Privacy Shield Certification
In order to provide our customers with the most controls over their personal information, Groundlink has taken an extra step. Groundlink has self-certified with the EU-US and Swiss-US Privacy Shields. Read below to learn more about the privacy shields and how to utilize them.
What are the privacy shields?
The EU-US and Swiss-US Privacy Shields are frameworks designed jointly by the U.S. Department of Commerce and, respectively, the European Commission and Swiss Administration, for companies to assure that the transfers of personal data from the European Union or Switzerland to the United States abide by the EU or Swiss data protection requirements. This is the link to our page in the Privacy Shield List: https://www.privacyshield.gov/participant?id=a2zt00000008VvPAAU&status=Active
What do these certifications affect?
Here are a couple of important changes following our Privacy Shield self-certification:
1) Groundlink has elected its independent recourse mechanism in the International Center for Dispute Resolution of the American Arbitration Association. This allows residents of the EU and Switzerland who didn’t receive timely acknowledgment or satisfactory addressing of their Privacy Shield-related complaints to have such complaints investigated and resolved at no cost
2) As a last-resort option for dispute resolution – and limited to the eligible claims – EU or Swiss residents can also use the so-called “Annex I Binding Arbitration Mechanism” to determine through arbitration whether GroundLink violated its data protection obligations and whether any such violation remains fully or partially un-remedied.
Below are the steps needed for an EU or Swiss resident to complain about GroundLink’s data protection practices:
a) First, the claim has to be raised directly with GroundLink and Groundlink will have 45 days to solve the issue.
b) If a timely acknowledgment or satisfactory addressing of the claim isn’t received, the International Center for Dispute Resolution of the American Arbitration Association, mentioned in item 1) above, can be used
c) If the claimant isn’t satisfied, an issue can be raised through their country’s Data Protection Authority to the US Dept. of Commerce. The latter will have 90 days to solve the issue.
d) Finally, only if items a) through c) have been used (and other conditions are met, e.g. the claim wasn’t decided upon by a court judgment in which the claimant was a party) and a solution hasn’t been found, the claimant can invoke binding arbitration at no cost with the Binding Arbitration Mechanism mentioned in item 2) above.