1.0 Purpose:

This Policy sets forth how the Company will manage the Personal Data that it collects in the normal course of business

This Policy is applicable to Laserbeam Software, LLC and any ventures that are controlled by the Company (collectively “Laserbeam” or “Company”). Specifically, this Policy applies to:

(a) all individuals who provide or process the Personal Data, such as associates, interns, contractors, customers and business partners;
(b) all locations where the Company operates; and
(c) all methods of contact, including in person, written, via the Internet, direct mail, telephone, or facsimile. This Policy is designed to inform all associates about their obligation to protect the privacy of all individuals (whether co-associates, independent contractors, customers, or sub-contractors) and the security of their Personal Data.

Also, this site contains links to other sites. Laserbeam Software is not responsible for the privacy practices or the content of such websites.

2.0 Policy:

2.1 This Policy describes the Company’s standard procedure governing access to and use of Personal Data across borders.

2.2 This policy is established to comply with the Information Security and Data Privacy requirements of Global standards and the Client contracts.

2.3 This policy provides commitments to the principles and guidelines governing the EU-U.S. Privacy Shield Framework & Swiss Privacy Shield Framework

Controller:

Refers to the Company and its authorized third parties, which determine the purposes and means of processing of Personal Data.

Data Subject:

Refers to any associate or third person (e.g., consultant or independent contractor) who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity.

Personal Data:

Defined as any information related to an identified or an identifiable person. For example, a Data Subject’s home address, e-mail address, telephone number, or government-issued identification numbers would constitute Personal Data.

Sensitive Data:

A subset of Personal Data, and refers to any Personal Data pertaining to racial or ethnic origins, trade union membership, medical or health conditions, political or religious beliefs, sex life, salary information or criminal history.

General Business Purpose:

Defined as the Processing of Personal Data for any activity related to the commercial operations of the Company’s worldwide organization. This could include, but is not limited to, its sales, marketing, and research and development operations; protecting intellectual property; the provision of services; internal operations; information technology and general employment matters, including recruitment both internally and externally. Data processing for General Business Purposes includes, but is not limited to, publishing global directories, maintaining files, payroll processing, managing benefit and medical plans, conducting performance reviews, and intra-company communications

Processor:

Defined as a natural or legal person, or any other entity that processes Personal Data on behalf of the Controller and under its control. In this context, a Processor may be a payroll preparation firm that works on behalf of the Company and under its control. The Company requires Processors to protect the privacy, confidentiality and security of Personal Data.

Processing:

Defined as any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.

Third Party:

Defined as any natural or legal person, public authority, agency or any other entity other than the Data Subject, the Controller, the Processor and the persons who, under the direct authority of the Controller or the Processor, are authorized to process the Personal Data.

PROCEDURE

Use of Personal Data:

In the course of day-to-day business operations, authorized individuals within the Company may from time-to-time utilize and/or transfer Personal Data among various Company worldwide locations. These transfers of Personal Data are necessary in order to carry out the Company’s General Business Purposes.

Specifically, Personal Data may be used as follows:
  • To identify a Data Subject personally;
  • To communicate with a Data Subject;
  • To comply with human resource requirements;
  • To comply with government regulations;
  • To provide associate benefits;
  • To manage the business.

Integrity of Personal Data:

The Company will take reasonable steps that Personal Data and Sensitive Data are:
  • Obtained, where possible, directly from the Data Subject to whom the Personal Data relates;
  • Obtained and processed fairly and lawfully by the Company for General Business Purposes;
  • Marked for Privacy and Sensitivity as per the Data Classification Policy;
  • Relevant to and no more revealing than is necessary for General Business Purposes; and
  • Kept up-to-date to maintain data accuracy, while data is under the control of the Company,and kept only for so long as is reasonably necessary.

Notice:

The Company informs Data Subjects about the purposes for which Personal Data is collected and used. In certain situations, Personal Data may be rendered anonymous so that the names of the Data Subjects are not known by Processors. In these cases, Data Subjects do not need to be notified.

Access to Personal Data:

The Company takes steps to make sure that the Personal Data it uses is correct. The Company will allow Data Subjects reasonable access to Personal Data about themselves during normal working hours and upon reasonable request, and will be allowed to update and/or correct any inaccurate information.

Procedure for Accessing Personal Data:

Questions about Personal Data and/or authorization to access such Personal Data are to be directed to Data Subject’s human resources manager. Unauthorized access may be grounds for disciplinary actions, including termination and handled as per the Disciplinary Actions Procedure.

Security of Personal Data:

The Company will take reasonable precautions to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration and destruction in compliance to the Cryptographic Control, Access Control and Clear Screen Clear Desk policies

Transfer of Personal Data:

Subject to this Policy and the Network Services Policy, the Company may from time-to-time transfer Personal Data within and between its various worldwide locations for General Business Purposes, in compliance with country of origin regulations

Principles and this Policy:

The Company’s personnel, outside firms and consultants who receive Personal Data may be located in the Data Subject’s home country, India, the United States or any other country in which the Company or its affiliates do business. Therefore, Personal Data may be transferred to any country in the world, including but not limited to, India, the United States of America and other countries where the Company does business, and where the privacy laws may be more or less protective than the privacy laws where the Data Subjects live or work.

Choice:

Any Associate whose Personal Data is to be transferred to Third Parties as described in this Policy may choose not have his or her Personal Data transferred. A Data Subject must communicate his or her desire to “opt-out” as outlined below. Data Subjects who exercise their right to opt-out are to be informed of the impact such opt-out will have on their employment within the Company (e.g., inability to process benefits or payroll data in a timely or appropriate fashion). A Data Subject may not opt out of transfer of Personal Data which is transferred by the Company to a Third Party for the following purposes:

  • Meeting applicable legal requirements;
  • Permitting the legitimate interests of the Company in making promotions, appointments, preparing succession planning and other employment decisions.

Accountability:

The Company expects its associates, independent contractors, subcontractors, and partners to maintain the trust placed in the Company by those Data Subjects who provide personal information to the Company. The Company may periodically audit privacy compliance as per the Internal Security Audit Process, and where necessary, will extend by contract its privacy policies and data protection practices to the Company’ supplier and partner relationships.

Procedure for Inquiries, Complaints and Opt-Out:

A Data Subject may contact their local human resources manager, with inquiries or complaints regarding the Company’s processing of Personal Data or to opt out of the transfer of Personal Data.

Enforcement:

The Company will assure compliance with this Privacy Policy by periodically verifying the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible and in conformity with the Principles. The Company encourages interested persons to raise any concerns and will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of Personal Data in accordance with the Principles. This policy is governed by our Information Security Management System (ISMS) policy.

EU-U.S and Swiss-U.S. PRIVACY SHIELD FRAMEWORK:

Laserbeam Software complies with the EU-U.S. Privacy Shield Framework & Swiss Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Laserbeam Software has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/

In compliance with the Privacy Shield Principles, Laserbeam Software commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Private Shield policy should first contact Satish Kumar, Data Privacy Officer at:

satishkumar.c@laserbm.net
or directly at 925-459-1347

Laserbeam Software has further committed to cooperate with EU & Swiss data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU or Switzerland in the context of the employment relationship. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU/Swiss DPAs for more information or to file a complaint. The services of EU/Swiss DPAs are provided at no cost to you.

Laserbeam Software has further committed to cooperate with EU & Swiss data protection authorities (DPAs) and comply with the advice give by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship.

Individuals whose HR data are processed by Laserbeam Software have the following rights under the EU/Swiss Data Privacy provisions:

  • Information about the type or identity of third parties to which Laserbeam Software discloses personal information, and the purposes for which it does so. As of July 2017 we do NOT disclose information about you to any third party for any reason whatsoever. This policy will be updated if that policy should be changed.
  • Laserbeam Software is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC)
  • the possibility, under certain conditions, for the individual to invoke binding arbitration
  • Laserbeam Software complies with the requirement to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
  • Laserbeam Software has liability in cases of onward transfers to third parties. We do not transfer your personal data to third parties, nor foresee any reason that we should in the future.

Amendments:

This Privacy Policy may be amended from time to time based on the Business needs.

# Version # Date Nature of Amendment Prepared by Reviewed & Approved by
1 1.0 06-Sep-2016 Initial Version Rama Jaleesh
2 2.0 05-Nov-2016 Revised to include EU Data Privacy provisions Patrick Durall Pat D.
3 3.0 25-Jul-2017 Revised to include Swiss Data Privacy provisions. Updated Laserbeam DPO Patrick Durall Pat D.
4 4.0 Nov-11-17 Revised to update the responsible Data Privacy Officer Patrick Durall Pat D.