Privacy Policy

Scope and Applicability

This Privacy Policy applies to all data and information collected by Prophet that allows for identification of an individual (Personal Information (PI) or Personally Identifiable Information (PII)), including all personal data received from the EU, UK and Switzerland  As used within this Privacy Policy, the term “Personal Information” shall be used to refer to any combination of PI and/or PII. The Personal Information (of either clients or employees) may include but is not limited to names, email addresses, date of birth, social security number, mailing and/or business addresses, telephone and fax numbers and employee identification information.

Adherence to this policy applies to all employees who work for Prophet.

Policy

The following sections of this Privacy Policy comply with the seven Principles and sixteen Supplemental Principles of the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF where applicable.

Notice

This Privacy Policy applies to all Personal Information collected by Prophet, including all personal data received from the EU, UK and Switzerland. The Personal Information (of either clients or employees) may include but not be limited to names, email addresses, date of birth, social security number, mailing and/or business addresses, telephone and fax numbers and employee identification information.

Prophet collects, handles and processes your Personal Information only for business purposes with you and/or your company. If your Personal Information is collected and used, Prophet will notify you, usually at the time of collection or as soon as possible after the information is collected. Prophet may disclose your Personal Information to comply with any lawful requests from public authorities, law enforcement, or matters of national security.

Prophet does not sell or rent your Personal Information to anyone. Prophet may disclose your Personal Information to third parties for legitimate business purposes. The types of third parties that may be used by Prophet, and the purposes for disclosing Personal Information, include but are not limited to:

• Vendors that assist with payroll, benefits and HR support for employees
• Vendors that supply software as a service (SaaS) for internal communications and sales tracking
• Credit card companies that have employee credit card information
• Travel expense vendors who manage employee travel expense information
• Vendors who provide project support or project management support
• Vendors who provide analytics services for Prophet’s client projects
• Vendors who provide backup or storage services for data

Online Information

When you visit a Prophet website your web browser software may automatically provide us with information such as the browser name and version, your computer type, operating system and the previous website you visited if you clicked a link to our site from another website. We also automatically determine your internet IP address or your internet service provider’s IP address. Any of this information may be recorded in our system logs or securely collected on our behalf via third-party services. This information will only be used internally in anonymized, aggregate reporting.

You may choose to provide Prophet with additional Personal Information by completing our online forms. We will inform you of how this Personal Information will be used at the point of collection, and Prophet will only use such Personal Information as described in this Privacy Policy.

Use of Cookies

Certain parts of our website use cookies to provide a more optimal web experience. A cookie is a small piece of data sent to your web browser and saved on your computer. On subsequent visits to our site, your browser will automatically re-transmit the cookie data to our site. We may use cookies to customize the content shown to you, to provide conveniences to your browsing experience or to track aggregate traffic trends on our site. You are not required to accept and store cookies to browse our websites. However, to access any of our protected websites that require a username and password, you will need to accept and store an authentication-related cookie for the duration of your visit.

Our website contains links to other sites. Prophet does not share your Personal Information with these sites, nor do we have any control over the privacy policies of those sites. We encourage you to learn about the privacy policies of the companies responsible for those sites.

Employee Information

We collect and use employee information only for business purposes, and our employees’ Personal Information is never sold or rented to third parties. Data may be collected and stored from potential candidates for hire with Prophet, which includes direct employees and contractors. Employee information, including Personal Information, performance and disciplinary information, health-related information or other sensitive employee information is only accessible by Prophet employees who have legitimate human resource purposes, and/or a business need to know.

European Union, UK and Swiss employees are notified at the time of their employment how their Personal Information will be used. Prophet will comply with any investigations from EU, UK or Swiss Authorities, as applicable by law.

You can contact us with any data inquiries, complaints, to gain access to your data or understand how to limit the use and disclosure of your data by emailing dpo@prophet.com.

Additional details on individual data rights are listed below and can be found further along in this policy.

• Independent dispute resolution bodies
• Investigatory and enforcement powers
• Invoking binding arbitration
• Requirements to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements
• Our liability in cases of onward transfers to third parties
• Third parties we share your data with

Choice

Prophet will provide you with the opportunity to opt out of having your Personal Information (1) disclosed to a third party who is not currently working for Prophet, and (2) used for a purpose that is different from the original use or purpose when it was collected or authorized for use by you. The only exception to this choice is the requirement of disclosure of Personal Information by government or judicial order, or other legal requirements.

You can choose to opt out of marketing materials from Prophet at any time. To exercise your rights to limit how your data is used as described above, contact us at dpo@prophet.com with instructions on which opt-out options you would like applied to your Personal Information. Prophet system administrators will manually apply the appropriate control measures to any records that contain your Personal Information.

Under the DPF Program, organizations do not have to obtain express consent (opt-in) with respect to sensitive data (including Personal Information) under the following processing conditions – If the data processing is in the vital interest of the data subject or another person, if it is necessary for the establishment of legal claims or defenses, if it is required to provide medical care or diagnosis, if the data processing is carried out in the course of legitimate activities by a foundation, association or any other non-profit body with a political, philosophical, religious or trade-union aim and on condition that the processing relates solely to the members of the body or to the persons who have regular contact with it in connection with its purposes and that the data are not disclosed to a third party without the consent of the data subjects, if it is necessary to carry out an organization’s obligations in the field of employment law, or if it is related to data that has been made public by the individual.

Accountability for Onward Transfer of Personal Data

Prophet will not transfer Personal Information originating in the EU, UK or Switzerland to third parties unless such third parties have entered into an agreement in writing that requires them to provide at least the same level of privacy protection to Personal Information as required by the Principles of the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.. Prophet only transfers data to agents or third-party service providers who have a legitimate need to the information in order to provide services on behalf of Prophet. Prophet will be liable for these data transfers to third parties.

Security

Prophet is committed to protecting the Personal Information that it collects and stores, and we have implemented technical, operational, and administrative security measures to prevent the loss, misuse, disclosure, alteration, theft, or destruction of such information.

Data Integrity and Purpose Limitation

Prophet only collects and retains Personal Information that is relevant to the purposes for which it is collected. Personal Information will not be used in a way that is incompatible with such purposes unless such use has been explicitly authorized by you. Prophet will take reasonable steps to preserve the integrity of your Personal Information and to ensure that it is reliable for its intended use, accurate, complete, and current. Prophet may contact you to verify that the data we have is accurate and current.

This obligation does not prevent Prophet from processing Personal Information for longer periods for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research, and statistical analysis.  In these cases, such processing shall be subject to the other principles and provisions of the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

Access

You have the right to access and correct your Personal Information that is used by Prophet. You can correct, amend, or request that information be deleted if it is inaccurate or has been processed in violation of the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

The only exception to an access request for Personal Information is where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question, or where the rights of other persons would be violated. To confirm that Prophet has Personal Information relating to you, or to make any other access or correction requests, contact us at dpo@prophet.com or call us at +1 415 518-5692. Prophet employees may request and review their Personal Information by emailing employeehr@prophet.com.

Recourse, Enforcement and Liability

If you have any questions or concerns about Prophet’s compliance with our Privacy Policy or the DPF, please contact us at dpo@prophet.com or call us at +1 415 518-5692. We will investigate your complaint thoroughly and will respond to you within 45 days from the time we were notified.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Prophet commits to resolve complaints about our collection or use of your Personal Information. EU, UK, and Swiss individuals with inquiries or complaints regarding our DPF policy should first contact Prophet at: dpo@prophet.com or call us at +1 415 518-5692

If you are not satisfied with Prophet’s response to your complaint, we will provide an additional recourse mechanism at no cost to you.

Prophet cooperates and complies with the EU data protection authorities (DPAs) under the EU-U.S. DPF, the Swiss-U.S. DPF, the UK ICO under the UK Extension to the EU-U.S. DPF under the UK Information Commissioner’s Office (ICO) and the EU-U.S. DPF and the Swiss-U.S. under the Swiss Federal Data Protection and Information Commissioner (FDPIC) and complies with the advice given by such authorities with regard to human resources and non-human resources data transferred from the EU, UK and Switzerland.

Contact information for the EU DPA, UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection Information Commissioner are as follows:

European Data Protection Supervisor

Rue Wiertz 60
1047 Bruxelles/Brussel
Office: Rue Montoyer 63, 6th floor
Tel. +32 2 283 19 00
Fax +32 2 283 19 50
e-mail: edps@edps.europa.eu
Website: http://www.edps.europa.eu/EDPSWEB/

UK Information Commissioner’s Office (ICO)

Wycliffe House
Water Lane, Wilmslow
Cheshire, SK9 5AF, England12.
Tel. +0303 123 111312
Fax +01625 5245102
Website: https://ico.org.uk/

Swiss Federal Data Protection and Information Commissioner

Verantwortliche Person Adrian Lobsiger
Adresse Feldeggweg 1, 3003 Bern
Telefonnummer +41 (0)58 462 43 95 (Mo. bis Fr., 10.00 bis 12.00 Uhr)
Email-Adresse Kontaktformular
Webseite www.edoeb.admin.ch

Additional lists of more specific DPAs by country, city or region can be found here – http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm and here –https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/links/data-protection—switzerland.html.

Under certain conditions, if you are not satisfied with the recourse mechanisms provided by Prophet or Prophet’s compliance with the DPF, you may be able to invoke binding arbitration to address your complaint.

Right to Change Policy

Any changes to the EU-U.S. DPF and the Swiss-U.S. DPF, or the addition of new or updated applicable laws will result in changes to this Privacy Policy. Prophet reserves the right to amend this Privacy Policy and its related business procedures at any time.

Prophet Employee Policy Adherence and Enforcement

It is the responsibility of all Prophet employees to read and adhere to this Privacy Policy, and by signing this Privacy Policy, each employee agrees to abide by its contents. Any employee found to have violated this Privacy Policy may be subject to disciplinary action, up to and including termination of employment.