Purpose & Scope
It is the policy of Asendia USA, Inc. (“Asendia USA”) to respect and protect Personal Information we receive from our Clients. In furtherance of this commitment, Asendia USA has certified to the EU-U.S. Privacy Shield Framework (“Privacy Shield”), as set forth by the U.S. Department of Commerce and the Federal Trade Commission (“FTC”), regarding the collection, use and retention of Personal Information transferred from the EEA to the United States. If there is any conflict between the terms in this Statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about Privacy Shield, and to view Asendia USA’s certification, please visit https://www.privacyshield.gov. Adherence to these Privacy Shield Principles may be limited (i) to the extent required or allowed by applicable law, rule or regulation; (ii) to the extent necessary to respond to lawful requests by public authorities, including to meet national security, law enforcement, legal or governmental requirements; and/or (iii) to protect the health or safety of a Citizen.
Asendia USA provides international mail and parcel services, including mail and parcel preparation and distribution as well as computer services (“Services”), designed to help companies (our Clients, as defined below) manage engagement with their customers and their customers’ Personal Information.
In the ordinary course of our business providing the Services, we act as agents (Data Processors) to process Personal Information on behalf of our Clients (Data Controllers), including information regarding citizens of the EEA. For example, the Services that we perform include the personalization and addressing of mail pieces and parcels from files provided by our Clients, where the data files may include name, title, company, address, city, postal region, country, postal code, email address, phone number, and customer number of our Clients’ customers. Additionally, in the ordinary course of business, our Clients, some of whom may be located in the EEA, provide us with their business contact and billing information, which we use to provide the Services.
The following capitalized terms are used throughout this document and are defined as follows:
Capitalized terms not defined above have the definitions set forth in the respective paragraphs of this Statement.
Privacy Shield Principles
Notice, Choice & Access
Asendia USA does not own or control any of the Personal Information it Processes on behalf of its’ Clients. All such information is owned and controlled by the respective Client. Processes performed by Asendia USA on behalf of its Clients are pursuant to the instructions of the applicable Client. Asendia USA therefore relies on its Clients to provide notices that clearly and conspicuously describe (i) the types of Personal Information that are collected about such Citizens; (ii) the purposes for which such information is collected; (iii) and the types of third parties to which such information is disclosed – including Processors such as Asendia USA – and the related purposes.
Where Asendia USA receives Personal Information from its Clients, Asendia USA and its Agents will endeavor to use such information in accordance with the notices provided by such Clients and the choices made by the Citizens to whom such Personal Information relates. In the event Clients’ customers seek to exercise their opportunity to opt-out of future Client-originated communications by contacting Asendia USA, Asendia USA will endeavor to timely communicate that choice to its Clients.
Additionally, when Asendia USA collects contact, billing and other Personal Information about its Clients, including EEA Citizens employed by our EEA Clients, we shall endeavor to provide notices to our Clients. In the event such EEA Citizen Personal Information is to be used for a new purpose that is materially different from the purpose(s) for which it was collected or subsequently authorized, or transferred to a non-Agent third party, Asendia USA will endeavor, where practical and appropriate, to provide such individual with an opportunity to decline to have their Personal Information so used or transferred.
Although Asendia USA will, as appropriate, assist our Clients (as Data Controllers) in responding to Citizens exercising their rights under the Privacy Shield Principles, Citizens should direct their requests to correct, amend or delete their information or obtain confirmation of Processing to our Clients. Our EEA Citizens employed by our EEA Clients may also seek confirmation regarding whether Asendia USA is Processing Personal Information about them, request access to their Personal Information and ask that Asendia USA correct, amend or delete that information, where it is inaccurate or has been Processed in violation of the Privacy Shield Principles.
Accountability for Onward Transfer
Asendia USA will endeavor to only transfer Personal Information to another third party/Agent where such third party has given assurances that it provides at least the same level of privacy protection as is required by the Privacy Shield Principles and this Statement and will notify Asendia USA if it makes a determination it can no longer meet this obligation. Where Asendia USA has knowledge that an Agent is using or sharing Personal Information in a way that is contrary to the Privacy Shield Principles and/or this Statement, Asendia USA will take reasonable steps to prevent or stop such Processing. With respect to onward transfers to third parties/Agents, Privacy Shield requires that, to the extent it is responsible for the event, Asendia USA shall remain liable should its Agents Process Personal Information in a manner inconsistent with the Privacy Shield Principles.
Asendia USA endeavors to take reasonable and appropriate administrative, technical and physical precautions designed to protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction, regardless of whether such Personal Information is in electronic or tangible, hard copy form.
Data Integrity and Purpose Limitation
Asendia USA endeavors only to Process Personal Information that is relevant to the Services it provides, and only for purposes compatible with those for which the Personal Information was collected. Asendia USA depends on its Clients to take reasonable steps to ensure that their customers’ Personal Information is reliable, accurate, complete and current. Asendia USA similarly takes reasonable steps designed to ensure the reliability, accuracy, completeness and currentness of Personal Information it collects about EEA Citizens employed by our Clients.
Processes performed by Asendia USA, as Data Processor, on behalf of its Clients, as Data Controllers, are pursuant to the instructions of the applicable Client. In order to provide international mailing and shipping services to its Clients, Asendia USA must provide our Clients’ mail and parcels, which include the recipients’ names and addresses on the mail or parcels, to Third-Party Service Providers, such as foreign postal administrations, to handle the final delivery to the recipients. Where necessary to perform services requested by specific Clients, Asendia USA may provide Personal Information to Third-Party Service Providers to perform hosting and sending of emails. In either case, these Third-Party Service Providers may have access to personal information if needed to perform their functions. If such access is required, the third parties will be obligated to maintain the confidentiality and security of that personal information. They are restricted from using, selling, distributing, or altering this data in any way other than to provide the requested services to Asendia USA.
Recourse, Enforcement and Liability
Asendia USA has implemented mechanisms to verify its ongoing compliance with the Privacy Shield Principles and this Statement. Any party that violates the Privacy Principles and/or this Statement will be subject to disciplinary procedures in accordance with Asendia USA’s disciplinary procedures.
In the event of a dispute, Citizens are able to seek resolution of their questions or complaints regarding use and disclosure of their Personal Information in accordance with the Privacy Shield Principles contained in this Statement. If you feel that Asendia USA is not abiding by the terms of this Statement, or is not in compliance with the Privacy Shield Principles, please contact Asendia USA at the contact information provided below. In addition, Asendia USA has agreed to refer unresolved complaints to JAMS, a dispute resolution provider which has locations in the United States and the EU. For more information and to submit a complaint through JAMS Privacy Shield Dispute Resolution Program, visit https://www.jamsadr.com/eu-us-privacy-shield. Such independent dispute resolution mechanisms are available to Citizens free of charge. If any request remains unresolved, Citizens may, under certain circumstances, have a right to invoke binding arbitration under Privacy Shield; for additional information, see https://www.privacyshield.gov/article?id=ANNEX-I-introduction. The FTC has jurisdiction over Asendia USA’s compliance with the Privacy Shield.
If you have questions regarding this Statement or any of Asendia USA’s privacy practices, please contact us by mail or e-mail at the following addresses:
Attn: Data Privacy Team
701C Ashland Avenue
Folcroft, PA 19032
Changes to this Statement
This Statement may be amended from time to time in a manner that is consistent with the requirements of the Privacy Principles. When this Statement is updated, the “Last Updated” date at the bottom of this document shall be amended accordingly. Any material changes to this Statement will be posted on Asendia USA’s website and available to the general public at https://www.asendiausa.com/privacy-policy/.
THIS STATEMENT HAS BEEN INITIALLY ADOPTED
BY ASENDIA USA, INC. AS OF THE 30th DAY OF SEPTEMBER, 2016.
Last Updated: JANUARY 7, 2020