunity (or an opt-in opportunity for sensitive data) before such a transfer.
GEMG will require its Agents to safeguard personal information consistent with this Policy by contract obligating the Agent to provide at least the same level of protection as is required by the EU-U.S. and Swiss-U.S. Privacy Shield Principles. Under certain circumstances, GEMG is liable for onward transfers of personal information received from the EEA, UK, or Switzerland where its Agent processes personal information inconsistent with the EU-U.S. and Swiss-U.S. Privacy Shield Principles, unless GEMG proves that it is not responsible for the event giving rise to the damages.
Access and Correction
Pursuant to the Privacy Shield principles, GEMG acknowledges the right of EEA, United Kingdom, and Swiss individuals to access their personal data. In addition, GEMG will take reasonable steps to permit individuals to correct, amend, or delete such information that is demonstrated to be inaccurate, incomplete, or processed inconsistently with the Privacy Shield principles. An individual may request to access his or her information, or otherwise correct, amend, or delete his or her information pursuant to the EU-U.S. and Swiss-U.S. Privacy Shield Principles by contacting us at the address given below.
GEMG will take reasonable and appropriate precautions to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration, and destruction.
GEMG will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy. Any employee that GEMG determines is in violation of this policy will be subject to disciplinary action.
Dispute Resolution – Privacy Shield
In compliance with the EU-U.S. and Swiss-U.S. Privacy Shield Principles, GEMG commits to resolve complaints about your privacy and our collection or use of your personal information. EEA, United Kingdom, or Swiss individuals with inquiries or complaints regarding this Policy should first contact GEMG at the address given below. GEMG will investigate and attempt to resolve complaints regarding use and disclosure of personal information by reference to the principles contained in this Policy.
GEMG has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/privacy-shield-complaints/ for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
Questions regarding this Policy should be submitted to GEMG:
ATTN: Vice President and General Manager, Digital
Government Executive Media Group LLC
600 New Hampshire Avenue, NW
Washington, D.C. 20037
LIMITATIONS & CHANGES
Adherence by GEMG to the EU-U.S. and Swiss-U.S. Privacy Shield Principles may be limited (a) by the exception for personal information that is gathered for publication, broadcast, or other forms of public communication of journalistic material as well as information found in previously published material disseminated from media archives; (b) to the extent required to respond to a legal obligation; (c) to the extent necessary to respond to requests by authorities; and (d) to the extent expressly permitted by an applicable law, rule or regulation.This Policy may be amended from time to time, consistent with the requirements of the EU-U.S. and Swiss-U.S. Privacy Shield Principles. The amended Policy will be made publicly available via GEMG’s website at https://www.govexec.com/about/privacyshield.