Return Path Safe Harbor Policy

Effective November 2008

Last Updated November 2008

Introduction:

This Safe Harbor policy is provided to inform you of our policies and practices and the way information is collected and processed by Return Path. This policy will inform you of our policies and practices relative to the Safe Harbor requirements, including:

  • Safe Harbor Statement
  • Notice
  • Choice
  • Onward Transfer
  • Security
  • Data Integrity
  • Access
  • Enforcement

If you have questions or concerns regarding this policy, you may contact the Return Path Privacy Office - Safe Harbor Issues at safeharbor@returnpath.net.

Sincerely,
Matt Blumberg, CEO
Tom Bartel, CPO

Safe Harbor Statement

Return Path ("Company" or "we") has elected to self-certify to the Department of Commerce that it adheres to the U.S. - European Union Safe Harbor Privacy Principles, the U.S. - Switzerland Safe Harbor Privacy Principles, and the Frequently Asked Questions (collectively, the "Safe Harbor Principles") established by the U.S. Department of Commerce. Return Path's compliance under the Safe Harbor Principles assures our clients that transmit personal information from the European Union ("EU") to Return Path that we provide adequate privacy protection for covered data, as defined and required by the European Commission's Directive on Data Protection.

Return Path provides software as a service implementations for our clients, including clients based in the EU. At the direction of our EU clients, Return Path may process data relative to performing Return Path's contractual obligations to our EU clients as a data processor. Return Path may transmit data to third parties as instructed by our EU clients relative to performing Return Path's contractual obligations to our EU clients as a data processor. Any access to or use of EU client data by Return Path is incidental to performing Return Path's contractual obligations to our EU clients as a data processor.

The Safe Harbor is based on the following seven Principles:

Notice

As a data processor for our EU clients, Return Path relies on our EU clients to provide any required notices and to inform individuals about the purposes for which their personal information is collected and how it is used. Return Path is contracted by its EU clients to implement, host and manage software and service applications, which may require Return Path to process its clients' data. The EU client data processed by Return Path may include personal information collected by the client from a client's customers or other individuals. This information is controlled by Return Path's clients and may be processed by Return Path to facilitate Return Path's service obligations to the client. Return Path is not responsible for the content of the information it processes, which may include personal information, nor is it responsible for the way its EU clients treat their customers' personal information.

Choice

As a data processor for our EU clients, Return Path relies on our EU clients to offer individuals proper choices regarding the purposes for which their personal information is collected and how it is used. Return Path generally does not collect information directly from individuals within the EU. It merely acts as a data processor for its business clients. If Return Path does collect information directly from individuals within the EU, it will, where applicable, offer such individuals the choice to opt out of having their personal information disclosed to a third party that is not an agent or used for a purpose other than for which it was collected originally. Similarly, to the extent its applicable and required by the Safe Harbor Principles, Return Path will offer individuals from whom it directly collects information the choice to opt in to having their sensitive personal information disclosed to a third party that is not an agent or used for a purpose other than for which it was collected originally.

Onward Transfer

Return Path may transfer personal information to third parties as contractually obligated by our EU clients. When Return Path transfers personal information as described above, Return Path will only do so where Return Path has obtained reasonable assurances from its clients that the receiving agents will safeguard personal information processed by Return Path concerning individuals residing in the EU consistently with the Safe Harbor Principles. This means that Return Path clients will have ascertained that the third party subscribes to the Safe Harbor Principles, is subject to the European Union's Directive on Data Privacy or another adequacy finding, or has entered into a written agreement with the third party requiring the third party to provide at least the same level of privacy protection as is required by the relevant Principles.

Security

We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect relevant personal information, we cannot guarantee its absolute security.

Data Integrity

As a data processor for its clients, Return Path does not typically collect, access or use personal information provided by its clients. Return Path relies on its clients to ensure that personal information is relevant for the purposes for which it is used, reliable for its intended use, accurate, complete and current.

Access

As a data processor for its clients, Return Path believes that individuals should contact the data collector to access and review personal information. Personal information may be accessed only by authorized users at Return Path and its clients. The burden and expense for Return Path to identify individuals and provide access for them to correct, amend or delete information would be disproportionate to the risks to the individuals' privacy, and would possibly violate Return Path's contractual obligations to its clients.

Enforcement

Individuals who believe that Return Path has violated the Safe Harbor Principles or this Safe Harbor Privacy Policy should send a written notice to Return Path's Privacy Office, contact information posted below.

Return Path notifies and trains appropriate team members regarding its privacy policies and practices and the consequences for failing to comply with them. Return Path and its outside auditors periodically review Return Path's policies and practices to determine its compliance.

Return Path reserves the right to change this Safe Harbor Privacy Policy at any time in accordance with the Safe Harbor Principles.

Contacting us:

We value your opinions. If you have comments or questions about our Safe Harbor policy, please send them to Return Path Privacy at safeharbor@returnpath.net, or contact:

Return Path, Inc. - Safe Harbor Issues
304 Park Avenue South, 7th Floor
New York, New York 10010
Phone: 212-905-5500
Fax: 212-905-5501

Return Path is a participant in The DMA Safe Harbor Program. If you believe Return Path has not safisfactorily addressed your data privacy concerns, you may contact The Direct Marketing Association's Safe Harbor Line at:

safeharbor@the-dma.org
202-955-0085 (fax)
or by mailing The DMA at:
Safe Harbor Line
Direct Marketing Association
1615 L Street, NW, Suite 1100
Washington, DC 20036

©2008 Return Path, Inc. All Rights Reserved

 
Products Services Become A Partner   Resources About Us   Sites
Certification for Senders Deliverability Consulting ESP Partner   Client Case Studies About Us   Client Login
Certification for ISPs Feedback Loop Management ISP Data Partner   IN The Know Blog Careers   Senderscore.org
Deliverability Monitoring Tools Receiver Alliance     Research Studies Press Office   Support
Domain Assurance Response Consulting     Webinars and Events Site Map    
Reputation Network Blacklist              

Privacy  |  Copyright 2012 Return Path, Inc.