RTI Privacy Statement
RTI offers products and services in the business-to-business market sector. When RTI collects information about an individual ( “Personal Information”), it is generally specifically related to that individual’s role at his/her company, and is not related to him/her as a private person or individual consumer. This document describes RTI policy statement for handling, processing, storing, and otherwise treating Personal Information submitted to certain Solutions (defined below).RTI Customers shall be referred to as “Customer” and/or “Supplier” herein. . Individual users of the Solutions (whether employees of Customer or Supplier) collectively and individually may be referred to as “User” throughout this document.
- Personal Information Data Handling and Privacy
- Personal Information
- Use of Personal Information by RTI
- Other Corporate Entities
- Correcting Account Information (Exercising Your Right to Access Personal Information)
- Disclosure by RTI to Third Parties
- Data Retention
- Safe Harbor Program
“Solution” means the RTI service which includes a link to this Privacy Statement, including:
- the RTI hosted On-Demand offerings (also called “RTI OnDemand Solutions“, or “RTI Application Services” )
- project management, content and data cleansing services provided by RTI’s global services team (“RTI Content Services“), and
- RTI Hosting Service(s) (accessible via customer-specific URLs).
“Trading Partner” means an entity with which a Customer or Supplier transacts using the Solution.
Personal Information Handling and Privacy
“Personal Information” is a User’s name and information associated with his or her personal identity as opposed to information associated with a business such as name, business address and/or business email. If User does not want to provide Personal Information to RTI or wishes to have RTI remove User Personal Information from the Solution, User should contact User’s employer RTI Account Administrator to find out if there is an optional way for User to perform applicable business functions without submitting Personal Information.
“Sensitive Personal Information” means government id numbers or financial account numbers associated with individual persons (e.g. U.S. Social Security numbers, driver’s license numbers, or personal credit card or banking account numbers), and medical records or health care claim information associated with individuals, including claims for payment or reimbursement for any type of medical care for an individual.
Use of Personal Information by RTI
RTI will treat Personal Information as confidential and will use it solely to: facilitate operation of the Solution and its related services; enhance use of the Solution and its related web pages; perform internal tracking and Solution improvement; enable RTI to contact User; process requested transactions through the Solution (including use of templates and document creation); and analyze the volume and history of a company’s Solution usage. Some of RTI’s Solution areas utilize cookie technology for these same purposes. User may configure User’s browser to reject cookies, but this may affect User functionality of the Solution . RTIdoes not link the information stored in cookies to Personal Information submitted while using the Solution.
Other Corporate Entities
RTI may share Personal Information with global affiliates, parents, subsidiaries, agents and integrated service providers (“Affiliates”) that cooperate to provide the Solution and related services to User. RTI Affiliates follow practices no less protective of all users of the Solution than RTI practices described in this policy, to the extent allowed by applicable law. If RTI and/or its Affiliates merge with or are acquired by another business entity User agrees RTI may share some or all User Personal Information with the new parent entity. User will receive notice of such an event (if it occurs) and the new combined entity shall follow the practices disclosed in this policy.
By submitting Personal Information to the Solution, User consents to RTI’s collection, processing, storage, and use of said Personal Information in accordance with this policy. Before submitting Personal Information to the Solution for any third party, User shall obtain said individual’s consent for the collection, transfer, processing, and use of that information in accordance with this policy
The Solution is primarily located in and operated from the United States. The Controller of personal data processing through the Solution is RTI, Inc. headquartered at 2929 Briarpark Drive, Houston, TX 77042. By submitting data to the Solution, User consents to having such data transferred to the United States and other Solution operation locations selected by RTI, and RTI’s authorized service providers. RTI Affiliates controlled by RTI, Inc. are located inside and outside the European Economic Area. Any transfer of Personal Information from the European Economic Area to RTI Affiliates located in countries outside the European Economic Area, which may not provide for an adequate level of data protection within the meaning of the European Data Protection Directive, will be subject to a confirmation by RTI that adequate safeguards are in place under the U.S. Department of Commerce Safe Harbor program or a so-called data transfer agreement based on standard contractual clauses, as approved by the European Commission.
Correcting Account Information (Exercising Your Right to Access Personal Information)
User has a right to access and modify User Personal Information and to delete User Personal Information from the Solution subject to constraints identified below. To exercise these rights, RTI has procedures allowing User to update Personal Information in a timely manner. In most Solutions, the administrative contact for User’s company can directly change most contact information by logging on to the Solution and managing User’s account profile directly. For certain Solutions, changes may be requested by calling RTI customer support.
Deletion of User Personal Information may require approval by User’s employer (e.g. expense report data) and may require RTI assistance. Some requests to delete data must be made to RTI through the administrative contact for User’s company.
RTI may refuse to give access to the Solution for legitimate reasons including delinquent payments on the account, a legal dispute, or security concerns. If User is unable to correct, update, or delete User Personal Information due to the fact that User is no longer an employee of the account holder, or User account has been terminated, User may contact the RTI Privacy Coordinator at the address provided below. In each case, RTI will take reasonable measures to accommodate User’s request or respond in writing with the legal basis for denying the request within thirty (30) days.
Disclosure by RTI to Third Parties
RTI does not provide User Personal Information to third parties, except as described elsewhere in this policy and in RTI contracts with Customers, unless (1) User requests or authorizes such disclosure; (2) such disclosure is necessary to process transactions or provide services which User and/or User’s employer have requested; (3) RTI is compelled to do so by a governmental authority, regulatory body, or under subpoena or similar governmental request or to establish or defend a legal claim; or (4) the third party is acting as RTI’s agent or sub-contractor in performing services (e.g., RTI’s use of a third party telecommunications provider).
RTI uses industry standard security measures to protect Personal Information from unauthorized disclosure. RTI takes steps to appropriately safeguard credit card and remittance information using recommended industry encryption methods. RTI has designed RTI’s services so that protected information can only be viewed from within the Solution. We offer User the use of roles to limit access to users with a need to see such information. Please see RTI’s Data Policy for information about the measures RTI takes to address the security of the Solution and the protection of Personal Information
RTI will retain Personal Information in active databases for varying lengths of time depending upon the specific Solution, type of data, and applicable law. The policy regarding data retention for each Solution is set forth in the documentation or terms for each Solution. Consistent with RTI’s backup and storage procedures and due to the close integration of data with the Solution, Personal Information might be stored by RTI in backup logs and files for the duration necessary for legal requirements or the purposes described in this policy. However, RTI makes no commitment to indefinitely store such data. During User’s subscription to the Solution, User will be able to access Personal Information for a certain period based on the particular Solution purchased and the policies for the Solution and RTI suggests that inquiries be directed through the administrative contact for User’s company and directed to the RTI Privacy Coordinator at the address designated below.
Changes to this Policy
From time to time RTI will need to make changes to this policy. Some of the changes will be in response to changes in applicable laws and regulations. In addition, as RTI adds new features and new services to a Solution, RTI will continue to handle Personal Information consistently with this policy, but some changes or clarifications may be required.
If RTI seeks to make a material change to RTI’s policy to allow use of Personal Information for a new, legitimate business purpose, RTI will document the change to this policy, note the date of the last update at the bottom of the policy, and send a notice to the administrative contacts on file with RTI for each Customer. User is encouraged to check this policy occasionally to stay informed of any changes in RTI policies and procedures regarding Personal Information. For substantial and material changes to this policy, RTI will use reasonable efforts to provide notification to all affected users and suggest that such users review the updated policy.
Safe Harbor Program
With regard to the RTI OnDemand Solutions, and the RTI Hosting Service, RTI has formally joined the Safe Harbor Program managed by the U.S. Department of Commerce and has committed to abiding by the Safe Harbor privacy principles for the collection, use, and retention of personal data from the European Union and Switzerland. For more information about Safe Harbor or to access RTI’s certification statement, go to http://www.export.gov/safeharbor/.
If User has questions about this policy, please send an e-mail to firstname.lastname@example.org attn: RTI Privacy Coordinator, or send written correspondence to RTI Privacy Coordinator, Legal Department, RTI, Inc., 2929 Briarpark Drive, Houston, TX 77042.
If User has questions or concerns regarding the Personal Information Handling and Privacy section of this policy, User should first contact User’s company administrator or the RTI Privacy Coordinator listed above (email@example.com). If Use does not receive acknowledgment of User’s inquiry or said inquiry has not been satisfactorily addressed, User should contact firstname.lastname@example.org who will then serve as a liaison with the appropriate RTI representative to resolve concerns regarding the handling of Personal Information.
The English version of this policy shall govern in the event of any conflict or substantive translation changes into a non-English language.