COBRA DATA DISCOVERY PRIVACY SHIELD POLICY
Cobra Data Discovery complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. Cobra Data Discovery has certified that it adheres to each of the seven Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity, and Purpose Limitation, Access, and Recourse, and Enforcement and Liability.
This Policy applies to the processing of Customer Personal Data that Cobra Data Discovery receives in the United States concerning Customers who reside in the European Union. Cobra Data Discovery provides computer forensics, electronic discovery services, and consulting to law firms, business organizations, and individuals who are parties to various types of legal and commercial proceedings.
This Policy does not cover data from which individual persons cannot be identified or situations in which pseudonyms are used. (The use of pseudonyms involves the replacement of names or other identifiers with substitutes so that identification of individual persons is not possible.)
Cobra Data Discovery has designated the Legal Department to manage compliance with the EU Privacy Shield program. Any inquiries or complaints regarding this Policy may be directed to Cobra Data Discovery at:
Attn: Legal Department
8131 LBJ Freeway
Dallas, TX 75251
Effective date: February 10, 2023
IN HOUSE VERIFICATION
COLLECTION OF PERSONAL DATA
Cobra Data Discovery provides defensible discovery and data consulting to a range of legal, business and government entities across the globe (our clients).
Under most circumstances, Cobra Data Discovery does not collect personal data for processing directly from the party in possession, but receives the data for processing from counsel under an agreement to hold such data under strict rules of confidentiality and privacy. Therefore, when Cobra Data Discovery receives personal data from the EU for processing purposes, we do so in the capacity of a data processor and do not control the collection of the personal data. As a result, the responsibility for the potential notification of individuals remains with our client and Cobra Data Discovery does not, typically, provide notification to the individuals to which such personal data relates (but, again, is mandated by the client to hold the data in the strictest confidence). In such event, Cobra Data Discovery reserves the right to process personal data in the course of providing services to its clients without the knowledge of the individuals involved.
USE OF PERSONAL DATA
Cobra Data Discovery never uses data for a purpose other than the purpose for which it was provided to Cobra Data Discovery. Neither does Cobra Data Discovery share information with third parties other than when lawfully directed by the client law firm or originating organization (that is, the controller of the data.) When specifically authorized by counsel or client to do so, Cobra Data Discovery will inform effected individuals about the purposes for which it collects and uses personal information about them, how to contact the organization with any inquires or complaints, the types of third parties to which it may disclose the information and any choices and means that Cobra Data Discovery may offer individuals for limiting the data’s use and disclosure.
Much of the data processed and hosted by Cobra Data Discovery does not constitute “personal data”. However, personal data will, on occasion, enter into the possession of Cobra Data Discovery. All Cobra Data Discovery employees who handle Personal Data from Europe are required to comply with the Principles stated in this Policy.
Personal data that we collect may vary according to the engagement with our Clients. Cobra Data Discovery collects the following types of Personal Data from its’ Clients: contact information, including name, address, and email address, telephone number, title, and company name, as well as payment information (which might include credit card/and or back account information).
The information that is collected from our clients is used in the capacity of providing services, managing the Client’s account (invoicing, reporting) and related activities for business purposes (complying with its contractual obligations, operations in providing services, storing and processing data).
Since Cobra Data Discovery does not share personal information with third parties, unless required by law or lawfully directed by the client to do so, nor does it ever use the data for a purpose incompatible with the purpose for which it was originally collected, there is no need to offer individuals the opportunity to opt out from having data disclosed. However, should the need ever arise, Cobra Data Discovery will provide individuals with reasonable notice and mechanisms to exercise their choice to opt-out from having personal data so disclose. Individuals may contact Cobra Data Discovery at https://cobralegalsolutions.com/services/cobra-data-discovery/. Note that due to our role as a data processor, we may have to refer individual requests to our specific client who collected the data.
ACCOUNTABILITY OF ONWARD TRANSFERS
Cobra Data Discovery will not disclose an individual’s personal information to third parties, except when one or more of the following conditions is true:
- We are specifically required to do so by our client who remains the data controller;
- The disclosure is required by law or professional standards;
- The disclosure is reasonably related to the sale or disposition of all or part of our business;
- The information in question is publicly available;
- The disclosure is reasonably necessary for the establishment or defense of legal claims; or
- The disclosure is to another Cobra Data Discovery entity or to persons or entities providing services on our or the individual’s behalf (each a “transferee”), consistent with the purpose for which the information was obtained, if the transferee, with respect to the information in question;
- Agree to provide an adequate level of privacy protections for the Personal Data that are no less protective than those set out in this Policy.
Cobra Data Discovery may provide Personal Data to Third Parties that act as agents, consultants, and contractors, pursuant to a contract, to perform tasks on behalf of and under our instructions. Third Parties must agree to use such Personal Data only for the purposes for which they have been engaged by Cobra Data Discovery.
All data collected in the course of Cobra Data Discovery activities are kept under strict privacy and confidentiality protocols since much of this information may constitute evidence in litigation and other sensitive proceedings. Indeed, it is the practice of Cobra Data Discovery (and the customary business practice in the industry in which Cobra Data Discovery conducts business) to enter into, with each client, a comprehensive confidentiality agreement that meets or exceeds Privacy Shield standards as to data received in every engagement undertaken.
We may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, Cobra Data Discovery is liable unless we can prove we were not a party to the events giving rise to the damages.
To prevent unauthorized access or disclosure, maintain data accuracy, and ensure the appropriate use and confidentiality of information, either for its own purposes or on behalf of our clients, Cobra Data Discovery has put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we possess. However, we cannot guarantee the security of information on or transmitted via the Internet or on line Review tool.
DATA INTEGRITY AND PURPOSE LIMITATION
Cobra Data Discovery processes personal information only in ways compatible with the purpose for which it was collected or subsequently authorized by the individual. To the extent necessary for such purposes, we take reasonable steps to make sure that personal information is accurate, complete, current, and otherwise reliable with regard to its intended use.
EU individuals have the right to access their Personal Data that we hold about them and to ensure that the Personal Data is accurate and relevant for the purpose for which collected. Pursuant to the binding contracts with our clients, who remain the data controllers, we may be required to refer any requests to the appropriate controlling entity. Upon reasonable request and as required by the Privacy Shield principles, Cobra Data Discovery will take reasonable steps to permit individuals to correct, or block data that is demonstrated to be inaccurate, as permitted by applicable law. Individuals may edit their Personal Data by phone or by using the contact information below. Furthermore, EU individuals can demand erasure of personal data that has been handled in violation of the Privacy Shield Principles. Cobra Data Discovery will endeavor to respond in a timely manner to all reasonable written requests to view, modify or inactivate Personal Data. The individual will need to provide sufficient identifying information, such as name, address, and birth date. We may request additional identifying information as a security precaution. In addition, we may limit or deny access to personal information where providing such access would be unreasonably burdensome or expensive in the circumstances, or as otherwise permitted by the Privacy Shield Agreement. A discounted rate will apply to grant access to personal information.
RECOURSE, ENFORCEMENT AND LIABILITY
Attn: Legal Department
8131 LBJ Freeway
Dallas, TX 75251
Effective date: February 10, 2023
Cobra Data Discovery has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/privacy-shield-complaints
for more information and to file a complaint.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privayshield.gov/article?id=ANNEX-1introduction
Cobra Data Discovery is subject to the investigatory and enforcement powers of the Federal Trade Commission (the “FTC”) that will effectively ensure compliance with the Privacy Shield Principles.