Privacy Shield

Last updated September 4th, 2018

Privacy Shield Policy

Rockerbox has subscribed to and will comply with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework (the “Framework”) as set forth by the U.S. Department of Commerce and the European Commission regarding the processing of Personal Information (as defined below) that is transferred from EU and Swiss Individuals to the United States. Rockerbox has certified to the Department of Commerce that it adheres to the Privacy Shield Principles (the “Principles”). Rockerbox created this Privacy Shield Policy to help you learn about how we handle Personal Information that is collected in the EEA and transferred to Rockerbox in the U.S.

If there is any conflict between this Policy and the Principles, the Principles will govern. To learn more about the Framework please visit https://www.privacyshield.gov/.  You can view our certification at https://www.privacyshield.gov/list.

This Privacy Shield Policy supplements our Privacy Policy above. Capitalized terms used in this Privacy Shield Policy have the meaning given to them by our Privacy Policy, unless specifically defined in this Policy. This Privacy Shield Policy applies to Rockerbox, which is subject to the investigatory and enforcement powers of the Federal Trade Commission.

How we Obtain Personal Information
We obtain and process Personal Information from EU and Swiss individuals as a data processor when providing our services to our enterprise customers. In that context, we only process Personal Information on behalf and on the instructions of our customers, which are data controllers.

Rockerbox commits to subject to the Principles all Personal Information received from EU and Swiss individuals in reliance on the Framework.

Personal Information Received from the European Economic Area
We may receive from EU and Swiss individuals some or all of the information listed in our Privacy Policy. Some of that information may qualify as “personal information” or “personal data” (collectively, “Personal Information”) as defined in the Framework.  We process Personal Information on behalf of our enterprise customers, and they determine the purposes of the processing. Accordingly, customers are responsible for providing notice to individuals.

Onward Transfers
Our Privacy Policy describes the types of third parties that we may disclose your Personal information to, and the purposes of such disclosures. If we disclose your Personal Information to a third party acting as a data controller or as an agent, we will comply with, and protect the Personal Information as provided in, the Accountability for Onward Transfer Principle. We remain responsible for the processing of Personal Information received under the Framework and subsequently transferred to a third party acting as an agent if the agent processes such Personal Information in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.  We may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Choice and Access
We obtain and process Personal Information from EU and Swiss individuals as a data processor when providing our services to our enterprise customers. Therefore, requests to access, correct, amend, remove and/or limit the use and disclosure of personal data that Rockerbox processes on behalf of its customers should include the name of the Rockerbox customer who submitted your personal data to Rockerbox. We will forward such requests to the identified customer to respond directly to you and we will provide any necessary assistance in that customer’s response to your request.

Data Security
We use reasonable and appropriate measures to protect your Personal Information from loss, misuse, unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the Personal Information.

Recourse and Enforcement
If you have any questions or concerns, please write to us at the address listed below.  In compliance with the Privacy Shield Principles, Rockerbox commits to resolve complaints about your privacy and our collection or use of your personal information.  EU and Swiss individuals with inquiries or complaints regarding this privacy policy should first contact us the address written below.

Rockerbox has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus.  If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint.

Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield panel.

Contact Information
If you have questions, concerns, or complaints about this Privacy Shield Policy or our privacy practices, please contact us.

Rockerbox, Inc.
138 Mulberry Street, #6A3
New York, NY, 10003
United States
privacy@rockerbox.com

Privacy Shield Policy Changes
This Privacy Shield Policy may be changed from time to time, consistent with the requirements of the Framework. You can determine when this Policy was last revised by referring to the “Last Updated” legend at the top of this Policy. Any changes to this Policy will become effective when posted to our website.