Effective Date: August 18th, 2023
Dovetail Software (“Dovetail”) has adopted this Data Privacy Framework Policy (“Policy”) to establish and maintain an adequate level of Personal Data privacy protection. This Policy applies to the processing of Personal Data that Dovetail obtains from Customers located in the European Union and Switzerland.
Types of Personal Data collected
Dovetail provides an online web application service (“Service”) known as the Dovetail Employee Engagement Suite that our customers use to operate the human resource case management aspect of their business. In providing this service, Dovetail processes data our customers submit to our services or instruct us to process on their behalves. While Dovetail’s customers decide what data to submit, it typically includes information about their employees, and organization.
Purposes of collection and use
Dovetail processes data submitted by customers for the purpose of providing Dovetail’s Service to our customers. To fulfill these purposes, Dovetail may access the data to provide the services, to correct and address technical or service problems, or to follow instructions of the Dovetail customer who submitted the data, or in response to contractual requirements.
If Personal Data covered by this Data Privacy Framework Statement is to be used for a new purpose that is materially different from that for which the Personal Data was originally collected or subsequently authorized, or is to be disclosed to a non-agent third party, Dovetail Software will provide its customers with an opportunity to choose whether to have their Personal Data so used or disclosed.
If Sensitive Personal Data covered by this Data Privacy Framework Statement is to be used for a new purpose that is different from that for which the Personal Data was originally collected or subsequently authorized, or is to be disclosed to a third party, Dovetail Software will obtain the customer's consent prior to such use or disclosure.
To opt out of such uses or disclosures of Personal Data or Sensitive Personal Data, please contact your employer who provided the data to Dovetail Software, or see "Inquiries and complaints" below to assert your data privacy rights.
Commitment to subject to the Principles
We are subject to the Principles for all European personal data that we receive from individuals or companies in the EEA in reliance on the Data Privacy Framework. We also receive some data in reliance on other compliance mechanisms, including data processing agreements based on the EU Standard or “Model” Contractual Clauses.
Inquiries and complaints
In compliance with the Data Privacy Framework Principles, Dovetail commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Data Privacy Framework policy should first contact Dovetail at firstname.lastname@example.org or by regular mail address to:
13809 Research Blvd.
Austin, TX 78750
Dovetail will respond within 45 days.
Type of third parties to which we disclose personal data and purposes
Dovetail uses a limited number of third-party service providers to assist us in providing services to our customers. These third party providers provide security, networking, computing and data storage services. These third parties process and store personal data in the course of providing their services. Dovetail remains responsible and liable under the Data Privacy Framework Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Dovetail proves that it is not responsible for the event giving rise to the damage.
Your rights to access, to limit use, and to limit disclosure
Dovetail Software acknowledges the right of EU and Swiss individuals to access their personal data pursuant to the Data Privacy Framework and will grant individuals reasonable access to personal information it received pursuant to these Principles. In addition, Dovetail will take reasonable steps to permit individuals to correct, amend, or delete such information that is demonstrated to be inaccurate or incomplete. An individual may request to access his or her information, or otherwise correct, amend, or delete his or her information pursuant to the EU-U.S. and Swiss-U.S. Data Privacy Framework Principles by contacting us at email@example.com.
Independent dispute resolution body
Dovetail has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Data Privacy Framework complaints concerning human resources and non-human resources data transferred from the EU and Switzerland.
Dovetail will comply with the advice given by data protection authorities and take necessary steps to remediate any non-compliance with the Data Privacy Framework Principles. To locate the appropriate authorities, please visit: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm or https://www.edoeb.admin.ch/?lang=en.
Investigatory and enforcement powers of the FTC
Dovetail is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. Dovetail also is committed to cooperating with EEA data protection authorities.
If you are located in the EEA and have exhausted all other means to resolve your concern regarding a potential violation of Dovetail’s obligations under the Data Privacy Framework Principles, you may seek resolution via binding arbitration. For additional information about the arbitration process please visit the Data Privacy Framework website: https://www.dataprivacyframework.gov/
Requirement to disclose
Dovetail may disclose personal data in special cases when we have a good faith belief that such action is necessary to: (a) conform to legal requirements or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements; (b) protect and defend our rights or property; (c) enforce Service Terms and Conditions; or (d) act to protect the interests of our users or others.
If a third party service provider providing services on Dovetail’s behalf processes personal data from the EEA in a manner inconsistent with the Data Privacy Framework Principles, Dovetail will be liable unless we can prove that we are not responsible for the event giving rise to the damages.