Due to various rulings in Europe, we suggest that you consult this article for the current state of privacy and safe harbor legislation. The US Department of Commerce is maintaining a EU Safe Harbor list and we are retaining this page while they do so.
Compose, Inc. is a full service cloud database hosting provider that focuses on simplicity, reliability, and security of customer data. Protecting consumer privacy is important to Compose, Inc. (hereinafter collectively referred to as the “Company,” “we,” “us” or “our”).
Accordingly, Compose, Inc. complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce (hereinafter collectively referred to as the “Safe Harbor Principles”, “Principles”) regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Compose, Inc. has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Compose, Inc.'s certification, please visit http://www.export.gov/safeharbor/.
“Customers” refers to direct users of Compose, Inc.'s services, who have signed up for a Compose account, and allow Compose, Inc. to store their data.
“Personal Data” or “Information” means information that (1) is transferred from the EU to the United States; (2) is recorded in any form; (3) is about, or pertains to a specific individual; (4) can be linked to that individual; and (5) does not apply to information collected by Compose, Inc. directly about Compose, Inc.’s customers. For information regarding our use, disclosure and handling of information we collect directly from our customers located in the European Union, please see the Compose, Inc. Privacy Statement located at http://docs.compose.io/policies/privacy.html.
“Sensitive Personal Data” means personal data that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership or that concerns an individual’s health.
“Safe Harbor Principles” or “Principles” means both the European Union Safe Harbor Framework and the U.S.-Swiss Safe Harbor Frameworks published by the U.S. Department of Commerce. For more information regarding the Safe Harbor Principles and the Directive, please visit http://www.export.gov/safeharbor/.
The Safe Harbor Principles require that those who collect and determine the purposes and the means of the processing of Personal Data adhere to certain requirements related to compliance with the Directive. The specific functions of a Data Controller depend on the laws of each EU member state. However, since Compose, Inc. does not collect or determine the use of any Personal Data stored on its servers, and since it does not determine the purposes for which such Personal Data is collected, the means of collecting such Personal Data, or the uses of such Personal Data, Compose, Inc. is not acting in the capacity of Data Controller and does not have the associated responsibilities under the Directive or the Safe Harbor Principles.
Compose, Inc. and each Customer located in the European Union or Switzerland will enter into an agreement/contract that specifies each party’s role in complying with the Directive and the Safe Harbor Principles. Any such contract with an EU or Swiss Customer will also specify that the Customer is responsible for security measures with respect to its Personal Data stored on Compose, Inc.’s servers. Although Compose, Inc. has implemented commercially reasonable security measures to protect Personal Data stored on its servers, Customer is ultimately in control of whether the Personal Data is made available to third parties. Compose, Inc. will comply with Customer’s instructions with respect to the return, update or destruction of Personal Data stored on Compose, Inc.’s servers.
In its role as a processor of Personal Data on behalf of its Customers, Compose, Inc. is not able to or required to apply all of the Safe Harbor Principles to Personal Data subject to the Directive that is received for processing from Customers. Instead, Compose, Inc.’s role as a data processor is to assist the Customer, at the Customer’s request, in complying with its obligations under the Directive.
Compose, Inc. requires its Customers located in the European Union or Switzerland to comply with their obligations under the Directive prior to the transfer of any such Personal Data from the European Union or Switzerland to the United States, including, should the case arise, compliance with the obligations to provide notices and obtain consents of individuals about the purposes for which they collect and use Information, as required under the Directive with respect to Personal Data.
Compose, Inc. requires its EU Customers to provide individuals the opportunity to choose (opt out) whether their personal information will be (1) disclosed to a third party or (2) used for a purpose incompatible with the purpose for which it was originally collected or subsequently authorized by the individual. For sensitive information, affirmative or explicit (opt in) choice must be given if the information is to be disclosed to a third party or used for a purpose other than its original purpose or the purpose authorized subsequently by the individual.
Compose, Inc. does not disclose any Personal Data to third parties that has been collected by its Customers, and provides an adequate level of privacy protection to prevent third party access to any such Information. Compose, Inc. also requires its Customers to disclose to individuals any such transfers of their own Personal Data to third parties, and allow the individual a choice (opt out) of such disclosure, as outlined in the Directive.
Compose, Inc. allows for its Customers to respond to an individual’s request to access to their Personal Data and allow the individual to correct, amend or delete inaccurate information, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated.
The control, access, and security of the Personal Data stored on the Compose, Inc. servers is (1) in the direct and primary control of the Customer, and (2) subject to the security measures undertaken by the Customer. Subject to the foregoing, Compose, Inc. has in place information security procedures and commercially reasonable security measures designed to protect Personal Data stored on its servers from loss, misuse, unauthorized access, disclosure, alteration and destruction. Customers will be notified of any breach with respect to their stored Personal Data of security measures implemented by Compose, Inc. of which Compose, Inc. becomes aware.
Any compromise of security or potential compromise of security of which a Customer becomes aware and any inquiries concerning security should be reported promptly by such Customer to Compose, Inc. Contact information is provided below.
Director of Customer Support, Compose, Inc.
Compose, Inc. is not authorized to access or manipulate Personal Data stored on its servers other than as necessary to provide services to a Customer or as otherwise permitted or directed by such Customer. Compose, Inc. takes reasonable steps to assure that Personal Data transferred from the European Union or Switzerland to the United States and stored on Compose, Inc.’s servers is maintained in a reliable, accurate and complete state, subject to any deficiencies in the state in which such Personal Data was received.
Attn: Consumer Response Center
600 Pennsylvania Avenue NW
Washington, D.C. 20580
Compose, Inc.’s adherence to the Safe Harbor Principles is limited to the extent permitted or required by applicable United States laws, rules or regulations.