Privacy Shield Policy

Adhering to the latest data protection and privacy recommendations.

Effective: 2/11/19

Introduction

Onehub Inc. ("Onehub," "our," "we" or "us") complies with the EU-US Privacy Shield Framework and Swiss-U.S. Privacy Shield Frameworks administered by the US Department of Commerce (together "Privacy Shield") regarding the collection, use and retention of EU Personal Data (as defined below) This means that Onehub certified that it adheres to the principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access and Recourse, Enforcement and Liability as defined in the Privacy Shield ("Privacy Shield Principles"). If there is any conflict between the terms in the Onehub Privacy Shield Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

For purposes of enforcing compliance with the Privacy Shield, Onehub is subject to the investigatory and enforcement authority of the US Federal Trade Commission. For more information about the Privacy Shield, see the US Department of Commerce’s Privacy Shield website located at: https://www.privacyshield.gov.

Definitions

  • Client means any individual or entity that purchases Services from Onehub.
  • EU Personal Data means any information relating to you that identifies or can be used to identify you, either separately or in combination with other readily available data that is received by Onehub in the U.S. from the EEA or Switzerland in connection with the Services.
  • Privacy Policy means Onehub’s Privacy Policy.
  • Sensitive Personal Data means EU Personal Data regarding an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, physical or mental health, or sexual life.
  • Services means the services described in Onehub’s Privacy Policy.
  • Standard Contractual Clauses means the standard data protection clauses for the transfer of EU Personal Data to processors established in third countries which do not ensure an adequate level of data protection, as described in Article 46 of the GDPR.

Scope

Onehub commits to comply with the Privacy Shield Principles with respect to the EU Personal Data received you in connection with your use of the Services. This Privacy Shield Policy does not apply to EU Personal Data transferred under Standard Contractual Clauses or any approved derogation under EU data protection law.

Privacy Shield Principles

Onehub commits to processing EU Personal Data in accordance with the Privacy Shield Principles as follows:

Notice

Onehub’s Privacy Policy notifies individuals covered by this Privacy Shield Policy about the categories of EU Personal Data that Onehub collects and the purposes for collection and use of their EU Personal Data. Onehub will only process EU Personal Data in ways that are compatible with the purpose for which Onehub collected it or for purposes later authorized.

Choice

The EU Personal Data that Onehub collects from you depends on how you uses the Services.

Our Privacy Policy describes the categories of EU Personal Data that we may receive in the US as well as the purposes for which we use that EU Personal Data. Please review the sections titled "Information We Collect" and "How We Process Personal Data" in our Privacy Policy for more information on the categories of EU Personal Data we collect and how we use your EU Personal Data.

Before Onehub uses EU Personal Data for a purpose that is materially different from the purpose for which Onehub collected it or that was later authorized, Onehub will provide you with the opportunity to opt out.

Onehub shares EU Personal Data collected through the Services with third parties that Onehub engages to help us operate the Services, improve our business or the Services, to provide Services to us (such as web hosting, data storage and similar administrative services), and to market to current and prospective Clients. Please review the section titled "How We Share Information" in our Privacy Policy for more information on how we share EU Personal Data.

If Onehub collects Sensitive Personal Data, Onehub will obtain opt-in consent if Privacy Shield requires, including before Sensitive Personal Data is used for a different purpose than that purpose for which it was collected or later authorized.

Accountability for Onward Transfer

If Onehub transfers EU Personal Data covered by this Privacy Shield Policy to a third party, Onehub takes reasonable and appropriate steps to ensure that each third party transferee processes EU Personal Data transferred in a manner consistent with Onehub’s obligations under the Privacy Shield Principles. Onehub will ensure that each transfer is consistent with any privacy notice provided to you. Onehub requires a written contract with any third party receiving EU Personal Data that ensures that the third party (i) processes the EU Personal Data for limited and specified purposes consistent with any notice provided to you, (ii) provides at least the same level of protection as is required by the Privacy Shield Principles, (iii) notifies Onehub if it cannot comply with Privacy Shield; and (iv) ceases processing EU Personal Data or takes other reasonable and appropriate steps to remediate.

Under certain circumstances, Onehub may be required to disclose EU Personal Data in response to valid requests by public authorities, including for national security or law enforcement requirements.

Onehub remains liable under the Privacy Shield Principles if an agent processes EU Personal Data covered by this Privacy Shield Policy in a manner inconsistent with the Privacy Shield Principles unless Onehub is not responsible for the event giving rise to the damage.

Security

Onehub takes reasonable and appropriate measures to protect EU Personal Data covered by this Privacy Shield Policy from loss, misuse and unauthorized access, disclosure, alteration and destruction. In determining these measures, Onehub takes into account the risks involved in the processing and the nature of the EU Personal Data.

Data Integrity and Purpose Limitation

Onehub takes reasonable steps to ensure that such EU Personal Data is reliable for its intended use, accurate, complete and current. Onehub adheres to the Privacy Shield Principles for as long as it retains EU Personal Data in identifiable form. Onehub takes reasonable and appropriate measures to comply with the requirement under the Privacy Shield to retain EU Personal Data in identifiable form only for as long as it serves a purpose of processing.

Onehub limits the collection of EU Personal Data covered by this Privacy Shield Policy to information that is relevant for the purposes of processing. Onehub does not process EU Personal Data in a way that is incompatible with the purpose for which it was collected or subsequently authorized by you.

Access

If you are covered by this Privacy Shield Policy you may have the right to access your EU Personal Data and to correct, amend or delete the EU Personal Data if the EU Personal Data is inaccurate or processed in violation of the Privacy Shield Principles. Onehub is not required to grant the rights to access, correct, amend and delete EU Personal Data if the burden or expense of providing access, correction, amendment or deletion is disproportionate to the risks to your privacy or if the rights of persons other than you are or could be violated.

To send requests for access, correct, amendment or delete EU Personal Data, please follow the instructions in Privacy Policy under the section titled The General Data Protection Regulation.

Recourse, Enforcement, and Liability

In compliance with the Privacy Shield Principles, Onehub commits to resolve complaints about your privacy and our collection or use of your EU Personal Data. Please first contact Onehub with inquiries or complaints regarding this Privacy Shield Policy at support@onehub.com.

Onehub has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to the International Centre for Dispute Resolution an independent dispute resolution mechanism operated by the American Arbitration Association. If your complaint is not satisfactorily addressed, please visit http://go.adr.org/privacyshield.html for more information and to file a complaint.

Under certain conditions detailed in the Privacy Shield, you may be able to invoke binding arbitration before the Privacy Shield Panel created by the U.S. Department of Commerce and the European Commission. To learn more, please see Privacy Shield Framework Annex I (Binding Arbitration) at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

Onehub commits to periodically review and verify its compliance with the Privacy Shield Principles and to remedy any issues arising out of failure to comply with the Privacy Shield Principles. Onehub acknowledges that its failure to provide an annual self-certification to the U.S. Department of Commerce will remove it from the Department’s list of Privacy Shield participants.

Privacy Shield Policy Changes

Onehub may amend this Privacy Shield Policy consistent with the requirements of the Privacy Shield, including notice about any amendment.

How to Contact Us

If you have any questions about this Privacy Shield Policy or would like to request access to your EU Personal Data, please contact us at us at support@onehub.com or write to us at: Onehub Inc., 1109 1st Avenue, Suite 406, Seattle, WA 98101.