Effective Date: September 30, 2016
Protecting the privacy of its clients is important to DDC. DDC has elected to participate in the Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding Personal Data transferred to the United States from European Economic Area member states. DDC has certified that it adheres to the Privacy Shield Privacy Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability.
For the purposes of enforcing the Privacy Shield, DDC is subject to the investigatory and enforcement powers of the Federal Trade Commission (“FTC”).To learn more about the Privacy Shield program, please visit the U.S. Department of Commerce’s Privacy Shield website. To review DDC’s certification, please visit the U.S. Department of Commerce’s Privacy Shield self-certification list.
The following definitions apply throughout this Policy:
Any third party that uses Personal Data provided to DDC to perform tasks on behalf of and under the instruction of DDC.
DNA Diagnostics Center, its subsidiaries, branches, divisions, and business units in the United States.
Any information or set of information that identifies a living individual, or could reasonably be used to identify a living individual (in each case, whether alone or in combination with any other information in the possession, or likely to come into the possession of DDC).
Sensitive Personal Data
Personal Data that reveals racial or ethnic origin, political opinions, religious beliefs (or beliefs of a similar nature), trade union membership, physical or mental health or condition, sexual life, the commission or alleged commission of any offence or any proceedings for any offence committed or alleged to have been committed. In addition, DDC will treat as Sensitive Personal Data genetic data and any information received from a third party where that third party treats and identifies such information as sensitive.
If DDC receives Personal Data from its subsidiaries, affiliates, or other entities in the EEA, it will use such information in accordance with the notices such entities provided and the consents or choices made by the individual about whom such Personal Data relates.
DDC will offer individuals the opportunity to choose (“opt-out”) whether their Personal Data is (a) to be disclosed to a non-Agent third party (unless allowed or required by contract), or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.
For Sensitive Personal Data, DDC will give individuals the opportunity to affirmatively and explicitly consent (“opt-in”) to the disclosure of the information to a non-Agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.
Accountability for Onward Transfer
Upon request, DDC will grant individuals reasonable access to Personal Data that it holds about them. In addition, DDC will take reasonable steps to permit individuals to correct, amend or delete that information where it is inaccurate, incomplete or has been processed in violation of the Principles. These access rights may not apply fully in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access.
If you would like to request access to, correction, amendment or deletion of your Personal Data, you can submit a written request to the contact information provided below. We may request specific information from you to confirm your identity. In some circumstances we may charge a reasonable fee for access to your information.
Recourse, Enforcement and Liability
DDC will conduct internal compliance reviews of its relevant privacy practices to verify adherence to this Policy. Any employee that DDC determines is in violation of this Policy will be subject to disciplinary action up to and including termination of employment.
Any questions or concerns regarding the use or disclosure of Personal Data should be directed to the DDC Privacy Department at the address given below. DDC will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the Principles contained in this Policy.
For complaints that cannot be resolved between DDC and the complainant, DDC has agreed to participate in dispute resolution using JAMS International (located in the United States) as a third party resolution provider to resolve disputes pursuant to the Privacy Shield Principles. You may submit, at no charge to you, your complaint to JAMS for mediation under the JAMS International Mediation Rules, which are accessible on the JAMS website.
You may have the option to select binding arbitration for the resolution of your complaint under certain circumstances, provided you have taken the following steps: (1) raised your compliant directly with DDC and provided us the opportunity to resolve the issue; (2) made use of the independent dispute resolution mechanism identified above; and (3) raised the issue through the relevant data protection authority and allowed the U.S. Department of Commerce an opportunity to resolve the complaint at no cost to you. For more information on binding arbitration, see the U.S. Department of Commerce’s Privacy Shield Framework: Annex I (Binding Arbitration).
Limitation on Application of Principles
Adherence by DDC to these Privacy Shield Principles may be limited (a) to the extent necessary to meet national security, public interest, or law enforcement requirements; (b) by statute, government regulation, or case law that creates conflicting obligations or explicit authorizations, provided that, in exercising any such authorization, an organization can demonstrate that its non-compliance with the Principles is limited to the extent necessary to meet the overriding legitimate interests furthered by such authorization; or (c) if the effect of the Directive or Member State law is to allow exceptions or derogations, provided such exceptions or derogations are applied in comparable contexts. Consistent with the goal of enhancing privacy protection, DDC strives to implement these Principles fully and transparently, including indicating in our privacy policies where exceptions to the Principles permitted by (b) above will apply on a regular basis. For the same reason, where the option is allowable under the Principles and/or U.S. law, DDC will opt for the higher protection where possible.
Questions or comments regarding this policy should be submitted to:
Attn: Privacy Department—Privacy Shield
One DDC Way
Fairfield, OH 45014
Changes to this Policy
This Policy may be amended from time to time, consistent with the requirements of the Privacy Shield Principles. DDC will post appropriate notice about such changes and amendments, including by updating the effective date at the top of this Policy.