This policy statement is effective as of August 17, 2018, and as modified effective November 18, 2019.
Digital Management Holdings, LLC, Digital Management, LLC, Digital Mobile Innovations, LLC, CW Professional Services, LLC, and Pragiti, Inc., and its direct and indirect subsidiaries, collectively referred to in this Notice as “DMI”, “we”, “our” or “us,” have created this DMI Privacy Shield Notice (“Notice”) to describe our standards and procedures for handling Personal Data in accordance with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (“Privacy Shield”).
DMI has certified to and will adhere to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks by adopting and implementing the Privacy Shield Principles (“Principles”). More information about the Privacy Shield can be found at www.privacyshield.gov. Our Privacy Shield certification can be found at www.privacyshield.gov/list.
How We Obtain Personal Data
We obtain and process Personal Data from the European Economic Area (“EEA”) or Switzerland in different capacities:
- As a data controller, we collect and process EEA and Swiss Personal Data directly from individuals, either via our publicly available websites, including dminc.com, or in connection with our customer, partner, and vendor relationships.
- In connection with our Services, we may obtain and process EEA and Swiss Personal Data on behalf of and at the instructions of our customers. In that context, customers are the data controller.
DMI commits to subject to the Principles all Personal Data received from the EEA or Switzerland in reliance on the Privacy Shield (which includes both types of activities).
Privacy Shield Principles
- Data Integrity and Purpose Limitation
We will adhere to the Principles for as long as we retain the Personal Data collected under the Privacy Shield.
When providing our Services as a data processor, we process and retain Personal Data as necessary to provide our Services as permitted in our agreements, or as required or permitted under applicable law.
- Accountability for Onward Transfer of Personal Data
We remain responsible for the processing of Personal Data received under the Privacy Shield and subsequently transferred to a third party acting as an agent if the agent processes such Personal Data in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.
DMI takes reasonable and appropriate precautions, taking into account the risks involved in the processing and the nature of the Personal Data, to help protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction.
- Access and Choice
If we intend to use your Personal Data for a purpose that is materially different from the purposes for which it was originally collected or subsequently authorized, or if we intend to disclose it to a third party acting as a data controller not previously identified, we will offer you the opportunity to opt out of such uses and/or disclosures where it involves non-sensitive information or opt in where sensitive information is involved.
Where appropriate, you have the right to access the Personal Data we maintain about you and to correct, amend or delete that information when it is inaccurate or has been processed in violation of the Principles by sending a written request as indicated in “Contact Information” below. We will review your request in accordance with the Principles, and may limit or deny access to Personal Data as permitted by the Principles.
When providing our Services as a data processor, we only process and disclose the Personal Data as specified in our agreements. Our customers control how Personal Data is disclosed to us and processed, and how it can be modified. Accordingly, if you want to request access, or to limit use or disclosure of your Personal Data, please contact the company to whom you submitted your Personal Data and that uses our Services. If you provide us with the name of the company to whom you provided your Personal Data and who is our customer, we will refer your request to that customer and support them in responding to your request.
- Recourse, Enforcement and Liability
We conduct an annual self-assessment of our practices regarding Personal Data intended to verify that the assertions we make about our practices are true and that such practices have been implemented as represented.
If you have any questions or concerns, we encourage you to first write to us as indicated below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the Principles.
If an issue cannot be resolved through DMI’s internal dispute resolution mechanism, you may submit a complaint, at no cost, to JAMS, which serves as DMI’s alternative dispute resolution provider. For residual complaints not fully or partially resolved by other means, you may be able to invoke binding arbitration as detailed in the Principles available here.
DMI is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
How is this Notice Updated?
This Notice may be amended consistent with the requirements of the Privacy Shield. When we update this Notice, we will also revise the “Last Updated” date at the top of this document. Any changes to this Notice will become effective when we post the revised version on our website.
If you have any questions, concerns or complaints regarding our privacy practices, or if you would like to exercise your choices or rights, you can contact us:
- via mail at firstname.lastname@example.org or
- by mailing to:
One Rock Spring Plaza
6550 Rock Spring Drive
Attn: DMI CISO/DPO
Bethesda MD 20817