Evolver LLC Privacy Shield Policy
Evolver LLC, (Evolver) receives and processes information (in paper and electronic form) in accordance with its clients’ instructions for the purpose of providing legal data support services, including legal review, repository holding, data management and forensics. Evolver provides services from forensic collection, to managed hosting and document review. Examples of personal data that may be collected include: full name, address, telephone or mobile number, business and home contact details including e-mail addresses and telephone numbers, health information, medication adherence information, video information including images of a user’s face, audio information, and demographic information. Personal data may further include any information that identifies an individual, but does not include information that has been encoded, encrypted, or otherwise anonymized. This data shared only with the clients’ outside counsel and the client for their review and preparation in response to U.S. litigation. At Evolver, we recognize the importance of privacy to our clients and we strive to safeguard all personal information we may receive and may need to use in support of our clients.
Evolver adheres to the set of data protection principles developed in consultation by the United States Department of Commerce (DOC), in collaboration with the European Commission, producing the EU- U.S.-and Swiss-US Privacy Shield Framework Documents.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Evolver is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.
This Policy applies to all personal information received by Evolver from the EU and Swiss. In most cases, the data we receive will be in electronic form and relates to our clients and their business activities. It may include personal information about our clients’ employees, business contacts, customers and any other individuals with whom our clients have dealings. When we receive and process personal information provided to us by our clients, we do so as “data processors” acting on the instructions of our clients and/or the court system. Evolver does not actively collect personal information from individuals in the EU and Swiss. Evolver’s possession and use of personal information is incidental to our primary task of providing electronic discovery services to our clients.
- Collectively, “Information” means “Personal Information” that (1) is transferred from the EU to the United States; (2) is recorded in any form; (3) is about, or pertains to a specific individual; and (4) can be linked to that individual; and/or “Sensitive Personal Information” that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership, or that concerns an individual’s health.
- “Agent” is any third party that collects, uses, or stores Information at Evolver’s direction in support of Evolver engagements.
PRIVACY SHIELD PRINCIPLES
Evolver affirms its participation in the Privacy Shield. The practices to which Evolver is committed are based on the seven EU and Swiss Privacy Shield Principles negotiated between their respective government agencies and the United States Department of Commerce. Adherence by Evolver to these Privacy Shield Principles provides the necessary level of protection required by the EU and Swss Directives for the transfer of personal information outside the EU and Swiss. Evolver’s execution of these principles may be limited in certain circumstances, in particular:
- (a) where there is a conflicting or overriding legal obligation;
- (b) to the extent expressly permitted by any applicable law, rule or regulation; or
- (c) where Evolver receives personal information as a “data processor” acting on the instructions of a client. As Evolver will be receiving personal information from the EU merely for processing, its principle obligations are limited to onward transfer, security, access, and enforcement. Evolver’s client remains responsible for notice, choice, and data integrity.
NOTICE: Evolver receives data to be processed and/or stored, the contents of which may, or may not be Information. Should Evolver be engaged to collect Information from individuals in the EU and Swiss, it will inform individuals of the purposes for which it collects and uses their Information, the types of third parties (if any) to which Evolver may disclose that Information, and the choices and means, if any, that Evolver offers individuals for limiting the use and disclosure of their Information. Notice will be provided in clear language when individuals are first asked to provide Information to Evolver, or as soon as practicable thereafter, and in any event before Evolver uses such Information for a purpose other than that for which it was originally collected or processed by the transferring organization, or discloses it for the first time to a third party.
CHOICE: Given that Evolver’s services are directed by our clients and frequently by legal proceedings, choice may be limited. Where Evolver is the collector of Information and Choice is permissible, it will offer individuals the opportunity to choose (opt-out) whether their Information is
- (a) to be disclosed to a third party (unless that disclosure is allowed or required by contract), or
- (b) to be used for a purpose that is not consistent with the purpose for which that Information was originally collected, or subsequently authorized by the individual.
Individuals may opt out of providing personal data, upon request. To the extent that personal data has been collected, individuals have the right to review personal data held about them and have certain inaccurate information corrected, unless the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated. If you wish to do so, or to notify us of a change in your details, please contact the Ethics and Compliance Officer.
A formal request from an individual for information that we hold about them must be made in writing. A fee is payable by the data subject for provision of this information. Any member of staff who receives a written request is required to forward the request to the Ethics and Compliance Officer.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to Evolverfirstname.lastname@example.org.
ONWARD TRANSFERS:In the event Evolver must transfer Information to a document review company, Evolver will obtain assurances from its Agents, prior to such transfer, that they will safeguard the Information in a manner consistent with this Policy. The document review company is engaged by the client, not Evolver. The client shall give written approval to Evolver to allow the document review company selective access based on litigation review requirements. Every Agent utilized enters into a contractual relationship with Evolver, which includes confidentiality and non-disclosure clauses, and provides the same level of commitment to and protections, as required by the Privacy Shield Principles.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Evolver’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Evolver remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Evolver proves that it is not responsible for the event giving rise to the damage.
SECURITY: Evolver takes reasonable precautions to protect Information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction. Evolver utilizes a Tier III, ISO 27001:2005 certified data facility which employs an array of security equipment, techniques and procedures to control, monitor and record access to the facility, including individual cages.
DATA INTEGRITY: Evolver will use Information only in ways that are relevant and compatible with the purpose for which that information was collected or provided to Evolver. Evolver will take reasonable steps to ensure that all data collected, processed and/or stored is protected from destruction, corruption, or use in a manner inconsistent with the purpose for which it received the information.
ACCESS: Pursuant to the Privacy Shield Frameworks, EU and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also may correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to Evolveremail@example.com. If requested to remove data, we will respond within a reasonable timeframe.
ENFORCEMENT: Evolver will conduct compliance audits at least annually of its relevant privacy practices to verify adherence to this Policy and will self-certify with the U.S. Department of Commerce. Further, Evolver will conduct follow up investigations to verify that attestations and assertions regarding practices are true. Evolver maintains an Ethics hotline (Evolverfirstname.lastname@example.org) to which violations and/or complaints may be made and Evolver engages in training to support implementation and compliance. Any employee that Evolver determines is in violation of this Policy will be subject to disciplinary action.
DISPUTE RESOLUTION AND RECOURSE FOR PRIVACY COMPLAINTS:In compliance with the Privacy Shield Principles, Evolver commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union and Swiss individuals with Privacy Shield inquiries or complaints should first contact Evolver by email at Evolveremail@example.com or via post at:Evolver LLC
Ethics and Compliance Officer
1943 Isaac Newton Square, Suite 260
Reston, VA 20190
(703) 889-9255 – Hotline
Evolver has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction
CONTACT INFORMATIONPlease refer all questions or comments regarding this Policy to: Evolver LLC
Ethics and Compliance Officer
1943 Isaac Newton Square, Suite 260
Reston, VA 20190
(703) 889-9255 – Hotline
This Privacy Shield Policy is available at www.evolverlegal.com
CHANGES TO THIS PRIVACY SHIELD POLICY
This Policy may be amended from time to time to remain consistent with the requirements of the Privacy Shield Principles.
The effective date of this Privacy Shield Policy is: September 2019