Capsicum Group, LLC (“Capsicum Group”, “we”, “us”) provides digital forensics, electronic discovery, cyber-security, security audits, remediation, data hosting and related services to companies and the law firms that represent them. As an industry leader in the investigation, acquisition, management and analysis of critical data, Capsicum Group adheres to the highest ethical standards in providing outstanding service to its customers. At no other time in history has access to, and dissemination of, information been such a critical element of business and commerce in the United States and throughout the world. At the same time, public concern, especially in the area of privacy, is also running at a high level. Capsicum Group remains committed to the responsible use of personally identifiable information and to the safeguarding of individual privacy. We comply with all applicable laws regarding the collection, use, and distribution of personally identifiable information.
INFORMATION COLLECTION, SHARING, USE & STORAGE
Personally identifiable information
The Web Site only collects PII from you if you choose to provide this information to Capsicum Group. PII collected with your consent may include, but is not limited to, your name, mailing address, e-mail address, telephone number, facsimile number, username and password used to verify identity (if applicable), resume information, social media username and/or handle, any responses you choose to provide through Web Site survey questions, or any inquiries you may make through the Web Site and any other web sites owned and operated by Capsicum Group.
Capsicum Group may share PII with certain personnel and organizations, including but not limited to: authorized partners who perform services for us based upon our instructions and third parties with your consent. Capsicum Group may also disclose PII if required to do so by law, in response to government agency requests, as required for national security purposes, and/or in connection with an investigation of suspected or actual illegal or inappropriate activity or exposure to liability. Note that if and when Capsicum Group shares PII with a third party, they must contractually agree to comply with standards of privacy and security that are on par with those of Capsicum Group. However, if you provide PII to a third party directly, privacy and security issues shall be addressed consistent with that third party’s standards, and your own independent relationship with that third party.
The time periods for which Capsicum Group shall retain your PII depends upon the purposes for which we use it. The PII Capsicum Group collects may be stored and processed in servers in the United States and wherever Capsicum Group and its related service providers have facilities abroad.
3. Non-personally identifiable information
The Web Site also collects non-personally identifiable information. For example, as you browse the Web Site, we may collect information about your visit, but not about you personally. Via web server logs, for example, Capsicum Group may monitor statistics such as: the number of people that visit the Web Site, which page(s) are visited on the Web Site, from which domain our visitors come (e.g., www.google.com, www.hotmail.com, etc.), and which Internet browsers people use to visit our site (e.g., Google Chrome, Firefox, Microsoft Internet Explorer, etc.). The Web Site uses an outsourcing program to assist Capsicum Group in analyzing this data to better tailor the Web Site.
Capsicum Group takes steps to protect against the loss, misuse, or unauthorized alteration of PII collected through the Web Site. We recognize the importance of security for all PII collected by the Web Site. We exercise care in providing secure transmission of your information to Capsicum Group servers. Once we receive PII, we take steps to protect its security on our systems. In the event we request or transmit sensitive information, we use industry standard, secure socket layer (“SSL”) encryption. Furthermore, Capsicum Group regularly tests the Web Site, data centers, systems, and other capabilities to ensure
that we maintain top-of-the-line security. We limit access to PII to those Capsicum Group employees who require access in order to carry out their job responsibilities.
EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield
Capsicum Group is committed to maintaining the privacy and confidentiality of PII and, additionally, Client Personal Data (“Client Personal Data”) entrusted to Capsicum Group by our clients and their legal counsel. Capsicum Group complies with the U.S.-EU Privacy Shield and the U.S.-Swiss Privacy Shield as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. To learn more about the Privacy Shield program, please visit www.privacyshield.gov.
Client Personal Data is information from equipment and networks owned, controlled or operated by our clients that is received by Capsicum Group for purposes of collection, processing, storage and analysis in accordance with the instructions of the clients and/or their legal advisors and in order to assist clients in meeting their legal or professional obligations, protecting their vital interests or carrying out other legitimate activities. Capsicum Group will not use Client Personal Data for any purposes other than for those specifically outlined in the client contract.
The EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield apply to all PII and Client Personal Data received by Capsicum Group in the United States from the European Economic Area and Switzerland, in any format including electronic, paper or verbal.
Note: Client Personal Data processed by Capsicum Group may be subject to contractual agreements with our clients that require more stringent privacy and security safeguards than the requirements in the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield. At a minimum, however, Capsicum Group handles Client Personal Data in accordance with the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield Privacy Principles.
b. Seven EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield Principles adhered to by Capsicum Group
Capsicum Group notifies Data Subjects covered by the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield about its data practices regarding personally identifiable information received by Capsicum Group in the U.S. from European Union member countries and Switzerland in reliance on the respective Privacy Shield framework, including the personally identifiable information it collects about them, the purposes for which it collects and uses such personally identifiable information, the types of third parties to which it discloses such personally identifiable information and the purposes for which it does so, the rights of Data Subjects to access their personally identifiable information, how Capsicum Group limits its use and disclosure of such personally identifiable information, how Capsicum Group’s obligations under the Privacy Shield are enforced, and how Data Subjects can contact Capsicum Group with any inquiries or complaints.
When Capsicum Group collects or receives Client Personal Data for processing pursuant to instructions of our clients or their legal counsel, we are acting as an agent for our client and do not provide notice to individuals regarding the collection and use of their personal data. Our clients remain responsible for providing notice, if and to the extent they believe such notice is necessary under applicable European Union or Switzerland law.
2. Choice (Opt Out)
If personally identifiable data and/or Client Personal Data covered by this Policy is to be used for a new purpose that is materially different from that for which the personally identifiable data was originally collected or subsequently authorized, or is to be disclosed to a non-agent third party, Capsicum Group will provide Data Subjects with an opportunity to choose whether to have their personally identifiable data so used or disclosed. Requests to opt out of such uses or disclosures of personally identifiable data should be sent to: firstname.lastname@example.org.
If personally identifiable data and/or Client Personal Data covered by this Policy is to be used for a new purpose that is different from that for which it was originally collected or subsequently authorized, or is to be disclosed to a third party, Capsicum Group will obtain the Data Subject’s explicit consent prior to such use or disclosure.
When Capsicum Group receives Client Personal Data from individuals in the European Union or Switzerland pursuant to instructions of our clients or their legal counsel, we are acting as an agent for our client and do not provide the choice for individuals to opt out regarding the collection and use of their personal data. Our clients remain responsible for providing the choice to opt out, if and to the extent they believe such notice is necessary under applicable European Union or Switzerland law.
3. Accountability for Onward Transfer
Capsicum Group is committed and takes reasonable precautions to protect PII and/or Client Personal Data in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.
5. Data Integrity and Purpose Limitation
Capsicum Group controls PII and/or Client Personal Data only in ways that are consistent with the purposes for which it was collected or subsequently directed or authorized by clients or their legal counsel to fulfill services requested by them.
PII and/or Client Personal Data is accessible by only those Capsicum Group employees and contractors who have a reasonable need to access such information in order for us to fulfill contractual, legal and professional obligations. Our employees and contractors do enter into confidentiality and non-disclosure agreements requiring that they maintain the confidentiality of PII and/or Client Personal Data. Capsicum Group will provide individuals with access to his or her own PII and/or Client Personal Data in order to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete. However, where the burden or expense of providing access would be disproportionate to the risks to the individuals privacy in the case in question, or where the rights of persons other than the individual would be violated, such access will not be granted.
7. Recourse, Enforcement and Liability
Capsicum Group’s participation in the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework is subject to investigation and enforcement by the Federal Trade Commission. In compliance with the Privacy Shield Principles, Capsicum Group commits to resolve complaints about your privacy and our collection or use of PII. Data Subjects with inquiries or complaints regarding this Policy should first contact Capsicum Group via email at email@example.com, with “Privacy Shield” in the subject line, or at the postal address: Capsicum Group, LLC., 2929 Arch Street, Suite 1525, Philadelphia, PA 19104, Attention: Privacy Shield. Capsicum Group will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy.
c. Limitation on Application of Principles
Adherence by Capsicum Group to these Privacy Shield Principles may be limited (a) to the extent required to respond to a legal or ethical obligation; and (b) to the extent expressly permitted by an applicable law, rule or regulation.
d. Changes to the Privacy Shield Policy
This policy may be amended from time to time, consistent with the requirements of the Privacy Shield Principles. A notice will be available upon request.
Capsicum Group complies with the Children’s Online Privacy Protection Act of the United States of America (which is available here: http://www.coppa.org/coppa.htm). We do not knowingly collect personal information from children under the age of thirteen (13) years without proper parental consent.