Imprivata, Inc. (“Imprivata”) complies with the U.S.-EU Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries (the “Safe Harbor Principles”). Imprivata has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access and enforcement.
To learn more about the Safe Harbor program, and to view Imprivata’s certification, please visit http://www.export.gov/safeharbor/ .
Background and Scope
Imprivata is sensitive to the need to protect the personal information of applicants and employees. It is our policy to ensure that unauthorized individuals do not have access to such information. We use appropriate security measures to protect any personal applicant or employee information we store or transmit. Imprivata receives, holds and processes personal data from applicants to, and employees of, Imprivata's wholly-owned European subsidiaries, which data is transferred to Imprivata in the U.S. for purposes of human resource and finance administration. Any such personal data is collected and processed only for employment-related purposes, for other legitimate purposes reasonably related to an individual's employment, their performance of job responsibilities and Imprivata's ability to make employment services and benefits available to them. Imprivata particularly processes personal data for the proper management of global operations, including employee name, SSN/National ID, gender, date of birth, marital status, home address, personal email and wireless number and work email.
Privacy Principles
This Policy describes Imprivata’s compliance with the Safe Harbor Principles, namely Notice, Choice, Onward Transfers, Access, Security, Data Integrity and Enforcement. The Policy also addresses dispute resolution procedures, contemplates Policy amendments and provides contact information.
Notice
Employees are asked to provide personal data in connection with hiring and throughout their employment for the purpose of compensation, fringe benefits and other Human Resources-related activities. When such data is requested, or as soon as possible thereafter, Imprivata will notify its applicants and employees about the purposes for which such data is collected and used. We also have informed our employees how to contact us, and any third parties who may access their personal data.
Choice
Imprivata will not provide personal data to any third party or use personal data for any purpose other than that for which the data was originally collected without the prior written consent of the employee. Exceptions are to provide compensation or fringe benefits or to satisfy government reporting requirements. For sensitive personal data, Imprivata will give the employee an affirmative opt-in choice if the information is to be disclosed to a third party or used for a purpose other than the purpose for which it was collected or for which its use was otherwise authorized.
Data Integrity
Personal information maintained by Imprivata will be used for the sole purpose of supporting Imprivata operations and providing employee benefits. Imprivata HR and payroll processes include tasks and procedures to keep personal data accurate, complete, and current.
Onward Transfer
When Imprivata uses third party data processors to perform processing tasks on behalf, and under the instruction of, Imprivata, Imprivata requires that its data processors either subscribe to the Safe Harbor Principles, the EU Data Protection Directive or enter into a written agreement with Imprivata requiring the third party to provide the same level of protection as Imprivata provides. Please note that in certain circumstances, it is possible that personal information may be subject to disclosure pursuant to judicial or other government subpoenas, warrants or orders.
Access
All employees have the option to review their own personal data by contacting their local HR representative. As part of the review process, employees can correct, amend, or delete information which is inaccurate. Employees may request to review their personal information by contacting the Human Resource department. For any inquiries or complaints regarding personal data, employees should contact their designated HR Representative. Only authorized Imprivata employees can access personal information.
Security
Imprivata has in place information security procedures and security measures designed to protect personal information on its servers from loss, misuse, unauthorized access, disclosure, alteration and destruction. All personal data is protected using industry-standard security measures, including the use of firewalls, restricted access, and encryption technology. Imprivata limits access to personal information to those persons in its organization that have a business need to process such personal information. Imprivata’s security officer is responsible for conducting investigations into any alleged computer or network breaches, incidents or problems and ensuring the proper disciplinary action is taken against those who violate Imprivata’s information security policy.
Enforcement
Imprivata has agreed to participate in the dispute resolution procedures of the panel established by the European data protection authorities to resolve disputes pursuant to the Safe Harbor Principles and agrees to cooperate with local country data protection authorities to resolve disputes with employees that cannot be remedied directly with those employees.
Imprivata will conduct annual reviews of its relevant privacy practices to verify adherence to this Policy and the Principles as part of the certification process with the U.S. Department of Commerce. Any employee that Imprivata determines is in violation of this policy will be subject to disciplinary action, up to and including termination of employment. Employees should forward any complaints or disputes regarding personal data protection to their local HR Representative. Complaints or disputes that cannot be remedied by the local HR Representative should be forwarded to the Office of Imprivata’s Privacy Officer located at:
Imprivata, Inc.
10 Maguire Rd
Lexington, MA 02421
Attn: General Counsel
Telephone: (781) 674-2700
Fax:
Imprivata is subject to the jurisdiction of the U.S. Federal Trade Commission; individuals may contact the Federal Trade Commission at the address below:
Federal Trade Commission
Attn: Consumer Response Center
600 Pennsylvania Avenue NW
Washington, DC 20580
consumerline@ftc.gov
www.ftc.gov
Updates
This Policy will be reviewed on no less than an annual basis to determine whether any changes or updates are required. The review will take into consideration changes in Imprivata’s business practices and changes in the requirements of the Safe Harbor program. Under no circumstance will changes deviate from the requirements of the Safe Harbor privacy principles.
To learn more about the Safe Harbor program, and to view Imprivata, Inc.’s certification, please visit http://www.export.gov/safeharbor/