EUROPE SAFE HARBOR
Sunset recognizes that the European Union ("EU") has an "omnibus" data protection regime established pursuant to the European Data Protection Directive (95/46/EC) (the "Directive") and that Switzerland has adopted a data protection law (together, "Data Privacy Laws"). Among other things, the Data Privacy Laws generally require "adequate protection" for the transfer of personally identifiable information about Sunset employees in the EU and Switzerland ("European Employee Data"), Sunset corporate customers in the EU and Switzerland ("European Corporate Customer Contact Data") and Sunset corporate suppliers in the EU and Switzerland ("European Corporate Supplier Contact Data") to Sunset operations in the United States. Sunset accordingly adheres to the requirements of the US/EU and US/Swiss Safe Harbor Privacy Principles published by the US Department of Commerce ("Safe Harbor") with respect to certain limited European Employee Data, European Corporate Customer Contact Data and European Corporate Supplier Contact Data received in the United States from our affiliated companies in the EU and Switzerland. Sunset provides European employees with information regarding the data transfers that are covered by Safe Harbor via internal policies and procedures.
In accordance with the Safe Harbor, Sunset may obtain European Corporate Customer Contact Data or European Corporate Supplier Contact Data including names, work contact details (including work telephone, fax, e-mail and address), and titles and username and password information (such as the person Sunset deals with or has dealt with at the customer’s or supplier’s organization). Sunset may collect and process European Corporate Customer Contact Data and European Corporate Supplier Contact Data and disclose it in order to carry out finance and accounting related activities, IT support, marketing and publicity activities, contracting, sales, project management, asset management, workflow management, contact management, username and password management, web access management, tax purposes, legal compliance activities, and other legitimate business purposes.
Sunset maintains reasonable security measures to safeguard data from loss, misuse, unauthorized access, disclosure, alteration or destruction. Sunset also maintains reasonable procedures to help ensure that such data is reliable for its intended use, accurate, complete and current. Sunset may engage third parties to provide storage and other processing services for Sunset including IT support (e.g., software application, development, and maintenance). Such third parties will be required to treat the European Corporate Customer Contact Data and European Corporate Supplier Contact Data solely in accordance with Sunset’s instructions, and to implement appropriate technical and organizational measures to protect the security and confidentiality of such data.