At O'Neil DataTech LLC we are dedicated to conducting our business in a manner that complies with the EU Safe Harbor Principles published by the U.S. Department of Commerce. The Safe Harbor Principles were developed to aid U.S. businesses in addressing and assessing their privacy policies and practices as they may relate to the European Union's Directive 95/46/EC on data privacy for "personal data" (including any EU member state's rules, regulations or laws enabling such Directive, herein the "Directive"). Personal data is information relating to an identified or identifiable natural person. It includes personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union memberships and information concerning the personal activities, undertakings, traits or habits of a particular individual. An identifiable person is one who can be identified, directly or indirectly, by reference to an identification number or to one or more factors specific to the person's physical, physiological, mental, economic, cultural or social identity. Personal data may be considered transferred outside the EU under the Directive if it falls under one of two situations that are described below. For the Directive to apply, the personal data must be processed, wholly or partly, by automatic means or if not processed to any extent by automatic means, it forms (or is intended to form) part of a filing system.
Processor on Behalf
O'Neil DataTech LLC (O'Neil) provides cloud based web services, which includes the storage of data, in an online repository known as the Connector-CloudTM. This service is designed to help companies manage their off-site records stored at commercial record centers utilizing O'Neil Software Inc's RS-SQL® software. O'Neil provides this cloud based service though its' customers comprising a large geographic coverage of more than 80 countries worldwide. O'Neil does not own or control any of the information stored or processed by any customer, including by or on behalf of any customer's client(s). Only our customers and their clients are entitled to process, store, access, and retrieve such information.
Through careful analysis of specific business requirements, O'Neil's customers may recommend that their clients are better served by utilizing the O'Neil Connector-Cloud web services. O'Neil customers recommending this service to their clients must clearly explain that the client(s) information that originates in the EU will be stored on an Amazon server located in the U.S. and which is accessible over the Internet only by our customer or our customer's client(s).
O'Neil does not own or otherwise disclose or make available to third parties the data that is stored through use of its Connector-Cloud web service by our customers or our customer's client(s), and such data is considered owned or controlled only by that customer's client(s) or our customer, including if acting on behalf of the customer or the customer's client. O'Neil does not actively process the data stored on its server under the Connector-Cloud web service. Furthermore, under no circumstances may O'Neil independently cause our customer's data or our customer's client(s) data to be transferred to any third party, such action being limited to either our customer or our customer's client(s). Also, O'Neil's standard operating policy in this case is not to directly cause a transfer of any such data other than to return it to the applicable customer. In this capacity, O'Neil should be considered only as a processor in behalf as to any personal data that may be considered transferred from the EU to the U.S. subject to the requirements of the Directive. As such, either our customer or, more particularly, our customer's client(s) is(are) the Data Controller as they or one of them have the actual control over the way any personal data is collected and used as well as the determination of the purposes and means of the processing of such data. O'Neil is not responsible for the content of the information stored on its server by our customers or our customer's client(s) nor is O'Neil responsible for the way our customers or our customer's client(s) treat such information.
The Safe Harbor Principles require that those who collect and determine the purposes and the means of the processing of personal data to fulfill very specific requirements related to compliance with the Directive. The specific functions of a Data Controller will depend on the specific laws of each EU member state. However, since O'Neil is not the collector or in control of any personal data, because it, neither alone nor jointly with others, will determine the purposes and means of collecting and the processing and uses of such data, it should not be considered as acting in the capacity of Data Controller with attendant responsibilities under the Directive or the Safe Harbor Principles. Although O'Neil, without its actual knowledge, may be provided data or information subject to the Directive by customers by means other than use of the Connector-Cloud web services in order to aid in the resolution of a technical issue, it should not be considered a data collector or Data Controller as to such data. Furthermore, O'Neil requires that our customers and our customer's clients(s) do not include personal data in such transmittal to it, and it may reject and return such data to the sender if it becomes aware that such data is not in compliance with such requirement.
Web Services License Agreement
O'Neil and our customers enter into a contract with regards to the Connector-Cloud web service and this includes that each party understands its role in complying with the Directive and the Safe Harbor Principles. Any data considered processed or stored by O'Neil on behalf of our customer or any customer's client(s) will not be further disclosed to third parties, except as directed or required by our customer or customer's client(s), each acting only in compliance with the Directive. If in the unlikely event, any information which is identified as sensitive personal information must be treated accordingly.
The contract with our customer also will specify that our customer is responsible for implementing and maintaining reasonable security measures relating to our customer or customer's client(s) access to the data stored within the O'Neil Connector-Cloud, including assignment and administration of all identification codes and passwords authorizing such access. Our customer or our customer's client(s), as applicable, is responsible for all security measures relating to such identification codes and passwords. O'Neil has in place commercially reasonable measures to protect data on its network from loss, misuse, unauthorized access, disclosure and alteration and destruction. As merely a processor on behalf of our customer or our customer's client(s) (who is considered the EU Data Controller), O'Neil is not required to apply other Safe Harbor Principles to personal information subject to the Directive and considered received for processing (i.e., storage) from our customers or customer’s client(s).
O’Neil requests that our customers comply with their respective obligations under the Directive and our customer confirms by means of agreement that any data being managed under our Connector-Cloud is non-confidential, nor do we recommend the use of our web services for the management of Personal Information.
O’Neil is entirely dependent on our customer’s compliance with the Directive in connection with any authorization for access to such customer’s or customer’s client(s) data in the Connector-Cloud as well as its nature and content. O’Neil has no requirement to access data located on its Connector-Cloud other than as expressly permitted or directed by our customers and, in no case, will O’Neil be involved in the further processing or manipulation of such data. O’Neil takes reasonable steps to assure that any data that is considered transferred from the EU to the U.S. is maintained in a reliable, accurate and complete state, subject always to any deficiencies in the state in which it was received that may have been caused by others. The steps O’Neil undertakes to assure data integrity is provided to take into consideration the Safe Harbor Principles.
As noted above, the control of access to data stored on the Connector-Cloud web services is under the direct and primary control of and subject to the security measures undertaken by the O’Neil customer base. O’Neil has made provisions that all data “at rest” and stored in the Connector-Cloud system is encrypted to better assure the protection and confidentiality of such data. O’Neil has in place security procedures and commercially reasonable security measures to protect all information stored on the utilized servers from loss, misuse, unauthorized access, disclosure, alteration and destruction.
O’Neil’s customers will be notified of any breach of the security measures implemented by O’Neil that O’Neil becomes aware of, and our customer is responsible for notifying our customer’s customer(s) of such breach. Any measures or actions required to be undertaken by our customers or customer’s client(s) in connection with such breach are solely the responsibility of our customers, as applicable. If O’Neil receives a request to download data stored in the Connector-Cloud by our customer onto archival media, O’Neil will do so only upon receipt of a written request and directions (including by email) therefore from the requesting customer, as applicable, and such media will be sent via a reliable carrier or courier, as authorized by the customer. Upon its delivery to such carrier or courier, O’Neil shall have no further obligation thereafter for the security or safety of the data included on such media.
Any compromise of security or potential compromise of security and any inquiries concerning security should be reported or directed to O’Neil. Contact information is provided below.
Connector-CloudTM Project Director
O’Neil DataTech LLC
11 Cushing, Suite 100
Irvine, CA 92618-4220
Federal Trade Commission
Attn: Consumer Response Center
600 Pennsylvania Avenue NW
Washington, D.C. 20580
Limitation on Application of the Safe Harbor Principles
O’Neil’s adherence to the Safe Harbor Principles may be limited to the extent expressly permitted by applicable law, rule or regulation.