Participation in the EU-U.S. Privacy Shield Program

BTE Technologies, Inc. (BTE) complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. BTE Technologies, Inc. has certified that it adheres to the Privacy Shield Principles of Notice, Choice, and Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/

Organizations that participate in the U.S.-E.U. Privacy Shield Program must comply with the seven Privacy Shield Principles, which require the following:

  • Notice
    Organizations must publish online privacy notices containing specific information about  their participation in the Privacy Shield (including, where applicable, the entities or subsidiaries of the organization also adhering to the Principles); their practices around collecting, using and sharing personal data with third parties; their privacy practices, including an individual’s rights to access and correct data, and the choices they make available to individuals regarding limiting data collection and use. The thirteen specific items to be addressed in the notice also include (i) any relevant establishment in the EU that can respond to inquiries or complaints, (ii) the independent dispute resolution mechanism designated to address complaints, a hyperlink to the complaint submission form of that dispute resolution body, (iii) the possibility, under certain circumstances, for EU individuals to invoke additional binding arbitration; (iv) the possibility that the organization may be held liable for unlawful transfer of personal data to third parties; and (v) the organization’s obligation to disclose personal data in response to national security or law enforcement requests.
  • Choice
    Participants must provide a mechanism for individuals to opt out of having personal information disclosed to a third party or used for a materially different purpose than that for which it was provided. Opt-in consent is required with respect to the sharing of sensitive information with a third party or its use for a new purpose.
  • Accountability for Onward Transfer
    • To transfer personal information to a third party acting as a data controller, a participant must comply with the Notice and Choice Privacy Shield Principles. It must also enter into a contract with the third party controller limiting the purposes for which the data may be processed and ensuring that the recipient will provide the same level of protection as the Principles.
    • To transfer personal data to a third party acting as an agent (such as a service provider), an organization has additional obligations. It must: transfer the data for limited and specified purposes; ascertain that the agent is obligated to provide at least the same level of privacy protection as required by the Principles; take reasonable steps to ensure that the agent effectively processes this data in a manner consistent with Principles; upon notice, take reasonable steps to stop and remediate unauthorized processing; and upon request, provide a summary or copy of privacy provisions of its contract with the agent to the Department of Commerce.
  • Security
    An organization creating, maintaining, using or disseminating personal data must take reasonable and appropriate measures to protect it from loss, misuse and unauthorized access, disclosure, alteration, and destruction, taking into “due account” the risks involved in the processing and the nature of the personal data.
  • Data Integrity and Purpose Limitation
    An organization must take reasonable steps to limit processing to the purposes for which it was collected, and to ensure that personal data is reliable for its intended use, accurate, complete, and current. It must only retain personal information for as long as needed for the purpose of collection. An organization must adhere to the Privacy Shield Principles for as long as it retains such information.
  • Access
    An organization must provide a mechanism by which data subjects may request access to personal information the organization holds about them and enable them to correct, amend, or delete information that is either inaccurate or processed in violation of the Principles.
  • Recourse, Enforcement and Liability
    This Principle addresses three topics:  recourse for individuals affected by non-compliance; consequences to organizations for non-compliance, and This Policy does not create rights enforceable by third parties.

Third-Party Disclosures

BTE will disclose your information to your authorized potential employer. Your potential employer will use this information for the administration and management of employee selection, employee injury or disability evaluation and the determination of return to work.

Enforcement

BTE is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

Independent Recourse Mechanism

In compliance with the Privacy Shield Principles, BTE commits to resolve complaints about our collection or use of your personal information.  EU individuals with inquiries or complaints regarding our Private Shield policy should first contact BTE at:

Contact Information

Questions, comments or complaints regarding BTE’s Privacy Shield Policy, general privacy policy or data collection and processing practices can be phoned, mailed or emailed to:

Call:

(410) 850-0333

Email:

privacyofficer@btetech.com

Write:

BTE Technologies, Inc.
Attn: Corporate Security Officer
7455 – L New Ridge Road
Hanover, Maryland 21076
United States of America

 

BTE has further committed to cooperate with EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of the employment relationship.  If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU DPAs for more information or to file a complaint.  The services of EU DPAs are provided at no cost to you.