Privacy Shield Policy

Wondersauce LLC(“Wondersauce” or “we” or “our”) adheres to the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework published by the U.S. Department of Commerce (Privacy Shield).

This Privacy Shield Policy (Policy) outlines our general policy and practices for implementing Privacy Shield, including the types of Personally Identifiable Information (PII) Wondersaucegathers, how we use PII, and the choices individuals have regarding our use of, and the ability to correct, the PII relating to them. If there is any conflict between this statement and the Principles described by Privacy Shield at www.privacyshield.gov, the Principles will govern. To learn more about Privacy Shield and its principals, visit: https://www.privacyshield.gov.

This Policy applies to the PII we handle. For purposes of this statement, PII means information that (1) is transferred from the European Economic Area (EEA) and Switzerland to the U.S. in reliance on the Privacy Shield; (2) is about, or pertains to, a specific individual; and (3) can be linked either directly or indirectly to that individual.

In addition to this Policy, we also have other policies and procedures in place that legitimize data flows, including Standard Contract Clauses.

Principles protecting individuals’ privacy notice and choice

  • We notify individuals about the PII we collect from them, how we use it and how to contact us with privacy related question and concerns.
  • We provide such notice through this Policy, our Privacy Notice (http://wondersauce.com/privacy) and direct communication with individuals about the PII we collect.
  • We collect and process PII about Wondersaucepersonnel for human resources administration, including recruitment, in accordance with Privacy Shield.
  • We collect and process PII from our customers to provide them with services.
  • We collect PII from individuals only as permitted by Privacy Shield.
  • We obtain consent for PII to be collected, used or transferred in certain ways (such as for sensitive PII, for example, a Social Security Number) from individual. Consent is provided through our agreements with customers, the employment relationship with employees and other similar documents.
  • If we will use PII in an additional or different manner than you were originally informed about, we will provide you with notice and when appropriate, obtain your consent.

Disclosures and transfers

We do not disclose PII to third parties, except when:

  • We have the individual’s permission to make the disclosure.
  • The disclosure is required by lawful request by public authorities.
  • The disclosure is required by law.
  • The disclosure is reasonably related to the sale, merger or other disposition of all or part of our business.
  • The information is publicly available prior to the disclosure.
  • The disclosure is reasonably necessary to establish our legal rights, defenses or claims.
  • The disclosure is to a Wondersauceentity or third party providing services on our behalf or to our customers, but only if the disclosure is consistent with the purpose for which the information was obtained and the recipient of the information is subject to laws providing adequate level of privacy protection or has agreed to provide an adequate level of privacy protection.

Accountability and transfers

In the event we transfer PII covered by this Policy to a third party acting as a controller, we will do so consistent with any notice provided to you and any consent you have given. Further, the third party must provide us with contractual assurances that it will (i) process PII only for limited and specified purposes consistent with any consent you provided, (ii) provide at least the same level of protection as is required by this Policy and Privacy Shield and (iii) notify us if it makes a determination that it cannot do so and then cease processing the PII or take other reasonable and appropriate steps to remediate the circumstances. If we know a third party is processing PII subject to Privacy Shield as a controller in a way that is inconsistent or contrary to Privacy Shield, we will take reasonable steps to prevent or stop such processing.

With respect to our agents, we will transfer only PII covered by Privacy Shield as needed for an agent to deliver the product or service to Wondersauce.  We will (i) permit the agent to process PII only for limited and specified purposes; (ii) require the agent to provide at least the same level of protection required by this Policy and Privacy Shield; (iii) take reasonable and appropriate steps to ensure that the agent follows this Policy and Privacy Shield when processes PII; and (iv) require the agent to notify us if it determines it can no longer meet requirements of this Policy and Privacy Shield.  Upon receiving this notice, we will take reasonable and appropriate steps to stop and remediate unauthorized processing.

We may also transfer PII from one jurisdiction to another (including from the EU to the U.S. Privacy laws vary by jurisdiction, and some may provide less or different legal protection than others. However, we will protect PII in accordance with Privacy Shield regardless of the jurisdiction in which the PII resides or originates.

Wondersauceremains liable under Privacy Shield if an agent processes PII covered by this Policy and Privacy Shield in a manner inconsistent with Privacy Shield, unless we are not responsible for the event giving rise to the damage.

Security, integrity and access

We employ various physical, electronic, administrative and managerial policies, processes procedures and training that is designed to reasonably protect PII from loss, misuse or unauthorized access, disclosure, alteration or destruction.

We process PII only for the limited and specific purpose it was originally collected. We take reasonable steps to ensure PII is accurate, complete, current and reliable for its intended use.

Individual have the right to access the PII we holds about them in the ways specified by Privacy Shield. Individual may contact us using the information in the “Contact us” section to correct, amend or delete PII that is inaccurate or that has been processed in violation of Privacy Shield. We will take reasonable steps to ensure the individual is who they state they are before honoring their rights under Privacy Shield. In addition, we may limit or deny access to PII where providing access would be unreasonably burdensome or expensive, or where the rights of persons other than the individual would be violated. We may charge a reasonable fee, where warranted, for access to PII.

Accountability and enforcement

Our participation in the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield is subject to investigation and enforcement by the Federal Trade Commission (FTC).

We have established policies and procedures to monitor our compliance with Privacy Shield. This includes a process for addressing questions and concerns about our compliance. These policies and procedures include annual written and signed statement (to be made at least annually), verifying that this statement is (1) accurate, (2) comprehensive for the information it is designed to cover, (3) prominently displayed and readily accessible, and (4) completely implemented. Interested parties and individuals are strongly encourages to send concerns to the contact information located in the “Contact us” below.

Wondersaucepersonnel who violate this Policy will be subject to disciplinary action, including (without limitation), termination.

Individuals may file a complaint with us using the information in the “Contact us” section below. If a complaint or dispute under this Policy cannot be resolved internally:

  • If the dispute involves PII collected in the context of an employment relationship, we will cooperate and comply with competent EU or Swiss data protection authorities. In the event that we or such authorities determine that we did not comply with this Policy, we will take appropriate steps to address any adverse effects and to enhance ongoing compliance.
  • For all other disputes under this Policy, individuals may file a claim with JAMS.
  • In certain circumstances, an individual may invoke binding arbitration by a Privacy Shield panel to be created by the U.S. Department of Commerce and the European Commission. Additional information about this process is available on the Privacy Shield website (privacyshield.gov).

Amendment

We may amend this Policy from time to time by posting a revised version. If we amend this Policy, the new Policy will apply to PII previously collected only as the rights of the individual affected are not reduced or eliminated by the amendment. While we continue to participate in Privacy Shield, we will not amend this Policy in a manner inconsistent with Privacy Shield.

Information subject to other policies

We are committed to following the Principles for all PII within the scope of Privacy Shield. However, certain information is subject to policies that may differ in some respects from the general policies set forth in this Policy. For example, certain websites and services have their own privacy notices and information collected about or from employees and customers may be subject to additional policies or agreements.

Contact us
To receive more information, address a concern or file a complaint, please contact us at:
Wondersauce LLC
Attn: Data Privacy Champion
45 West 25th Street, 6th Floor,
New York, NY 10010
dataprivacy@wondersauce.com
+1 (646) 756-5410