Other Covered Entities: Worldnet Transportation Inc.
The Federal Trade Commission (FTC) has jurisdiction over Worldnet’s compliance with Privacy Shield.
All Worldnet employees, temporary employees and contractors, within all Worldnet US entities and/or subsidiaries, who handle Personal Data from Europe, the United Kingdom and Switzerland are required to comply with this Policy.
"Customer" means a prospective, current, or former customer of Worldnet. The term also shall include any affiliate, individual agent, employee, representative, or customer of a Worldnet Customer where Worldnet has obtained his or her Personal Data from such Customer as part of its business relationship with the Customer or when made available to provision communications, logistics and supply chain services.
"Data Subject" means an identified or identifiable natural living person. An identifiable person is one who can be identified, directly or indirectly, by reference to a name, or to one or more factors unique to his or her persons. For Customers residing in Switzerland, a Data Subject also may include a legal entity.
"Employee" means an employee (whether temporary, permanent, part-time, or contract), former employee, independent contractor, or job applicant of Worldnet or any of its affiliates or subsidiaries, who is also a resident of a country within the European Economic Area.
"Europe" or "European" refers to a country in the European Economic Area.
"Personal Data" as defined under the European Union Directive 95/46/EC means data that personally identifies or may be used to personally identify a person, including an individual's name in combination with country of birth, marital status, emergency contact, salary information, terms of employment, job qualifications (such as educational degrees earned), address, phone number, e-mail address, user ID, password, and identification numbers. Personal Data does not include data that is de-identified, anonymous, or publicly available. For Switzerland, the term "person" includes both a natural person and a legal entity, regardless of the form of the legal entity.
"Sensitive Data" means Personal Data that discloses a Data Subject's medical or health condition, race or ethnicity, political, religious or philosophical affiliations or opinions, sexual orientation, or trade union membership.
"Third Party" means any individual or entity that is neither Worldnet nor a Worldnet employee, agent, contractor, or representative.
This Policy applies to the processing of Personal Data that Worldnet receives in the United States concerning Customers and Employees who reside in Europe, the United Kingdom and Switzerland.
Worldnet provisions logistic and supply chain services.
This Policy does not cover data from which individual persons cannot be identified or situations in which pseudonyms are used. (The use of pseudonyms involves the replacement of names or other identifiers with substitutes so that identification of individual persons is not possible.)
Worldnet’s Quality Department will oversee its information security program, including its compliance with the Privacy Shield program. The department shall review and approve any material changes to this
program as necessary. Any questions, concerns, or comments regarding this Policy also may be directed to firstname.lastname@example.org.
Worldnet will renew its Privacy Shield certification annually, unless it subsequently determines that it no longer needs such certification or if it employs a different adequacy mechanism.
Prior to the re-certification, Worldnet will conduct an internal audit as part of its Management System to ensure that its attestations and assertions with regard to its treatment of Personal Data are accurate and that the company has appropriately implemented these practices. Specifically, as part of the verification process, Worldnet will undertake the following:
§ Ensure that this Policy continues to comply with the Privacy Shield Principles
§ Confirm that Customers are made aware of the process for addressing complaints and any independent dispute resolution process
§ Review its processes and procedures for training Employees about Worldnet's participation in the Privacy Shield program and the appropriate handling of Personal Data
6. PROCESSING PERSONAL DATA
Worldnet provides various services to its Customers, which are predominantly busineses, although individual consumers are not restricted from purchasing such services.
Worldnet collects Personal Data from Customers when they purchase our services, register with our website, log-in to their account, complete surveys, request information from us, or otherwise communicate with us.
Personal information regarding current, former and prospective employees are collected to perform human resource administration, operate the business and maintaining contact with individuals.
As a general matter, Worldnet collects the following types of Personal Data: contact information, including, a contact person's name, email address, mailing address, telephone number, mobile/cell number, title, and company name.
Worldnet collects, uses, stores and transmits personal data for lawful and valid business use, retains data for improvement, recordkeeping, audit and compliance purposes, does not disclosure personal data to third parties unless there is a need to know for the purpose of business administration, performing human resource administration, provisioning of logistics services or communicating service provisions with those person(s).
7. DISCLOSURES & ONWARD TRANSFERS OF PERSONAL DATA
Except as otherwise provided herein, Worldnet discloses Personal Data only to Third Parties who reasonably need to know such data. Such recipients must agree to abide by confidentiality obligations.
Disclosure via transmission to third parties of Non-HR personal data for customers, customer affiliates, vendors or employees may be required in the following examples, but not limited to;
1. Facilitating logistics transactions
a. Shipment pickup
b. Customs Clearance
c. Shipment delivery
d. Shipment notifications
2. Post Delivery Services
a. Insurance claims
b. Debt collection
3. Government Reporting
4. Tax Purposes
Disclosure via transmission to third parties of HR personal data for employees, temporary employees or contractors may be required in the following examples, but not limited to;
1. Business Administration
a. Financial and Commercial assessments
b. Government Reporting
c. Tax Purposes
d. Human/Workforce analysis
e. Benefits comparison and analysis
Worldnet also may disclose Personal Data for other purposes or to other Third Parties when a Data Subject has consented to or requested such disclosure.
Worldnet may be forced to disclose an individual's personal information when compelled by a request made by a recognized public authority or where required to meet national security and or law enforcement requirements.
To the extent provided by this Policy and Principles, Worldnet remains responsible and potentially liable under the Privacy Shield Principles if a third-party that it engages to process personal information on its behalf does so in a manner inconsistent with the Privacy Shield Principles or Contract/Agreement unless Worldnet proves that it is not responsible for the case arising to the damage or breach.
8. SENSITIVE DATA
Worldnet does not collect Sensitive Data from its Customers.
9. DATA INTEGRITY AND SECURITY
Worldnet uses reasonable efforts to maintain the accuracy and integrity of Personal Data and to update it as appropriate. Worldnet has implemented physical and technical safeguards to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alternation, or destruction.
For example, electronically stored Personal Data is stored on a secure network with firewall protection, and access to Worldnet's electronic information systems requires user authentication via password, Two Factor Authentication (2FA) or similar means. Worldnet also employs access restrictions, limiting the scope of employees who have access to Customer Personal Data. Further, Worldnet facilities have physical safeguards, such as access control and monitoring to prevent unwanted physical access.
Despite these precautions, no data security safeguards guarantee 100% security all of the time.
Worldnet notifies Employees about their rights via internal policies, training and email notifications.
11. ACCESSING PERSONAL DATA
Worldnet personnel may access and use Personal Data only if they are authorized to do so and only for the purpose for which they are authorized.
12. RIGHTS TO ACCESS, CHANGE OR DELETE PERSONAL DATA
§ Right to Access - as a customer of Worldnet services, you have the right to access your data at any time. Data subjects have the right to know what Personal Data about them is included in the
databases and to ensure that such Personal Data is accurate and relevant for the purposes for which Worldnet collected the Personal Data. Data Subjects may review their own Personal Data stored in the databases and correct, erase, or block any data that is incorrect, as permitted by applicable law. Upon reasonable request and as required by the Privacy Shield principles, Worldnet allows Customers access to their Personal Data, in order to correct or amend such data where inaccurate.
§ Data Retention - Note that personal data is not removed from our systems permanently upon closure of Customer accounts. Worldnet retains transaction and personal data for a minimum of seven (7) years to comply with various recordkeeping and auditing requirements. No maximum period is defined.
§ Amendment and Limiting Use of Personal Data - Customers may edit their Personal Data by either logging into their account or by contacting Worldnet via email. To request amendment or limitation of use regarding their Personal Data as specified in this Policy, Customers should submit a written request to their local Worldnet office or by email to email@example.com.
§ Authentication - Customers who request their Personal Data will be required to authenticate their identity by email, phone or mail.
§ Response Commitment - Worldnet’s SLA is to respond and resolve within thirty (30) days all reasonable written requests to view, amend, limit or delete Personal Data.
This Policy may be amended from time to time, consistent with the Privacy Shield Principles and applicable data protection and privacy laws and principles. We will make employees available of changes to this policy either by posting to our intranet, through email, or other means. Customers may access the most updated version of this policy on our website.
14. QUESTIONS OR COMPLAINTS
Customers may contact Worldnet with questions or complaints concerning this Policy at the following address firstname.lastname@example.org.
15. ENFORCEMENT AND DISPUTE RESOLUTION
In compliance with the Privacy Shield Principles, Worldnet commits to resolving complaints about our collection or use of your personal information within thirty (30) days. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Worldnet at: email@example.com.
Worldnet has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regards to unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of the employment relationship.
If an individual has an unresolved complaint or concern that is not addressed timely or to your satisfaction, that individual may contact our U.S. based third party dispute resolution, the International Centre for Dispute Resolution/American Arbitration Association ("ICDR/AAA"). Please contact or visit ICDR/AAA for more information or to file a complaint.
If the dispute involved human resources personal information, or information collected in the context of an employment relationship, we will cooperate with the competent EU or Swiss data protection authorities and comply with the advice of such authorities.
You may have the option to select binding arbitration under the Privacy Shield Panel for the resolution of your complaint under certain circumstances. For further information, please see the Privacy Shield website. To learn more about the Privacy Shield Framework, and to view Worldnet’s certification, please visit https://www.privacyshield.gov. Under certain conditions, more fully described on the Privacy Shield Website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.