Last updated: Oct. 6, 2021
Innervation Finance Group LLC (“Innervation” or “our” or “we”) are dedicated to conducting its business in a manner that complies with the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield both as published by the U.S. Department of Commerce. The United States Department of Commerce and the European Commission have previously agreed on a set of data protection principles to enable U.S. companies to satisfy the requirement under European Union law that adequate protection will be given to personal data transferred from the European Union to the United States. The United States Department of Commerce and the Federal Data Protection and Information Commissioner of Switzerland have previously agreed on a similar set of data protection principles to enable U.S. companies to satisfy the requirement under Swiss law that adequate protection be given to personal information transferred from Switzerland to the United States. Consistent with its commitment to protect personal privacy, Innervation has certified that it abides by the Privacy Shield Privacy Principles as set forth by the U.S. Department of Commerce regarding the collection, storage, use, transfer and other processing of Personal Data transferred from the European Economic Area (“EEA”) and Switzerland (“Swiss”) to the United States to Innervation from our corporate customers. This Privacy Shield Privacy Notice (this “Policy”) outlines our general policy and practices for implementing the Privacy Shield Privacy Principles for the handling of personal data for corporate customers. The use of the information collected through our service shall be limited to the purpose of providing the service or which the client has engaged Innervation. To learn more about the Privacy Shield, and to view the certification for Innervation, visit https://www.privacyshield.gov/welcome.
“Customer(s)” means any individual or entity that legally purchases, installs, activates or subscribes to Innervation’s products or services.
“Personal Data” means any information that (i) relates to a natural person or individual, (ii) is transferred to Innervation in the U.S. from the EEA or Switzerland, (iii) is recorded in any form, (iv) relates to an identified or identifiable Customer, and (v) can be linked to that individual. Personal Data does not include information that is encoded or anonymized or publicly available information that has not been combined with non-public personal information.
“Sensitive Personal Data” means Personal Data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life, the commission or alleged commission of any offense, any proceedings for any offense committed or alleged to have been committed by the individual or the disposal of such proceedings, or the sentence of any court in such proceedings.
Innervation participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all Personal Data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List, https://www.privacyshield.gov
Innervation is responsible for the processing of Personal Data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Innervation complies with the Privacy Shield Principles for all onward transfers of Personal Data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to Personal Data received or transferred pursuant to the Privacy Shield Frameworks, Innervation is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
To read more about how we treat information collected from the EU and Switzerland, please read this Policy.
When applicable,* we notify our Customers located in the EEA and Switzerland about the purposes for which we collect and use their Personal Data, the types of third parties to which we disclose the information, and the choices and means, if any, Innervation offers Customers for limiting the use and disclosure of their Personal Data.
Any such notice will be provided in what we believe to be clear and conspicuous language when Customers are first asked to provide Personal Data to Innervation, or as soon as practicable thereafter, and in any event before Innervation uses or discloses such Personal Data for a purpose other than that for which it was originally collected or discloses information to a non-agent third party.
*Please note we generally do not collect nor seek to collect Personal Data from our Customers, and never collect Sensitive Personal Data from Customers. When such Personal Data is gathered, it is limited to information necessary to use Innervation’s technology platform, and Customers are informed of such purposes. Our technology platform does allow information to be collected via “custom fields,” so it is also possible that Personal Data could be stored in our platform, but this is neither required nor encouraged. In those limited instances in which we do collect and use such Personal Data of Customers, such Customers can always contact Innervation (as further specified below under “How to Contact Us”) regarding Innervation’s use or disclosure of their Personal Data or to opt out.
Innervation will offer Customers the opportunity to choose (opt-out) whether their Personal Data is (i) to be disclosed to a non-agent third party, or (ii) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the Customer. Innervation will provide Customers with reasonable mechanisms to exercise their choices.
There are circumstances in which Innervation collects Personal Data about EEA or Swiss residents with whom Innervation does not have a direct relationship because Innervation obtained or maintains such Personal Data as a vendor for its Customers. In those circumstances, Innervation informs its Customers that they are responsible for providing the relevant individuals with a choice as to whether their Personal Data may be (i) disclosed to and by Innervation to certain third parties, or (ii) used for a purpose that is incompatible with the purpose for which the information originally was collected or subsequently authorized by such individual.
Innervation may disclose Personal Data gathered from its Customers without offering an opportunity to opt out (i) if it is required to do so by law, regulation or legal process (such as a court order or subpoena), (ii) in response to requests by government agencies, such as law enforcement authorities, or (iii) when Innervation believes disclosure is necessary or appropriate to prevent physical, financial or other harm, injury or loss or in connection with an investigation of suspected or actual illegal activity. Innervation also reserves the right to transfer Personal Data in the event it sells or transfers all or a portion of its business or assets, or merges with another entity. Should such a sale, transfer or merger occur, Innervation will use reasonable efforts to direct the transferee to use the Personal Data in a manner that is consistent with this Policy.
Onward Transfers (Transfers to Third Parties)
Innervation may share Personal Data with Innervation’s subsidiaries and affiliates. Please also note that Innervation may also share Personal Data with service providers we have retained to perform services on our behalf. We require service providers to whom we disclose Personal Data and who are not subject to either the laws based on the European Union Data Protection Directive or the Swiss Federal Act on Data Protection, as applicable, to either (i) subscribe to the Privacy Shield Privacy Principles, (ii) contractually agree to provide at least the same level of protection for Personal Data as is required by the relevant Privacy Shield Privacy Principles, or (iii) be subject to another European Commission adequacy finding.
Access and Correction
Upon request, Innervation will provide you with information about whether or not we hold any of your Personal Data. To the extent required by law, we provide you with (i) reasonable access to the Personal Data you provide to us, and (ii) the ability to review, correct and delete such Personal Data. If you believe that any of the Personal Data that you have submitted through Innervation’s website or technology platform is no longer accurate, or you wish to make any updates or [email protected]. Upon appropriate request, we will update or amend your information, but we reserve the right to use any information previously obtained to verify your identity or take other actions that we believe are appropriate and lawful. We will endeavor to comply with your request as soon as reasonably practicable.
We may decline to process requests that are unreasonably repetitive, require disproportionate technical effort, jeopardize the privacy of others, are impractical, or for which access is not otherwise required by local law. Please note we may need to retain certain information for record keeping purposes, and there may also be residual information that will remain within our databases and other records, which will not be removed from such locations. Finally, we are not responsible for removing or deleting information from the databases of third parties (such as service providers or channel partners) with whom we have shared information about you or who host the data on our behalf.
The security of your Personal Data is important to us. We follow generally accepted standards to protect the Personal Data submitted to us, both during transmission and once it is received. If you have any questions about the security of your Personal Data, you can contact us at [email protected].
Innervation takes reasonable steps to ensure that Customer Personal Data collected by Innervation is (i) relevant for the purposes for which it is to be used, (ii) reliable for its intended use, and (iii) accurate, complete and current. We depend on our Customers to update or correct their Personal Data whenever necessary. Innervation will use Personal Data only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. Please note that in circumstances in which Innervation maintains Personal Data about EEA or Swiss residents on behalf of one of its Customers, we do not take any responsibility for the integrity of the Personal Data.
Enforcement & Oversight
Innervation will conduct compliance audits, as needed, of its relevant privacy practices to verify adherence to this Policy. Any employee that Innervation determines is in violation of this Policy will be subject to disciplinary action up to and including termination of employment, and should any process or procedure be found not to be in accordance with this Policy, Innervation will, if commercially reasonable, amend as needed.
In circumstances in which Innervation maintains Personal Data about EEA or Swiss consumers with whom Innervation does not have a direct relationship because we obtained or maintain such consumer’s Personal Data as an agent for our Customer(s), consumers are directed to submit any complaints concerning the processing of their Personal Data to the relevant Customer, in accordance with the Customer’s dispute resolution process. Innervation will participate in this process as required and at the request of the Customer. If the issue cannot be resolved through the Customer’s internal dispute resolution mechanism, the consumer may submit the complaint to the relevant data protection authority in the EEA or Switzerland.
Innervation has established procedures for periodically verifying the implementation of and compliance with the Privacy Shield Privacy Principles. Customers residing in the EEA and Switzerland should direct any questions or concerns regarding the use or disclosure of Personal Data to [email protected]. Customers may also file a complaint with our Office of the Chief Information Security Officer in connection with Innervation’s processing of their Personal Data under the Privacy Shield Privacy Principles; letters should be sent to 244 Madison Avenue, New York, NY 10016. Innervation will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of Personal Data by reference to the principles contained in this Policy. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Information Collected through our Service
Innervation collects information under the direction of our Customers and has no direct relationship with the individuals whose personal information we process. If you are a client of one of our Customers and would no longer like to be contacted by one of our Customers that use our service, please contact the Customer that you interact with directly. We may transfer personal information (e.g., name, email, address, telephone, government-issued identification) to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements with our Customers.
If you would like to gain access, seek correction, amendment or deletion of inaccurate information you should direct your query to Innervation’s Customer (the data controller). If requested to remove data we will respond within a reasonable timeframe. We will retain the personal information we process on behalf of our Customers for as long as needed to provide services to our Customer. Innervation will retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Limitations on Application of the Privacy Shield Privacy Principles
Adherence by Innervation to these Privacy Shield Privacy Principles may be limited (a) to the extent required or permitted by law or legal process, such as to respond to or investigate a legal or ethical obligation or request or pursuant to court orders, subpoenas, interrogatories or similar directive carrying the force of law, including any matters related to national security or public interest; and (b) to the extent expressly permitted by an applicable law, rule or regulation.
How to Contact Us
Please address any questions or concerns regarding our Privacy Shield Privacy Notice or our practices concerning Personal Data by:
Contacting us via email at [email protected] or writing to:
Innervation Finance Group LLC
Office of the Chief Information Security Officer
244 Madison Avenue
New York, NY 10016