Safe Harbor - Swiss List

U.S.-SWISS SAFE HARBOR LIST

Advisory:

U.S.-Swiss Safe Harbor

On January 12, 2017, Swiss Federal Councillor Johann Schneider-Ammann announced the approval of the Swiss-U.S. Privacy Shield Framework as a valid legal mechanism to comply with Swiss requirements when transferring personal data from Switzerland to the United States. The Swiss-U.S. Privacy Shield Framework will immediately replace the U.S.-Swiss Safe Harbor. To give organizations the time needed to review the Privacy Shield Principles and the commitments they entail, U.S. Acting Under Secretary of Commerce Ken Hyatt announced that the Department will begin accepting Privacy Shield certifications on April 12, 2017.

Beginning April 12, 2017, the Department of Commerce will no longer accept any U.S.-Swiss Safe Harbor certifications. The Department will maintain the U.S.-Swiss Safe Harbor List of participants.

U.S.-EU Safe Harbor

On July 12, 2016, U.S. Secretary of Commerce Penny Pritzker joined European Union Commissioner Věra Jourová to announce the approval of the EU-U.S. Privacy Shield Framework as a valid legal mechanism to comply with EU requirements when transferring personal data from the European Union to the United States. The EU-U.S. Privacy Shield Framework replaces the U.S.-EU Safe Harbor Framework. The Department began accepting certifications on August 1, 2016.

As of October 31, 2016, the Department stopped accepting all U.S.-EU Safe Harbor certifications. The Department will maintain the U.S.-EU Safe Harbor List of participants.

Please note that, pursuant to the Safe Harbor Frequently Asked Question on Self-Certification, the commitment to adhere to the U.S.-EU and U.S.-Swiss Safe Harbor Principles is not time-limited, and a participating organization must continue to apply the Principles to data received under the Safe Harbor.

For more information on the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework, please visit https://www.privacyshield.gov

The organizations on this list have notified the Department of Commerce that they adhere to the U.S.-Swiss Safe Harbor Framework developed by the Department of Commerce in coordination with the Federal Data Protection and Information Commissioner of Switzerland. The U.S.-Swiss Safe Harbor Framework provides guidance for U.S. organizations on how to provide adequate protection for personal data from Switzerland as required by the Swiss Federal Act on Data Protection.
An organization's self-certification of compliance with the U.S.-Swiss Safe Harbor Framework, and the appearance of the organization on this list pursuant to the self-certification, constitute an enforceable representation to the Department of Commerce and the public that it adheres to a privacy policy that complies with the U.S.-Swiss Safe Harbor Framework.
There are benefits to organizations that participate in the U.S.-Swiss Safe Harbor program, but participation in the U.S.-Swiss Safe Harbor Framework and self-certification to the list are voluntary. Once an entity elects to participate in the program, it is legally required to comply with the Safe Harbor Privacy Principles. An organization's absence from the list does not mean that it does not provide effective protection for personal data or that it does not qualify for the benefits of the U.S.-Swiss Safe Harbor program. In order to keep this list current, a notification will be effective for a period of twelve months; therefore, organizations must notify the Department of Commerce every twelve months to reaffirm their continued adherence to the U.S.-Swiss Safe Harbor Framework.
Organizations should notify the Department of Commerce if their representation to the Department is no longer valid. Failure by an organization to so notify the Department could constitute a misrepresentation.
An organization may withdraw from the list at any time by notifying the Department of Commerce. Withdrawal from the list terminates the organization's representation of adherence to the U.S.-Swiss Safe Harbor Framework, but this does not relieve the organization of its Safe Harbor obligations with respect to personal information received during the time that the organization was on the U.S.-Swiss Safe Harbor List.
If a relevant self-regulatory or government enforcement body finds that an organization has engaged in a persistent failure to comply with the U.S.-Swiss Safe Harbor Privacy Principles, then that organization is no longer entitled to the benefits of the U.S.-Swiss Safe Harbor program. In this case, the organization must promptly notify the Department of Commerce of such facts either by email or letter. Failure to do so may be actionable under the False Statements Act (18 U.S.C. 1001). That organization must also provide the Department of Commerce with a copy of the decision letter from the relevant self-regulatory or government enforcement body.

In maintaining the list, the Department of Commerce does not assess and makes no representations to the adequacy of any organization's privacy policy or its adherence to that policy. Furthermore, the Department of Commerce does not guarantee the accuracy of the list and assumes no liability for the erroneous inclusion, misidentification, omission, or deletion of any organization, or any other action related to the maintenance of the list.

Search by Organization Details Show Details(...)

Organization Name:
Search Tip: Enter either (a) the exact Organization Name (e.g. The XYZ Corporation); or (b) the % symbol immediately before (i.e. no space) a word of consequence from the Organization Name (e.g. %XYZ)
Keyword:
Search Tip: Enter the Organization Contact name, Corporate Officer name or Zip Code
Phrase:
Search Tip: Enter a phrase or phrases enclosing each within quotation marks. Three types of phrase-based searches are possible: (1) a search for results containing a single phrase (e.g. “data protection authorities”); (2) a search for results containing all of the specified phrases (e.g. “data protection authorities” AND “DPAs”); and (3) a search for results containing any of the specified phrases (e.g. “data protection authorities” OR “DPAs”). This function is especially useful when searching for records that reference a particular Independent Recourse Mechanism or Verification Method.
Industry Sector:
State:

Search Alphabetically for Organization Name Show Details(...)

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z ALL

3977 Results

Organization

U.S.-Swiss Certified Through

Personal Data

@legal discovery LLC

04/27/2017

All personal data/On-line/On-line

1010data Global Telecom Solutions LLC

08/15/2016

All personal information subject to the U.S.-EU and/or U.S.-Swiss Safe Harbor Privacy Principles (client data).

101domain, Inc

06/25/2016

Data collected directly on the Internet; Data collected manually via paper, phone, or tradeshows.

12 Interactive LLC

07/06/2016

user registration, personal information, user preferences, transactional data, online data

1WorldSync, Inc.

12/06/2016

Personal information received about individual contacts of former, current and prospective customers.

2020 Research

09/13/2016

Market research data primarily dealing with consumer research.

23andMe, Inc.

11/18/2016

On-line data, offline data, manually processed data

247 Customer, Inc.

09/03/2017

Data collected through [24]7 predictive experience platform includes information collected through our services offered to our clients as a Software as a solution provider. The data collected can include Online, offline, chat data etc.

2Checkout.com, Inc.

07/30/2017

Personal Data of clients and their customers that is processed on-line, off-line and manually

2sms

11/01/2016

online data, manually processed data.

3 Story Software

05/13/2017

Off-line, on-line, manually processed data, human resources data.

3D Systems Corporation

07/07/2017

Human Resources Data

3dna Corporation, Inc. dba NationBuilder

04/16/2016

Consumer data, digitally processed.

3Fitt, Inc.

12/19/2016

Customer/User data. There is no manually processed data.

3G SELLING LLC

08/05/2015

Client/Customer contact information such as name, email address, mailing address, phone number. Information about their business such as company name, company size, business type. May be online or data received offline.

3M Company

02/04/2017

Employee personal data

411 Labs Inc

06/29/2017

Collaboration platform profile data, including: user number, user name, user phone (if completed), user address (if completed), email address.

41st Parameter

04/27/2015

Online

5.11, Inc.

10/23/2016

The organization's employee data is manually entered into the HR/Payroll system initially then payroll becomes automatic; The types of customer personal information collected via e-commerce include: 1) Name; 2) Address ; 3) E-mail Address; 4) Phone Number; and 5) Credit/Debit Card Information.

6Sense Insights

03/19/2017

Information received from customers, prospective customers and suppliers.

7th Sense Limited Partnership

06/24/2017

Organization, client and consumer. Consumer data includes phone numbers, email addresses and addresses. The data covered does not include manually processed data.

81qd

07/01/2017

All personal information received

89degrees, Inc.

07/29/2015

on-line and off-line customer transaction data

8x8, Inc.

01/09/2017

Customer personal information could be incidental information left by or for the customer on their on Voice-Mail, or sent via Fax, etc. This information is stored locally and securely by European member state.

99designs, Inc.

07/11/2017

Online data

A. Schulman, Inc

02/26/2017

Personal information regarding employees and related to the employment relationship, which includes manually processed data.

A.C. Coy Company

06/13/2017

A.C. Coy, as an organization, does not receive any Personal Information from the EU. A.C. Coy does have two employees who are currently working as consultants for a client. In the performance of their duties as Information Technology Systems Analysts, they may required to view personal Human Resources data of client employees in order to verify or debug the systems. No data is manually processed.

A.R.O., Inc.

07/02/2014

On-line data = data collected directly on the Internet

A.T. Kearney, Inc.

06/06/2017

Online, offline

A2 Hosting, Inc.

07/06/2016

off-line, on-line

...