DMI Privacy Shield Notice

Last Updated: 8/31/2018

 
Digital Management Holdings, LLC, Digital Management, LLC, and Digital Mobile Innovations, LLC and its direct and indirect subsidiaries, collectively referred to in this Notice as “DMI”, “we”, “our” or “us,” have created this DMI Privacy Shield Notice (“Notice”) to describe our standards and procedures for handling Personal Data in accordance with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (“Privacy Shield”).
 
DMI has certified to and will adhere to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks by adopting and implementing the Privacy Shield Principles (“Principles”). More information about the Privacy Shield can be found at www.privacyshield.gov. Our Privacy Shield certification can be found at www.privacyshield.gov/list.
 
This Notice supplements our DMI Privacy Policy [https://dminc.com/privacy-policy/]. Unless specifically defined in this Notice, the terms in this Notice have the same meaning as in our DMI Privacy Policy [https://dminc.com/privacy-policy/]. In case of conflict between the DMI Privacy Policy and this Notice, this Notice prevails. In case of conflict between this Notice and the Principles, the Principles will govern.

How We Obtain Personal Data

We obtain and Process Personal Data from the European Economic Area (“EEA”) or Switzerland in different capacities:

  • As a data controller, we collect and Process EEA and Swiss Personal Data directly from individuals, either via our publicly available websites, including dminc.com, or in connection with our customer, partner, and vendor relationships.
  • In connection with our Services, we may obtain and Process EEA and Swiss Personal Data on behalf of and at the instructions of our customers.  In that context, customers are the data controller.

DMI commits to subject to the Principles all Personal Data received from the EEA or Switzerland in reliance on the Privacy Shield (which includes both types of activities).

Privacy Shield Principles

  1. Notice
    Our DMI Privacy Policy [https://dminc.com/privacy-policy/] in combination with this Notice describes our privacy practices. When providing our Services as a data processor, our customers determine the categories of Personal Data we Process and the purposes of the processing. Accordingly, our customers are responsible for providing notice to individuals.
  2. Data Integrity and Purpose Limitation
    Any Personal Data we receive may be processed by DMI for the purposes indicated in our DMI Privacy Policy [https://dminc.com/privacy-policy/] or as otherwise notified to you. We will not Process Personal Data in a way that is incompatible with these purposes unless subsequently authorized by you.
     
    We take reasonable steps to limit the collection and usage of Personal Data to that which is relevant for the purposes for which it was collected, and to ensure that such Personal Data is reliable, accurate, complete and current.  Individuals are encouraged to keep their Personal Data with DMI up to date and may contact DMI as indicated below or in the DMI Privacy Policy [https://dminc.com/privacy-policy/] to request that their Personal Data be updated or corrected.

    We will adhere to the Principles for as long as we retain the Personal Data collected under the Privacy Shield.
     
    When providing our Services as a data processor, we Process and retain Personal Data as necessary to provide our Services as permitted  in our agreements, or as required or permitted under applicable law.

  3. Accountability for Onward Transfer of Personal Data
    DMI may transfer Personal Data as described in the DMI Privacy Policy [https://dminc.com/privacy-policy/].  When providing our Services as a data processor, we disclose Personal Data as provided in our agreement with customers.
     
    We remain responsible for the Processing of Personal Data received under the Privacy Shield and subsequently transferred to a third party acting as an agent if the agent Processes such Personal Data in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.
  4. Security
    DMI takes reasonable and appropriate precautions, taking into account the risks involved in the Processing and the nature of the Personal Data, to help protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction.
  5. Access and Choice
    If we intend to use your Personal Data for a purpose that is materially different from the purposes for which it was originally collected or subsequently authorized, or if we intend to disclose it to a third party acting as a data controller not previously identified, we will offer you the opportunity to opt out of such uses and/or disclosures where it involves non-sensitive information or opt in where sensitive information is involved.
     
    Where appropriate, you have the right to access the Personal Data we maintain about you and to correct, amend or delete that information when it is inaccurate or has been processed in violation of the Principles by sending a written request as indicated in “Contact Information” below.  We will review your request in accordance with the Principles, and may limit or deny access to Personal Data as permitted by the Principles.
     
    When providing our Services as a data processor, we only Process and disclose the Personal Data as specified in our agreements.  Our customers control how Personal Data is disclosed to us and Processed, and how it can be modified.  Accordingly, if you want to request access, or to limit use or disclosure of your Personal Data, please contact the company to whom you submitted your Personal Data and that uses our Services.  If you provide us with the name of the company to whom you provided your Personal Data and who is our customer, we will refer your request to that customer and support them in responding to your request.
  6. Recourse, Enforcement and Liability
    We conduct an annual self-assessment of our practices regarding Personal Data intended to verify that the assertions we make about our practices are true and that such practices have been implemented as represented.
     
    If you have any questions or concerns, we encourage you to first write to us as indicated below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the Principles.
     
    If an issue cannot be resolved through DMI’s internal dispute resolution mechanism, you may submit a complaint, at no cost, to JAMS [https://www.jamsadr.com/eu-us-privacy-shield], which serves as DMI’s alternative dispute resolution provider. For residual complaints not fully or partially resolved by other means, you may be able to invoke binding arbitration as detailed in the Principles available here [https://www.privacyshield.gov/article?id=ANNEX-I-introduction].
    DMI is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

How is this Notice Updated?

This Notice may be amended consistent with the requirements of the Privacy Shield. When we update this Notice, we will also revise the “Last Updated” date at the top of this document. Any changes to this Notice will become effective when we post the revised version on our website.

Contact information

If you have any questions, concerns or complaints regarding our privacy practices, or if you would like to exercise your choices or rights, you can contact us:

  • via email at privacy@dminc.com or
  • by mailing to:
    One Rock Spring Plaza
    6550 Rock Spring Drive
    7th Floor
    Attn: DMI CISO/DPO
    Bethesda MD 20817
    USA