Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM
This EU-US and SWISS-US Data Privacy Framework Policy (“DPF Policy”) supplements the GuardianSec Privacy Notice or other applicable privacy notice which is generally provided at the time of data collection or as soon as practical thereafter. This DPF Policy applies to the transfers of personal data from the European Union, the United Kingdom (and Gibraltar), and Switzerland in order to comply with the transfer requirements under data protection laws, including the EU General Data Protection Regulation (“GDPR”).
GuardianSec has certified that it adheres to the DPF Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement, and liability with respect to all personal data received from the EU, UK, or Switzerland in reliance on the DPF. GuardianSec is subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC), which has jurisdiction over GuardianSec’s compliance with this Policy and the DPF.
Purpose of Data Processing
GuardianSec processes personal data for the purpose of providing client services. Personal Data relating to clients is collected from clients who provide it to us in connection with our provision of services to those clients. Client data is processed in the normal conduct of our business relationship with the client, to perform the services requested by and contracted with our clients.
GuardianSec also processes personal data for the purposes of recruitment, employment, and marketing, or for other purposes, which will be disclosed at the time we collect personal data.
At the time of data collection, or as soon as practical thereafter, GuardianSec notifies data subjects about its data practices regarding personal data, including the types of personal data it collects about them, the purposes for which it collects and uses such personal data, the types of third parties to which it discloses such personal data and the purposes for which it does so, the rights of data subjects to access their personal data, and the choices and means that GuardianSec offers for limiting its use and disclosure of such personal data.
GuardianSec provides individuals with notice and an opportunity to “opt-out” if such personal data is to be:
Individuals for whom GuardianSec may process Personal Data are entitled to obtain confirmation of whether his/her Personal Data are being processed, access the information held, and ask us to correct, amend, or delete that information where it is inaccurate or has been processed in violation of the laws.
Individuals may request access as provided above via email to: info@GuardianSec.com
Accountability for Onward Transfer
We will not share, sell or distribute any of the information you provide to us without your consent, except as described in the relevant privacy notice provided at or near the time of collection, or when acting on behalf of our clients, at the direction of our clients (the data controllers) on whose behalf we are processing personal data.
The information provided to GuardianSec will be available to GuardianSec, as well as to affiliated companies within the GuardianSec group who act for us for the purposes set out in this Policy and who are subject to this Policy.
GuardianSec may share your information with external third parties, such as vendors, consultants and other service providers who are performing certain services on behalf of GuardianSec (our agents). Such third parties have access to Personal Data solely for the purposes of performing the services specified in the applicable service contract, and not for any other purpose. GuardianSec requires these third parties to undertake security measures consistent with the protections specified in this Policy.
GuardianSec will remain responsible for the processing of personal data it receives under the DPF and subsequently transfers to a third party acting as an agent on its behalf, unless GuardianSec proves that it is not responsible in an event giving rise to damage.
In the event GuardianSec transfer personal data covered by this DPF Policy to a third party acting as a controller, we will do so consistent with any notice provided to data subjects and any consent they have given (where applicable), and only if the third party has given us contractual assurances that it will (i) process the personal data for limited and specified purposes consistent with any consent provided, (ii) provide at least the same level of protection as is required by the DPF Principles and notify us if it makes a determination that it cannot do so; and (iii) cease processing of the personal data or take other reasonable and appropriate steps to remediate if it makes such a determination. If GuardianSec has knowledge that a third party acting as a controller is processing Personal Data covered by this DPF Policy in a way that is contrary to the DPF Principles, GuardianSec will take reasonable steps to prevent or stop such processing.
GuardianSec may be required to disclose Personal Data in response to lawful requests by public authorities, including meeting national security or law enforcement requirements.
GuardianSec takes reasonable and appropriate measures to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction. We will permit only authorized employees, who are trained in the proper handling of personal information to have access to that information. Employees who violate our security and privacy policies will be subject to our disciplinary process. We employ security measures to protect your information from access by unauthorized persons and against unlawful processing, accidental loss, destruction and damage.
Data Integrity and Purpose Limitation
GuardianSec will retain Personal Data for a reasonable period of time, taking into account legitimate business needs to capture and retain such information. Information will also be retained for a period of time necessary to comply with state, local, federal regulations, or country specific regulations and requirements, and in accordance with GuardianSec’s Document Retention Schedule.
We will not use your information in a manner that is incompatible with the purpose for which it was originally collected without providing you with notice and an opportunity to opt-out.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, GuardianSec commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact GuardianSec at:
Post: GuardianSec Team, PO Box 10, P.zza Verdi, La Spezia, IT 19100
Enforcement and Dispute Resolution
Individuals are encouraged to raise any complaints regarding the processing of personal data to GuardianSec.
In compliance with EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, GuardianSec commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO), the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.
Data subjects may contact the relevant independent recourse mechanism listed below:
GuardianSec will cooperate with the applicable data protection authority in the investigation and resolution of complaints brought under the DPF. GuardianSec will comply with any advice given by the EU DPAs, the FDPIC, or the ICO where the applicable authority takes the view that the organization needs to take specific action to comply with the DPF Principles, including remedial or compensatory measures for the benefit of individuals affected by any non-compliance with the Principles, and will provide the applicable authority with written confirmation that such action has been taken.
If a dispute or complaint cannot be resolved by GuardianSec nor by the EU Data Protection authorities, the Swiss FDPIC, or the UK ICO, a data subject has the right to require that GuardianSec enter into binding arbitration pursuant to the DPF’s Recourse, Enforcement and Liability Principle and Annex I of the DPF.