Privacy Policy
Convey Compliance Systems, Inc. Privacy Policy
We self-certify compliance with
Introduction
Convey Compliance Systems, Inc. (“Convey”) provides web based software-as-a-service products that automate tax information reporting and filing for banks, insurers and large companies. Convey’s solutions support all form series: 1098, 1099, 5498, W-2, W-2G and 1042-S via web-based technology and services-based outsourcing options. Subscribers in diverse locations can access secure, centralized, real-time data via intuitive and easy-to-use interfaces. Protecting consumer privacy is important to Convey. Convey adheres to the Safe Harbor Agreement concerning the transfer of personal data from the European Union (“EU”) or Switzerland to the United States of America. Convey adheres to the EU Safe Harbor Framework and the U.S. – Swiss Safe Harbor Framework. Accordingly, we follow the Safe Harbor Principles published by the U.S. Department of Commerce (the “Principles”) with respect to all such data. If there is any conflict between the policies in this privacy policy and the Principles, the Principles shall govern. This privacy policy outlines our general policy and practices for implementing the Principles, including the types of information we gather, how we use it and the notice and choice affected individuals have regarding our use of and their ability to correct that information. This privacy policy applies to all personal information received by Convey whether in electronic, paper or verbal format about persons who are not Convey employees. For Convey employees, this privacy policy applies to all personal information processed by Convey for tax reporting purposes. Convey has other privacy policies that apply to other data of its employees.
Definitions
“Personal Information” or “Information” means information that (1) is transferred from Canada, the EU or Switzerland to the United States or collected in the United States; (2) is recorded in any form; (3) is about, or pertains to a specific individual; and (4) can be linked to that individual. “Sensitive Personal Information” means personal information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership or that concerns an individual’s health. Convey’s services do not include the collection of Sensitive Personal Information.
Principles
Notice
Types of data collected and purpose of collection:
Data collected from the public via the Convey web site: Convey collects data from the general public via the Convey web site. This data may include information volunteered by an individual who wants to obtain more information about Convey’s services or data which indicates who accessed Convey’s web site and which pages they accessed. The latter type of data may or may not include Personal Information. This data is used for Convey’s marketing and sales purposes and is not passed to third parties for any purpose other than assisting Convey in its marketing and sales efforts. Convey does not sell this data to third parties. Third parties who do receive this type of data are obligated to use the data only for the contracted purpose and to maintain the confidentiality of the data.
Data collected from customers related to Convey’s services: Convey’s customers provide Convey with Personal Information necessary for Convey or its customers to make required tax reporting disclosures to taxing authorities. This may include social security numbers and the name and address of an individual, and will include information about payments Convey’s customer has made to the individual. Convey may also collect data about individuals from government-run or sponsored web sites, such as sites designed to verify that social security numbers are accurate. This data is used solely for the provision of Convey’s services to its customers and is not used for any other purpose.
Choice
Individuals who have provided information to Convey via its web site may contact Convey to have their names and information removed from Convey’s marketing and sales databases. Convey complies with U.S. federal legislation that requires all marketing emails to include the means to opt out of such email.
Individuals whose Personal Information is collected from Convey customers can opt out of Convey’s use of their information by contacting the Convey customer who provided the information.
Convey does not currently collect Sensitive Personal Information. In the event that Convey does receive Sensitive Personal Information, Convey shall treat Sensitive Personal Information received from an individual the same as the individual would treat and identify it as Sensitive Personal Information.
Onward Transfers
Data collected from the public via the Convey web site may be transferred to:
- Convey’s Customer Resource Management (“CRM”) provider
- firms which assist Convey in sales and marketing
- Convey’s data hosting services providers
- Convey’s printing partners
These third parties all either: (a) have subscribed to the Safe Harbor Principles; or (b) have a contractual obligation to Convey which prohibits them from making any use of the data beyond what is required to fulfill their obligations to Convey.
Data collected from customers related to Convey’s services may be transferred to:
- Government agencies: Convey may transfer tax-reporting related data to government agencies
- Convey’s data hosting services provider
- Convey’s print services provider
Convey lacks the power to dictate what government agencies do with the data. Convey provides government agencies only with data required to fulfill tax reporting requirements of Convey and its customers. Convey’s data hosting services provider and print services provider either: (a) have subscribed to the Safe Harbor Principles; or (b) have a contractual obligation to Convey which prohibits them from making any use of the data beyond what is required to fulfill their obligations to Convey.
Except for disclosures to government agencies, Convey shall ensure that any third party for which Personal Information may be disclosed subscribes to the Principles or are subject to law providing the same level of privacy protection as is required by the Principles or agree in writing to provide an adequate level of privacy protection.
In certain rare instances, law enforcement officials or a court may issue a subpoena that obligates Convey to disclose those of its records relevant to an investigation. When that happens, Convey makes sure that the disclosure of records is as narrow as possible. When the subpoena permits such notice, Convey will notify the impacted individual of the subpoena and impending disclosure.
Data Security
Convey shall take reasonable steps to protect the Information from loss, misuse and unauthorized access, disclosure, alteration and destruction. Convey has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the Information from loss, misuse, unauthorized access or disclosure, alteration or destruction. Although information sent to and from Convey is secured according to industry best practices, Convey cannot guarantee the security of Information on or transmitted via the Internet.
Data Integrity
Convey shall only process Personal Information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, Convey shall take reasonable steps to ensure that Personal Information is accurate, complete, current and reliable for its intended use.
Access
Convey shall allow an individual access to their Personal Information and allow the individual to correct, amend or delete inaccurate information, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated. Where the information the individual seeks to edit was provided by a Convey customer, Convey will need to contact the customer and will only change the information after the customer has verified that the original information was inaccurate. Access can be initiated via email to privacy@convey.com.
Enforcement
Convey uses a self-assessment approach through its periodic ISO 27001:2005 (or successor standard) audit to assure compliance with this privacy policy and periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible and in conformity with the Principles. We encourage interested persons to raise any concerns using the contact information provided and we will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of Personal Information in accordance with the Principles.
Dispute Resolution
If a situation arises where you have a privacy dispute, please contact Convey directly and we will be happy to work with you in a fair and practical manner (see Convey contact information at the bottom of this page). If after speaking with Convey, you feel that you have not come to a mutually agreeable resolution, we will use JAMS as a mediator in Minneapolis, Minnesota, or such other location as we may agree upon. Information about JAMS is available at http://www.jamsadr.com. When possible, we will select a mediator familiar with the Safe Harbor Principles. Mediation fees will be shared equally by the parties. Convey agrees that a mediated settlement may be entered and enforced by any court of competent jurisdiction.
Amendments
This privacy policy may be amended from time to time consistent with the requirements of the Safe Harbor. We will post any revised policy on this website.
Contact Information
Questions, comments or complaints regarding Convey’s Safe Harbor Policy or data collection and processing practices can be mailed or emailed to:
Convey Compliance Systems, Inc
Attn: Office of Information Security
PO Box 46283
Plymouth, MN 55447
Effective date: June 4, 2012