Jeitosa Group International, LLC and its subsidiaries and affiliates (collectively, “Jeitosa”) are committed to protecting the privacy and confidentiality of Personal Information it obtains in the course of doing business.

SCOPE

This Policy applies to the handling of all Personal Information obtained by Jeitosa anywhere in the world, including information relating to staff, dependents, job applicants, independent contractors and agents, employees of clients, business and government contacts, and other individuals.

Legal requirements in the various countries in which Jeitosa operates may set different or higher standards for the protection of Personal Information than those established by this Policy; these requirements will always be respected. As an example, national, state, or provincial laws often establish special conditions for handling sensitive categories of data that may cause individuals greater injury (such as fraud, identity theft, or unlawful discrimination) if this information is misused (see “Sensitive Information,” below). Where Jeitosa associates obtain such information, they will not only follow this Policy but determine whether additional restrictions or obligations apply.

Jeitosa’s international operations entail transferring Personal Information from Europe to the United States and on occasion accessing such data stored in the U.S. from other countries as well. Jeitosa complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland.  Jeitosa has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement and to the associated 15 FAQs.  To learn more about the Safe Harbor program, and to view Jeitosa’s certification, please visit http://www.export.gov/safeharbor/.   Jeitosa also goes beyond what is required by Safe Harbor by using the Safe Harbor Privacy Principles as the foundation for its worldwide Privacy Policy, applying the Safe Harbor Privacy Principles to all Personal Information and not only Personal Information collected in Europe.

DEFINITIONS

Personal Information: Personal information is any information about an identified or identifiable individual, regardless of the medium or format in which the information is stored.

Sensitive Information: European data protection laws treat certain categories of data as especially risky: information about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, health or sex life. Other categories of personal data are subject to additional protections under national law in some European countries: information about criminal history, civil judgments, administrative sanctions, government security measures, government-issued ID numbers, biometric data, genetic data, geo-location data, and personality profiling. Personal Information subject to legal and regulatory protection in the United States includes information about age, gender, ethnicity, health, disability, sexual orientation, children under 13, criminal records, credit history, bankruptcy, garnishments, genetics, Social Security Numbers, driver’s license numbers, financial account and payment card details (in combination with PINs or other access codes), and other non-public financial and medical data.

POLICY

1. Notice

Jeitosa informs individuals about the purposes for which it collects and uses information about them, how to contact Jeitosa with any inquiries or complaints, the types of third parties to which it discloses the information, and the choices and means Jeitosa offers individuals for limiting the use and disclosure of this information. This notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Information to Jeitosa or authorize Jeitosa to collect the information from third parties (or as soon thereafter as practicable) and before Jeitosa uses such information for a purpose other than that for which it was originally collected.

2. Choice

Jeitosa collects and uses Personal Information required to operate its business and perform consulting services for clients. Such collection and use is subject to the Notice principle described above but does not normally require the explicit consent of the individual.

However, Jeitosa will obtain the individual’s consent before:

(a) disclosing Personal Information to a third party (other than disclosure to an agent or contractor processing the data solely on Jeitosa’s behalf, or disclosure required by law), or

(b) using Personal Information for a purpose that is incompatible with the purpose(s) for which it was originally collected or subsequently authorized by the individual.

Where consent is required, individuals will be provided with clear and conspicuous, readily available, and affordable mechanisms to exercise choice. These mechanisms may normally be “opt-out” (Jeitosa may proceed absent objection within a reasonable time), but if the data include Sensitive Information (as defined above), Jeitosa will not proceed without the express (“opt-in”) consent of the individual.

3. Internal Disclosure

Jeitosa discloses Personal Information it has obtained only to authorized staff members and independent contractors who need it to carry out the legitimate business purposes associated with their responsibilities. All other use is prohibited.

4. Onward Transfer (External Disclosure)

Jeitosa discloses Personal Information externally only to third-party contractors or agents that process the data on Jeitosa’s behalf, to satisfy government reporting requirements, to meet other legal obligations, to assert or defend legal claims or interests, or with the consent of the individual.

Before making disclosure to a third party, Jeitosa personnel will first apply the Notice and Choice principles as described above. Unless the disclosure is legally required (such as tax reporting or responding to a judicial subpoena), Jeitosa will also ensure that the third party is obligated (by law, contract, or its own Safe Harbor certification) to provide at least the same level of privacy protection as is required by this Policy. Where Jeitosa contracts with third parties to process Personal Information on its behalf, Jeitosa’s policy is to contractually obligate the third parties to maintain the confidentiality and security of client information and Personal Information they receive, to act upon it only in accordance with the instructions they receive from Jeitosa and/or the client, and to handle the information strictly in accordance with this Privacy Policy.

5. Security

Jeitosa takes reasonable precautions, including administrative, technical, personnel, and physical measures, to safeguard Personal Information against loss, misuse, theft, and unauthorized access, disclosure, alteration, and destruction. Jeitosa employees and independent contractors will follow any specific directions from Jeitosa or its clients with respect to the secure handling of Personal Information, such as those relating to password control or encryption.

Personal Information received from Jeitosa or its clients may be stored on a business laptop computer or other portable media device only with the permission of Jeitosa or the client. Sensitive Information will be encrypted in transit and while stored on a laptop or other portable media device. Once the need for storage away from a secure server has passed, such Personal Information will be removed from the laptop or portable media device or made effectively unreadable. An e-mail account that is not in the Jeitosa.com domain may not be used to transmit Jeitosa or client information that is confidential or includes Personal Information.

6. Data Integrity

In addition to securing Personal Information as described above, Jeitosa limits its collection of Personal Information to that which is relevant for the intended business and legal purposes. Jeitosa does not use the data in a way that is incompatible with the purposes for which it was collected or subsequently authorized by the individual. To the extent necessary for those purposes, Jeitosa takes reasonable steps to ensure that Personal Information is reliable for its intended use, accurate, complete, and current.

7. Access by Individuals

Jeitosa provides individuals an opportunity to access Personal Information about them and to correct, amend, or delete that information where it is inaccurate, out-of-date or irrelevant, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy, or where the rights of persons other than the individual would be violated.

8. Sensitive Information

Jeitosa recognizes that certain categories of Personal Information (see the definition of “Sensitive Information,” above) are subject to special protections in various jurisdictions, and Jeitosa takes appropriate additional steps to protect such information. These measures include: limiting the collection of such data; obtaining opt-in consent from the individuals where consent is required; storing such data, if storage is required, in separate local files or systems wherever possible; protecting the data with encryption and secure transmission; limiting access to as few personnel as practical; monitoring access to the data; notifying the authorities and affected individuals, where required, if the security of such data has been compromised; and deleting or destroying the data when it is no longer needed for a legitimate business or legal purpose.

9. Transborder Data Transfers

Transfers of Personal Information from Europe or Canada to the United States and beyond are lawful only if the parties in control of the information provide adequate safeguards. Jeitosa employees and independent contractors will consult with the appropriate Regional Managing Partner whenever such data transfers are contemplated, to ensure that Jeitosa complies with its International Safe Harbor commitments and any other applicable conditions.

10. Inquiries and Complaints

Jeitosa provides a means for individuals to ask questions or express concerns about the company’s handling of their Personal Information, and Jeitosa will take reasonable steps to be responsive to such questions or concerns. The point of contact for privacy-related inquiries and complaints is privacy@jeitosa.com.

11. Accountability and Enforcement

Jeitosa will cooperate with European data protection authorities, the US Department of Commerce, the US Federal Trade Commission, relevant state or provincial agencies, and law enforcement and judicial authorities in investigating any privacy complaints or suspected violations of privacy laws or Jeitosa’s International Safe Harbor commitments, as well as in rectifying any noncompliant practices.

All employees and independent contractors of Jeitosa are responsible for helping to ensure the privacy and confidentiality of Personal Information obtained in the course of doing business. Employees and independent contractors who violate the terms of this Policy, of applicable privacy and security laws, or of confidentiality agreements with Jeitosa or its clients may be subject to disciplinary consequences up to and including termination of employment or termination or non-renewal of contract, in addition to any other legal measures that may be taken by Jeitosa, its clients, or the affected individuals and their representatives.

Posted: November 11, 2009

Revised: November 18, 2011