FormAssembly Joins “Safe Harbor” Information Protection Framework

In addition to updating our privacy policy, we have taken further steps to join the U.S. Department of Commerce’s “Safe Harbor” privacy framework, and are now certified in compliance with the framework. This is especially relevant for our customers in the European Union, as the Safe Harbor framework ensures that our privacy policies offer adequate protection for personal data from Europe as required by the European Union’s Directive on Data Protection.

What is Safe Harbor Certification?

In 1998, the European Commission enacted a directive to prevent the transfer of personal data to non-EU nations that did not meet a European “adequacy” standard in terms of privacy protection. The U.S. Department of Commerce and the European Commission created the Safe Harbor framework to help American organizations comply with the Directive and therefore enable European customers to use American services.
The Safe Harbor framework consists of seven parts:

  • Notice
  • FormAssembly will notify individuals about why we collect and how we use personal information (including disclosure to third parties) and provide information about how you can contact the organization with any inquiries or complaints. Our privacy policy describes the information we collect and how we use it.

  • Choice
  • Individuals must have the opportunity to opt out of having their personal information disclosed to a third party. For sensitive information, users must opt-in if the information is to be disclosed to a third party. FormAssembly does not share information with third parties, per our privacy policy.

  • Transfer to Third Parties
  • Information may only be transferred to a third party if the third party is Safe Harbor certified or subject to another adequacy policy. Again, FormAssembly does not share information with third parties, per our privacy policy.

  • Access
  • Individuals must have access to personal information about them that an organization holds and be able to correct, amend, or delete that information where it is inaccurate. You have several options for accessing and changing your information.

  • Security
  • FormAssembly will take reasonable precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction. For information on our security procedures, please see our status page.

  • Data Integrity
  • Personal information must be relevant for the purposes for which it is to be used. FormAssembly should take reasonable steps to ensure that data is reliable for its intended use, accurate, complete, and current. For information on our security procedures, please see our status page.

  • Enforcement
  • An independent recourse mechanism must exist so that individuals’ complaints can be investigated and resolved, and penalties enforced as necessary. TRUSTe acts as this mechanism for FormAssembly.

Visit the Safe Harbor page for more information about the framework. As always, we welcome your comments and suggestions, as well as any questions you may have regarding this or other privacy/security matters. Feel free to leave a comment below, send us an email, leave a suggestion on our UserVoice forum, or follow us on Twitter.

Don’t just collect data — leverage it.