On July 16, 2020, the Court of Justice of the European Union issued a judgment declaring as “invalid” the European Commission’s Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection provided by the EU-US Privacy Shield. As a result of that decision, the EU-US Privacy Shield Framework is no longer a valid mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States.
Enterprise Health continues to comply with the EU-US Privacy Shield Framework, but no longer relies upon it to transfer data, and instead uses other transfer mechanisms.
Enterprise Health is a division of Medical Informatics Engineering, Inc. Enterprise Health provides a software solution to its customers, which enables those customers to manage the health and wellness of their employees and to maintain compliance with occupational health regulations. Enterprise Health is not a data controller for the purposes of the Privacy Shield Frameworks. Instead, Enterprise Health is a data processor. As such, many of the provisions of the Privacy Shield may be inapplicable to Enterprise Health.
As a data processor, Enterprise Health complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework (Privacy Shield) as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union member countries (and Iceland, Liechtenstein, and Norway) and the United Kingdom and Switzerland, as applicable to the United States pursuant to Privacy Shield. Enterprise Health has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such information. If there is any conflict between the terms in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit privacyshield.gov/.
ENFORCEMENT AUTHORITY
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Enterprise Health is subject to the regulatory and enforcement powers of the US Federal Trade Commission.
SUBSIDIARIES OR AFFILIATES
Enterprise Health is a fully-owned subsidiary of Medical Informatics Engineering, which also adheres to the Privacy Shield Principles.
DATA COLLECTED
On behalf of our clients, Enterprise Health stores, processes, and transmits protected health information as defined by the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. Depending upon the data collected by our clients, the protected health information may include an individual's past, present or future physical or mental health conditions and medical test results. Personally identifiable information, such as name, social security number or date of birth, may also be collected by our clients. Enterprise Health does not control or collect any data directly from individuals.
THIRD PARTIES & LIABILITY
Enterprise Health does not disclose personal information to third parties, whether acting as agents or controllers. If this policy should change in the future Enterprise Health will update this posted policy and will provide individuals with a choice regarding the sharing of their personal data. In the event that Enterprise Health transfers personal information to a third party acting as an agent on its behalf, Enterprise Health will remain responsible and liable under the Privacy Shield Principles if the agent processes the data in a manner inconsistent with the Principles, unless Enterprise Health proves that it is not responsible for the event giving rise to the damage.
ACCESS AND UPDATE DATA
Enterprise Health acknowledges the individual's right to access their personal data. Individuals who wish to access, correct or delete their personal data should consult with the data controller of their personal information. Individuals who wish to limit the use or sharing of their data should also contact the data controller of their information. In both of the above cases, this would most likely be the individual's employer or former employer who contracts with Enterprise Health to provide data processing services.
LIMITING USE AND DISCLOSURE
Enterprise Health reserves the right to share personal information and to disclose it to others to the extent permitted or required by law, to investigate potential wrongdoing, or to protect the rights, property or safety of Enterprise Health or others.
DISCLOSURE OF PERSONAL INFORMATION
Enterprise Health may be required to disclose personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
CONTACT FOR INQUIRIES OR COMPLAINTS — NON-HUMAN RESOURCES DATA
European Union, United Kingdom and Swiss individuals should contact their employer or other organization directly in order to address questions or comments or make requests regarding the handling of their non-HR data.
In compliance with the EU-US and Swiss-US Privacy Shield Principles, Enterprise Health commits to resolve complaints about your privacy and our collection or use of your personal information as a data processor.
European Union, United Kingdom and Swiss individuals with questions, comments or requests regarding Enterprise Health processing of their data, if any, should contact Enterprise Health at:
Enterprise Health
Attention: Doug Horner, CEO
6302 Constitution Drive
Fort Wayne, IN 46804
horner@enterprisehealth.com
DISPUTE RESOLUTION
Enterprise Health has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/bbb-eu-privacy-shield-consumers/ProcessForConsumers for more information and to file a complaint. Please do not refer HR complaints to BBB EU Privacy Shield.
BINDING ARBITRATION
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
HUMAN RESOURCES DATA WITHIN THE WORKING RELATIONSHIP
Contact for inquiries or complaints:
European Union, United Kingdom and Swiss individuals should contact their employer directly in order to address questions or comments or make requests regarding the handling of their HR data.
In compliance with the EU-US and Swiss-US Privacy Shield Principles, Enterprise Health commits to resolve complaints about your privacy and our collection or use of your personal information as a data processor.
European Union, United Kingdom and Swiss individuals with questions, comments or requests regarding Enterprise Health processing of their data, if any, should contact Enterprise Health at:
Enterprise Health
Attention: Doug Horner, CEO
6302 Constitution Drive
Fort Wayne, IN 46804
horner@enterprisehealth.com
In the event Enterprise Health is unable to accommodate the individual's request regarding HR data received by us within the context of the work relationship, we further commit to working with the EU Data Protection Authorities (DPA's), the UK Information Commissioner's Office (ICO) or the Swiss Federal Data Protection and Information Commissioner (FDPIC) whichever covers the jurisdiction the data originated from.
- For information on how to contact your jurisdiction's EU DPA, visit: https://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm
- To contact the UK ICO, visit: https://ico.org.uk/
- To contact the Swiss FDPIC, visit: https://www.edoeb.admin.ch/edoeb/de/home/der-edoeb/kontakt/kontaktformular.html
