Deem

Safe Harbor Privacy Policy

The following Deem entities have certified compliance with the Safe Harbor privacy framework for the handling of Customer Personal Information the entities receive in the United States from the European Union, Iceland, Liechtenstein, Norway or Switzerland (collectively, "EEAS"):

This policy describes how Deem complies with the Safe Harbor privacy principles of notice, choice, onward transfer, access, security, data integrity and enforcement.

For purposes of this policy:

  • "Customer" means any individual located in the EEAS who uses Deem products or services.
  • "Personal Information" means information that (i) is transferred to Deem in the U.S. from EEAS, (ii) is recorded in any form, (iii) is about, or relates to, an identified or identifiable Customer, and (iv) can be linked to that individual.

Deem's Safe Harbor certification can be found at https://safeharbor.export.gov/list.aspx. For more information about the Safe Harbor principles, please visit www.export.gov/safeharbor.

How Deem Obtains Personal Data

As a service provider to businesses, such as employers and financial institutions, Deem obtains Customer Personal Information from its business customers. We require business customers to comply with applicable U.S. and foreign laws, which include relevant national laws in the EEAS governing the collection, use and other processing of Personal Information. Deem also may collect Personal Information directly from Customers. This may occur, for example, when a Customer establishes an account on a Deem website or uses our mobile applications.

Notice

Deem provides information in its Global Privacy Statement regarding the company's Customer Personal Information practices. The Privacy Statement describes:

  • The purposes for which we collect and use the information;
  • The types of third parties to which we disclose the information;
  • The choices we offer Customers for limiting our use and disclosure of their Personal Information;
  • How to exercise these privacy choices; and
  • How to contact Deem about the company's Customer Personal Information practices.

Deem also has informed its business customers that they must comply with applicable foreign laws, which may include the requirement to provide appropriate notice to Customers whose Personal Information the businesses disclose to Deem in the U.S.

Choice

In circumstances in which Deem collects Personal Information directly from Customers, we offer Customers the opportunity to choose whether we may (i) disclose their Personal Information to certain third parties or (ii) use their Personal Information for a purpose that is incompatible with the purpose for which the information was originally collected or subsequently authorized by the individual. Customers may contact Deem as indicated below regarding our use or disclosure of their Personal Information.

Where Deem receives Customer Personal Information from business customers, we have informed Customers that they may exercise certain of their privacy rights and choices by contacting the business customer that obtained Deem products or services for the Customer's use.

Onward Transfer

Deem shares Customer Personal Information with service providers that perform services on the company's behalf. Except as described below, Deem requires such services providers to either (i) certify compliance with the Safe Harbor framework to the U.S. Department of Commerce, or (ii) contractually agree to provide at least the same level of privacy and security protection for the Personal Information as is required by the Safe Harbor privacy principles relevant to the business functions the service provider performs. These requirements do not apply to service providers that are (i) subject to the European Union Data Protection Directive 95/46 or the Swiss Federal Data Protection Law, (ii) located in a country deemed by the European Commission to adequately safeguard personal information, or (iii) subject to another data protection adequacy basis.

Access

As described in the "Access and Correction" section of our Global Privacy Statement, Deem provides Customers with reasonable access to the Personal Information the company maintains about them, including a reasonable opportunity to correct, amend or delete the information where it is inaccurate. We may limit or deny access to Personal Information where providing such access is unreasonably burdensome or expensive or as otherwise permitted by relevant Safe Harbor requirements. Customers may access and correct their personal information using accounts they maintain on Deem websites or ask us to correct or amend their Personal Information by contacting the company as indicated below.

In addition, we have informed Customers who use Deem products or services that a Deem business customer (such an employer or financial institution) obtained on their behalf to request access to their information from the relevant business customer.

Security

As described in Deem's Global Privacy Statement, the company takes reasonable precautions to protect Customer Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction.

Data Integrity

Deem takes reasonable steps to ensure that Customer Personal Information it obtains is relevant for the purposes for which the company uses the information, and that the information is reliable, accurate, complete and current. We have implemented technology, management processes and policies to help maintain data accuracy and integrity. We depend on our Customers and business customers to update and correct Personal Information to the extent necessary. Customers may update their information using the accounts they maintain on Deem websites or by contacting us as indicated below.

Enforcement

Deem conducts an annual self-assessment to verify that this Safe Harbor Privacy Policy is accurate, comprehensive, prominently displayed, implemented, accessible and conforms to the Safe Harbor framework, and that we have put in place appropriate employee training and Safe Harbor compliance review procedures.

Customers may file a complaint with Deem regarding the company's handling of their Personal Information by contacting us as indicated below. If the complaint cannot be resolved through our internal complaint resolution processes, Deem will cooperate with JAMS pursuant to the JAMS International Mediation Rules. Deem will take steps to remedy any issues arising out of the company's failure to abide by the Safe Harbor framework.

How to Contact Us

If you have any questions or comments about this Privacy Statement, or if you would like us to update the information we have about you or your preferences, please contact us by email at privacy@deem.com. You also may write to us at:

Deem
Attn: Chief Legal Officer – Privacy
Privacy Rights
301 Howard St., 21st Floor
San Francisco, CA 94105