Privacy Shield Notice

Effective: December 12, 2022

 

Upstream Security Inc., (“Upstream”, “We” or “Our”) has certified with the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield with respect to the Personal Data that (i) We receive regarding Customers, Customers’ customers or end-users, and business partners; and/or (ii) We collect and/or Process on behalf of, or, for the benefit of, Customers through and/or in the context of the Service or the contracts executed with Customers (including, without limitation, pre-contractual discussions).

Upstream complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred to the United States. Upstream has certified to the Department of Commerce that it adheres to the Privacy Shield Principles and Our Privacy Shield certification is available at https://www.privacyshield.gov/.

If there is any conflict between the terms in this Privacy Shield Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view Our certification, please visit https://www.privacyshield.gov/

 

  1. DEFINITIONS.

    Customer(s)” means prospective, current, or former customers, or clients of Upstream and Upstream entities.

    Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

    “Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

  2. SCOPE.

    Upstream ‘s participation in the Privacy Shield applies to the Personal Data subject to EU and Swiss data protection law that (i) Upstream receives from Upstream Security Ltd. and/or (ii) Upstream collects and/or Processes on behalf of Upstream Security Ltd.

  3. PURPOSES OF DATA PROCESSING.

    Upstream offers an automotive cybersecurity solution to protect and secure connected cars and threat intelligence platform (the “Services”).In order to perform the Services, we, Upstream may use Personal Data, namely, of (i) Our Customers, including our Customers’ email addresses, IP addresses,  names, titles, occupations, industries, telephone numbers, employers, and, and (ii)  Our Customer’s End Users’ vehicle  operational data. Upstream may also use the names, email addresses, and telephone numbers of its Customers and/or potential customers for marketing and sales activities.Upstream will Process the Personal Data it receives as described in Section 2, for the purposes of offering and/or providing the Service to Customers. To fulfill these purposes, We may, without limitation, use the Personal Data to contact data subjects, to discuss or execute contracts, to provide the Service, to provide support and maintenance, to correct and address technical or service problems, for marketing purposes, to comply with applicable laws, regulations and orders from public authorities or courts and/or for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of- court procedures.

  4. ONWARD TRANSFERS OF PERSONAL DATA.

    Subject to Section 6 below, We will not transfer Personal Data originating in the EU and/or Switzerland to third parties unless such third parties have entered into an agreement in writing with us requiring them to provide at least the same level of protection to the Personal Data as required by the Principles of the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework and/or applicable law. In cases of onward transfer to third parties of Personal Data received pursuant to the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield, Upstream is potentially liable. We may transfer Personal Data to processors, service providers, vendors, contractors, partners and agents (collectively “Processors”) who need the information in order to provide services to or perform activities on Our behalf, fraud detection and prevention services, web analytics, e-mail distribution and monitoring services, amongst others. In addition, we may disclose or allow government and law enforcement officials access to  Personal Data, in response to a subpoena, search warrant, or court order (or similar requirement), or in compliance with applicable laws and regulations, and/or if we believe in good faith that this will help protect the rights, property or personal safety of Upstream, any of our partners, customers (including, their administrators and/or users), or any member of the general public. Lately, we may share your Personal Data internally within our group of companies, when they have a need to know, and should Upstream or any of its affiliates undergo any change in control or ownership, including by means of merger, acquisition, or purchase of substantially all or part of its assets, Personal Data may be shared with or transferred to the parties involved in such an event.

  5. RIGHT TO ACCESS, CHANGE OR DELETE PERSONAL DATA.

    Data subjects have the right to access Personal Data about them, and in some cases to limit use and disclosure of their Personal Data. If you would like to request access to the Personal Data We have processed on behalf of one of the Customers or to request that we limit our use or disclosure of your Personal Data, please contact  [email protected] and provide your name, contact information and observe the required formalities under applicable law.

  6. REQUIREMENT TO DISCLOSE.

    Upstream may be required in certain circumstances to disclose Personal Data in response to lawful requests by courts or public authorities, including to meet national security or law enforcement requirement.

  7. PRIVACY SHIELD INDEPENDENT RECOURSE MECHANISM.

    In compliance with the Privacy Shield Principles, Upstream  commits to resolve complaints about Our collection or use of your Personal Data. EU and Swiss individuals with inquiries or complaints regarding Our Privacy Shield policy should first contact Upstream  at: [email protected] or by postal mail sent to:
    Upstream Security Inc.
    Attn: Privacy Shield Inquiry
    15001 Kercheval Ave
    Unit #2019 Grosse Pointe Park, MI 48230-1359

    Upstream has further committed to refer unresolved privacy complaints under the EU-U.S. Privacy Shield Principles and the Swiss-U.S. Privacy Shield Principles to JAMS, a non-profit alternative dispute resolution provider located in the United States to assist with the complaint resolution process. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/eu- us-privacy-shield for more information and to file a complaint. The services of JAMS are provided at no cost to you.

  8. U.S. FEDERAL TRADE COMMISSION ENFORCEMENT.

    Upstream is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) to ensure compliance with the EU-US Privacy Shield Principles and the Swiss-U.S. Privacy Shield Principles outlined in this notice.

  9. ARBITRATION.

    Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may also be able to invoke binding arbitration when other dispute resolution procedures have been exhausted.

*****

For the avoidance of doubt, the European Union has denied the U.S. Privacy Shield as a lawful mechanism for international data transfers. Therefore, to the extent we transfer personal data originating from the EEA, UK, or Switzerland to countries that have not been recognized as offering an adequate level of data protection by the relevant authorities, we rely on appropriate data transfer mechanisms as further detailed in our Privacy Policy.

*****