Vigilant’s Trade Compliance Program Optimization Solution
This Privacy Notice explains the information practices and policies of Vigilant Global Trade Services (“Vigilant”). It describes how we collect, use, and disclose information of: (a) individuals (i.e. employees or other staff users) of business partners or clients (collectively “clients”) that use our services; (b) individuals (i.e. employees or other staff users) of any prospective business partners or clients; and/or (c) any visitors to any Vigilant owned website.
For the purposes of this Privacy Notice, the terms “we”, “us” and “our” refer to Vigilant and “you” refers to you, anyone whose information we process for the purposes above.
This Privacy Notice does not reflect the privacy policies or practices of our clients or any other third party. Vigilant is not responsible for the privacy policies or practices of any client, end-clients of clients or other third party.
I. Privacy Shield Policy.
Vigilant has adopted this Privacy Shield Policy as part of its overall Privacy Notice to establish and maintain an adequate level of privacy protection to certain Personal Information that Vigilant obtains regarding individuals located in the European Union or any other location worldwide.
II. About Vigilant
We provide global trade compliance managed services and solutions to our clients, including party sanction screening resolution and management, import and export classification and import and export broker management, among others (collectively, the “Services”).
In using our Services, our clients may require us to process business or other information or allow us to have access to such information, including Personal Information (defined below) on our Services (“Client Information”). In providing our Services, we process Client Information on behalf of and under the direction and instruction of our applicable client. It is the responsibility of Vigilant’s client to ensure that the Client Information that its used during our processing has been legally collected and is processed in accordance with applicable data protection laws.
III. How We Collect, Use, and Share Information
We primarily collect, access, use, and share Personal Information where necessary for us to provide services to our clients and in the ordinary course of running our business, including through the receipt of communications such as emails, website enquiries and telephone calls.
When we say, “Personal Information,” we mean individually identifiable information that alone or when in combination with other information may be used to readily identify, contact, or locate a specific person, such as a name, address, phone number, username, email address, and password, it might also include information such as your IP addresses and/or other online identifiers.
Information Collected through Our Services and Vigilant Websites
We may collect information, including Personal Information, in the following ways:
Information That You Provide to Us Voluntarily
General Contact Information. We will collect any Personal Information that you voluntarily provide to us when you visit a Vigilant Website, subscribe for or enquire about any of our Services. For example, if you submit a sales enquiry or subscribe for a newsletter via a Vigilant Website web form or request additional information or contact from Vigilant via email, you will provide us with certain Personal Information, which may include names, company name, address, and email address.
In addition, if you choose to communicate with us via a web form, email, or by telephone, we will keep a copy of our communication together with your email address or phone number and our responses.
Information That We Collect Automatically
Device-related Information. When you visit any Vigilant Website or use our Services, we may also collect device related information from the user’s device, including information such as an IP address, device type, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location), the date and time of use of our Services, the date and time of an event on the client’s IT systems, system logs, and technical attributes about the device or a web browser. In some countries, including countries in the European Economic Area, this information may be considered “personal data” under applicable data protection laws. This information enables us to better understand use of our Vigilant Websites and
Services. Some of this information may be collected using cookies and similar tracking technology, as explained further under the heading “Cookies or Similar Technologies” below.
Cookies or Similar Technologies
If you have arrived at any Vigilant Website by clicking on a banner ad for one of Vigilant’s products or services, a session cookie may be used. This cookie contains an identification number for the advertisement that you clicked on, and it helps Vigilant determine which of its ads attracts the most visitors. If you choose to request further information from us about Vigilant’s products and services, the personal information that you provide in that request will be linked to the information in the session cookie.
In order to better understand how our sites are used, Vigilant Websites may also use persistent cookies along with other information collected in our servers’ files (e.g., IP Address, referring URLs, etc.). For more information about the nature of cookies and similar technologies that Vigilant Websites use, and for information about how to reject cookies from Vigilant websites please refer to our Cookie Management Page at https://www.Vigilant.net/privacy-center/cookie-usage. Each browser is different, so you should check your browser’s “Help” menu to learn how to change your cookie preferences. If you reject or block cookies, Vigilant Websites may not function as intended.
How We Use Information Collected through Our Services and Vigilant Websites
Information That We Obtain From Third Party Sources
Commercially Available Information. Vigilant may also collect information from commercially available sources but only where we are legally permitted to collect the information. Such information may include names, addresses, email addresses, and demographic data. The information Vigilant collects from these commercial sources may be combined and cross-referenced with information collected through the Services. We use this information for communications purposes to provide direct marketing materials for our business customers or prospects.
From time to time, we may also ask our partners or clients to voluntarily provide us with the email addresses of contacts of other organizations, so they too can benefit from the various products and services offered by Vigilant and Vigilant’s trusted affiliates. Where we do, we will ask that they have the permission to pass on these details to us.
To Serve Our Clients. We use the information we collect, including Personal Information, to provide our Services to the clients on whose behalf we are acting. For example, in order to provide clearing services, we may research the party being screened using Google, Duns and Brad Street using any contact information provided to us.
To Serve You. We use the information we collect, including Personal Information, to respond to any request or query directed to us (for example through web forms or email), to provide you/your organisation with our products and Services and to manage our relationship with you. For example, we may respond to a job application, address any enquiries or complaints you may have, endeavour to improve the Services we provide, or provide you with information about other products and services we offer that we think you may be interested in.
How We May Disclose Information Collected through Our Services and Vigilant Websites
We may share any information we collect, including Personal Information with the following categories of recipients and/or in the following circumstances:
With Our Group Companies, Third-Party Vendors and Service Providers. As appropriate, we may share any information, including Personal Information, with any of our group companies, vendors and/or service providers in connection with the provision or marketing of the Services, Vigilant Websites. These third parties have access to Personal Information to the extent necessary to permit them to do their jobs, however, they are bound by confidentiality agreements before any information is provided to them, and they are restricted from using the information for other purposes. For Personal Information transferred to us from European Union member countries under the EU-US Privacy Shield, we will remain liable under the Privacy Shield Principles if our agents or service providers process such Personal Information in a manner inconsistent with the Privacy Shield Principles, unless we will prove that we are not responsible. A list of our current service providers and partners is available to current Vigilant customers and can be found here.. A list of providers and partners that we use with our website visitors is available on Vigilant’s Privacy Center.
As Required by Law and Similar Disclosures. We may access, preserve, and disclose information, including Personal Information, if we believe it is necessary: to comply with national security or law enforcement requests and legal process, such as a court order or subpoena; to respond to your requests; to prevent or address fraud, security, or technical issues; or to protect our property or other legal rights or the rights or property of others, or to protect the vital interests of others.
Merger, Sale, or Other Asset Transfers. If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, information collected through the Services or Vigilant Websites (or both) may be sold or transferred as part of such a transaction, as permitted by law and/or contract.
Other than as stated in this Privacy Notice, we will not release Personal Information to unaffiliated third parties, and we will not cross-reference Personal Information collected through one client’s use of our Services with that of any other client or entity.
IV. Access, Integrity, Retention, and Choices
Personal Information of clients
Please note that if you are an end-user of one of our clients’ whose personal information we may process in providing Services to our clients, you must submit any requests for access to, correction, amendment, or deletion of your Personal Information, to the applicable client.
Access & Correction
If you wish to request access to, correction, or deletion of Personal Information you have submitted through the Vigilant Websites, you can log into your account or contact Vigilant at [email protected] If you are a resident in the European Union, you may have additional rights which we have set out below.
Data Integrity and Purpose Limitation
Vigilant will use Personal Information only for the purpose of or in ways compatible with the purposes for which it was collected.
We keep information we need to provide our Services only so long as we have a valid business purpose, in accordance with applicable law and our client agreements. For example, to provide you with Services you have requested or to comply with applicable legal, tax or accounting requirements.
When we have no ongoing legitimate business need to process your Personal Information, we will delete it. If immediate deletion is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible or unless as otherwise required by law.
We take steps to ensure that information is treated securely and in accordance with this Privacy Notice which include appropriate technical and organizational measures. These measures are designed to provide a level of security appropriate to the risk of processing of your Personal Information. However, neither the Internet nor any form of electronic storage can be guaranteed to be 100% secure, and we cannot ensure or warrant the security of any information provided to us.
VI. Non-EU International Use
Vigilant is headquartered in the United States of America, but we are a growing corporation with operations in multiple countries. In using Vigilant services and/or otherwise contacting us you acknowledge that your information may be accessed and processed around the world, to us in the United States or to our affiliates, partners, merchants, or service providers elsewhere in the world, including the United States, European Union, and the Philippines. However, we have taken appropriate safeguards to require that your Personal Information remains protected in accordance with the terms of this Privacy Notice and applicable data protection laws. In particular we comply with the terms of our EU-US Privacy Shield certification and ensure that we flow obligations under the Privacy Shield Principles through to any of our third-party partners, merchants or service providers to the extent required by the Principles.
VII. For users and/or visitors in the European Union (EU) and the European Economic Area (EEA)
We have certified with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the processing of certain Personal Information from the European Union member countries. We have certified that we adhere to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.
If you have any inquiries or complaints about our handling of your personal information under the Privacy Shield, you should first contact us at [email protected] and we will respond to your inquiry promptly. If we are unable to satisfactorily resolve your complaint, or we fail to acknowledge your complaint in a timely fashion, we have further committed to cooperate and comply with the panel of European data protection authorities (DPAs) in the resolution of any Privacy Shield complaints. If you reside in the European Union, you may also have the opportunity under certain conditions to invoke binding arbitration for complaints regarding the Privacy Shield not resolved by the above mechanisms. For more information, please see the “Complaints and How To Contact Us” section below.
Vigilant is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) and of other relevant US statutory bodies authorized to verify and ensure compliance with the Privacy Shield Principles.
Legal Basis for processing your Personal Information
Our legal basis for collecting and using the Personal Information described above will depend on the Personal Information concerned and the specific context in which we collect it.
However, we will normally collect Personal Information from you only where we need the Personal Information to perform our contract for our Services with our clients, where the processing is in our legitimate interests (provided these interests are not overridden by your data protection interests or fundamental rights and freedoms), or otherwise if we have your consent to do so. In some cases, we may also have a legal obligation to collect Personal Information from you such as to comply with background check requirements, tax details, or other benefit information for Vigilant employees.
If we ask you to provide Personal Information to comply with a legal requirement or to contact you, we will make this clear at the relevant time and advise you whether the provision of your Personal Information is mandatory or not (as well as of the possible consequences if you do not provide your Personal Information). Similarly, if we collect and use your Personal Information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are and before doing so will ensure that we have considered your rights and interests.
If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Information, please contact us at [email protected]
IX. Your Rights
We acknowledge individuals’ rights in relation to their personal data under application data protection laws. In addition, if EU data protection laws apply to your Personal Information, you may have the following data protection rights which you may exercise at any time by using the contact details provided under the “Complaints and How to Contact Us” section below:
You may access, correct, update or request deletion of your Personal Information.
You can object to processing of your Personal Information, ask us to restrict processing of your Personal Information or request portability of your Personal Information.
Similarly, if we have collected and process your Personal Information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent.
You have the right to complain to a data protection authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority. (Contact details for data protection authorities in the European Economic Area, Switzerland are available here [Link to http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080 ])
We will respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
Please note, if you are an individual whose personal information Vigilant processes as a “data processor”, for example to provide services on behalf of its clients, you must contact the relevant data controller of your Personal Information in order to exercise your rights. This might be one of our clients or one of our clients’ customers.
X. Children’s Privacy
We do not knowingly collect, store, or use information from children, including those under the age of 13. If you are under the age of 13, you may not submit any information through the Vigilant Websites or Services. If you have reason to believe that a child under the age of 13 has provided information to us through the Vigilant Websites or Services, please contact us and we will endeavor to delete that information from our databases.
XI. Do Not Track
The Vigilant Websites currently do not respond to “Do Not Track” (DNT) signals and operate as described in this Privacy Notice whether or not a DNT signal is received.
XII. Changes to This Privacy Notice
We may update this Privacy Notice to reflect changes to our information practices from time to time. If we decide to change this Privacy Notice, we will post the changes on this page so visitors to the Vigilant Website and our clients and the users of their IT systems are aware of our practices, and we will change the “Last Updated” date above. If we make a material change to our information practices, such as to how we use Personal Information, we will make reasonable efforts to provide notice on our website and/or through our clients and obtain consent to any such uses as may be required by law.
XIII. Complaints and How to Contact Us
If you don’t receive adequate resolution of a privacy-related problem, you may write to our Chief Privacy Officer at:
Vigilant Global Trade Services
3140 Courtland Suite 3400
Shaker Heights, OH
For EU Individuals: If a complaint cannot be resolved by any of the mechanisms described above, you also have a right, under certain conditions, to invoke binding arbitration under the Privacy Shield Panel in compliance with the EU-US Privacy Shield. If you want to initiate this arbitration procedure, you are required to first formally notify us of your intention to do so by writing to [email protected] Please remember to include a summary of the steps you have already taken to resolve your complaint and a description of the alleged violation. See also XI above on your right to complain to EU data protection authorities.
Specifically, if you are a European Union individual and a complaint cannot be resolved through Vigilant’s internal process, we have further committed to refer such complaints, under the EU-US Privacy Shield Principles to utilize JAMS as an alternative dispute resolution provider. Information regarding JAMS and the process for initiating a claim can be found at https://www.jamsadr.com/eu-us-privacy-shield[DR2] .