COBRA DATA DISCOVERY PRIVACY SHIELD POLICY

Digital Discovery dba Cobra Data Discovery respects individual privacy and values the confidence of its clients, business partners and others who may use our services. Not only do we strive to collect, use and disclose personal information in a manner consistent with the laws of the countries in which we do business, but we also aim to uphold the highest ethical standards in our business practices. This Privacy Policy sets forth the privacy principles that Cobra Data Discovery follows with respect to the protection and transfers of personal information, whether it is in electronic, paper or verbal format, between the member states of the European Union, the United Kingdom (UK), Iceland, Liechtenstein and Norway (the European Economic Area) and the United States. This statement applies to all personal information we handle (except as noted below), including on-line, off-line, and manually processed data.

Cobra Data Discovery complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. Cobra Data Discovery has certified that it adheres to each of the seven Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity, and Purpose Limitation, Access, and Recourse, and Enforcement and Liability.

If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.

SCOPE

This Policy applies to the processing of Customer Personal Data that Cobra Data Discovery receives in the United States concerning Customers who reside in the European Union. Cobra Data Discovery provides computer forensics, electronic discovery services, and consulting to law firms, business organizations, and individuals who are parties to various types of legal and commercial proceedings.

This Policy does not cover data from which individual persons cannot be identified or situations in which pseudonyms are used. (The use of pseudonyms involves the replacement of names or other identifiers with substitutes so that identification of individual persons is not possible.)

MANAGEMENT

Cobra Data Discovery has designated the Legal Department to manage compliance with the EU Privacy Shield program. Any inquiries or complaints regarding this Policy may be directed to Cobra Data Discovery at:

Attn: Legal Department
8131 LBJ Freeway
Suite 325
Dallas, TX 75251
https://cobralegalsolutions.com/services/cobra-data-discovery/
Email: legal@cobralegalsolutions.com
Effective date: February 10, 2023

IN HOUSE VERIFICATION

Cobra Data Discovery will annually renew its certifications for EU-US Privacy Shield. An in-house verification will be conducted to substantiate the attestations and assertions in place are consistently complied with in regard to treatment of Personal Data. The verification will ensure that the privacy policy and the publicly posted website private policy conforms to the Privacy Shield Principles and continues to comply with the Privacy Shield principles; informs Customers of Cobra Data Discovery’s participation in the Privacy Shield program and where to obtain a copy of this Policy; inform individuals of in-house mechanisms for handling complaints, and review processes for training employees about Cobra Data Discovery’ participation in the Privacy Shield program and proper handling of Personal Data.

COLLECTION OF PERSONAL DATA

Cobra Data Discovery provides defensible discovery and data consulting to a range of legal, business and government entities across the globe (our clients).
Under most circumstances, Cobra Data Discovery does not collect personal data for processing directly from the party in possession, but receives the data for processing from counsel under an agreement to hold such data under strict rules of confidentiality and privacy. Therefore, when Cobra Data Discovery receives personal data from the EU for processing purposes, we do so in the capacity of a data processor and do not control the collection of the personal data. As a result, the responsibility for the potential notification of individuals remains with our client and Cobra Data Discovery does not, typically, provide notification to the individuals to which such personal data relates (but, again, is mandated by the client to hold the data in the strictest confidence). In such event, Cobra Data Discovery reserves the right to process personal data in the course of providing services to its clients without the knowledge of the individuals involved.

USE OF PERSONAL DATA

Cobra Data Discovery never uses data for a purpose other than the purpose for which it was provided to Cobra Data Discovery. Neither does Cobra Data Discovery share information with third parties other than when lawfully directed by the client law firm or originating organization (that is, the controller of the data.) When specifically authorized by counsel or client to do so, Cobra Data Discovery will inform effected individuals about the purposes for which it collects and uses personal information about them, how to contact the organization with any inquires or complaints, the types of third parties to which it may disclose the information and any choices and means that Cobra Data Discovery may offer individuals for limiting the data’s use and disclosure.

Much of the data processed and hosted by Cobra Data Discovery does not constitute “personal data”. However, personal data will, on occasion, enter into the possession of Cobra Data Discovery. All Cobra Data Discovery employees who handle Personal Data from Europe are required to comply with the Principles stated in this Policy.
Personal data that we collect may vary according to the engagement with our Clients. Cobra Data Discovery collects the following types of Personal Data from its’ Clients: contact information, including name, address, and email address, telephone number, title, and company name, as well as payment information (which might include credit card/and or back account information).

The information that is collected from our clients is used in the capacity of providing services, managing the Client’s account (invoicing, reporting) and related activities for business purposes (complying with its contractual obligations, operations in providing services, storing and processing data).

CHOICE

Since Cobra Data Discovery does not share personal information with third parties, unless required by law or lawfully directed by the client to do so, nor does it ever use the data for a purpose incompatible with the purpose for which it was originally collected, there is no need to offer individuals the opportunity to opt out from having data disclosed. However, should the need ever arise, Cobra Data Discovery will provide individuals with reasonable notice and mechanisms to exercise their choice to opt-out from having personal data so disclose. Individuals may contact Cobra Data Discovery at https://cobralegalsolutions.com/services/cobra-data-discovery/. Note that due to our role as a data processor, we may have to refer individual requests to our specific client who collected the data.

ACCOUNTABILITY OF ONWARD TRANSFERS

Cobra Data Discovery will not disclose an individual’s personal information to third parties, except when one or more of the following conditions is true:

We are specifically required to do so by our client who remains the data controller;
The disclosure is required by law or professional standards;
The disclosure is reasonably related to the sale or disposition of all or part of our business;
The information in question is publicly available;
The disclosure is reasonably necessary for the establishment or defense of legal claims; or
The disclosure is to another Cobra Data Discovery entity or to persons or entities providing services on our or the individual’s behalf (each a “transferee”), consistent with the purpose for which the information was obtained, if the transferee, with respect to the information in question;
Agree to provide an adequate level of privacy protections for the Personal Data that are no less protective than those set out in this Policy.

Cobra Data Discovery may provide Personal Data to Third Parties that act as agents, consultants, and contractors, pursuant to a contract, to perform tasks on behalf of and under our instructions. Third Parties must agree to use such Personal Data only for the purposes for which they have been engaged by Cobra Data Discovery.

All data collected in the course of Cobra Data Discovery activities are kept under strict privacy and confidentiality protocols since much of this information may constitute evidence in litigation and other sensitive proceedings. Indeed, it is the practice of Cobra Data Discovery (and the customary business practice in the industry in which Cobra Data Discovery conducts business) to enter into, with each client, a comprehensive confidentiality agreement that meets or exceeds Privacy Shield standards as to data received in every engagement undertaken.

We may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, Cobra Data Discovery is liable unless we can prove we were not a party to the events giving rise to the damages.

SECURITY

To prevent unauthorized access or disclosure, maintain data accuracy, and ensure the appropriate use and confidentiality of information, either for its own purposes or on behalf of our clients, Cobra Data Discovery has put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we possess. However, we cannot guarantee the security of information on or transmitted via the Internet or on line Review tool.

DATA INTEGRITY AND PURPOSE LIMITATION

Cobra Data Discovery processes personal information only in ways compatible with the purpose for which it was collected or subsequently authorized by the individual. To the extent necessary for such purposes, we take reasonable steps to make sure that personal information is accurate, complete, current, and otherwise reliable with regard to its intended use.

NOTIFICATION

Cobra Data Discovery notifies individual Customers about is adherence to the EU-US Privacy Shield principles through its publicly posted website privacy policy at https://cobralegalsolutions.com/services/cobra-data-discovery/.

ACCESS

EU individuals have the right to access their Personal Data that we hold about them and to ensure that the Personal Data is accurate and relevant for the purpose for which collected. Pursuant to the binding contracts with our clients, who remain the data controllers, we may be required to refer any requests to the appropriate controlling entity. Upon reasonable request and as required by the Privacy Shield principles, Cobra Data Discovery will take reasonable steps to permit individuals to correct, or block data that is demonstrated to be inaccurate, as permitted by applicable law. Individuals may edit their Personal Data by phone or by using the contact information below. Furthermore, EU individuals can demand erasure of personal data that has been handled in violation of the Privacy Shield Principles. Cobra Data Discovery will endeavor to respond in a timely manner to all reasonable written requests to view, modify or inactivate Personal Data. The individual will need to provide sufficient identifying information, such as name, address, and birth date. We may request additional identifying information as a security precaution. In addition, we may limit or deny access to personal information where providing such access would be unreasonably burdensome or expensive in the circumstances, or as otherwise permitted by the Privacy Shield Agreement. A discounted rate will apply to grant access to personal information.

RECOURSE, ENFORCEMENT AND LIABILITY

In compliance with the EU-US Privacy Shield Principles, Cobra Data Discovery commits to resolve complaints about your privacy and our collection or use of your personal information. Cobra Data Discovery has designated the Legal Department to oversee compliance with the EU Privacy Shield program. European Union and United Kingdom individuals with inquiries or complaints regarding this privacy policy should first contact Cobra Data Discovery at:

Cobra Data Discovery has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/privacy-shield-complaints
for more information and to file a complaint.

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privayshield.gov/article?id=ANNEX-1introduction
Cobra Data Discovery is subject to the investigatory and enforcement powers of the Federal Trade Commission (the “FTC”) that will effectively ensure compliance with the Privacy Shield Principles.