Consistent with its commitment to protect personal privacy, IIJ America adheres to the US-EU Safe Harbor Framework and the US-Swiss Safe Harbor Framework, and the Safe Harbor Privacy Principles, as applicable, regarding the transfer of Personal Information from EU Member States and Switzerland to the United States.
Personal Information. “Personal Information” means any information or set of information that is transferred from the European Union and Switzerland to the United States, is recorded in any form, pertains to or is about any individual, or can be linked to or used to identify that individual.
Sensitive Personal Information.“Sensitive Personal Information”is Personal Information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, criminal proceedings or convictions, or that concerns health or sexual activity.
In the provisioning of cloud computing services, IIJ America acts solely as a “Data Processor” for the transfer of its customer services data from EU Member States and Switzerland to the United States for processing. A Data Processor is an organization that processes Personal Information and/or Sensitive Information purely on behalf of and pursuant to the instructions of a Data Controller. IIJ America provides these services under contract to its clients in the European Union and Switzerland and, accordingly, IIJ America holds, processes and/or transfers such customer services data at the direction of its client, which acts as a Data Controller. Accordingly, IIJ America’s customers, as Data Controllers, decide what data to hold about what categories of Personal Information and about what categories of individuals. IIJ America does not control this customer services data and any access to or use of such data is incidental to IIJ America completing its contractual obligations to its clients. (See US-EU Safe Harbor Framework Guide to Self-Certification, FAQ X)
Moreover, as a Data Processor, IIJ America has no relation with the data subjects. Any obligation to determine whether to provide notice to data subjects regarding what Personal Information is collected about them and how it is used, or to obtain their consent, rests with IIJ America’s clients as Data Controllers. IIJ America will process Personal Information only as directed by its clients.
IIJ America notes that the Safe Harbor Privacy Principle of onward transfer applies to Data Processors; however, IIJ America does not use third-party subcontractors when processing Personal Information at the direction of its clients. In addition, IIJ America will, whenever necessary, assist its clients in dealing with any access requests from individual data subjects, and will pass any requests for access received to them. Incident to its provision of cloud services, IIJ America collects limited information regarding its clients: a contact name, business phone number and business email address. This information is collected for internal administrative purposes only and is not disclosed to any third parties.
As a Data Processor, IIJ America takes the security of Personal Information very seriously. Accordingly, it has implemented appropriate technical and organizational measures against unauthorized or unlawful processing of Personal Information and against accidental loss of, or damage to, Personal Information.
JAMS International provides IIJ America's third-party, independent dispute mechanism as required under the US-EU Safe Harbor Framework and US-Swiss Safe Harbor Framework. If you have a complaint about IIJ America's Safe Harbor compliance that cannot be resolved directly with IIJ America, contact JAMS International at www.jamsinternational.com/rules-procedures/safeharbor/file-safe-harbor-claim.
IIJ America’s Safe Harbor self-certification statement may be accessed on the Safe Harbor program website: https://safeharbor.export.gov/list.aspx .
Effective Date: May 1, 2014