Information Required for Privacy Shield Self-Certification
To expedite the self-certification process, please compile the following information before you log on through the Privacy Shield website to self-certify your organization's compliance with the Privacy Shield Framework.
- Organization Name
Organization Contact: Provide a contact office and individual within your organization for the handling of complaints, access requests, and any other issues concerning your organization’s compliance with the Privacy Shield Framework.
- Contact Office
- Contact Name
- Contact Title
- Contact E-mail
- Contact Phone
- Contact Fax
Organization Corporate Officer: Provide information about the individual certifying your organization’s compliance with the Privacy Shield Framework. By submitting this self-certification, the corporate officer attests that he/she is authorized to submit the self-certification on behalf of your organization and all entities or subsidiaries indicated below.
- Corporate Officer Name
- Corporate Officer Title
- Corporate Officer E-mail
- Corporate Officer Phone
- Corporate Officer Fax
Description of your organization’s activities with respect to all personal data received from the EU and/or Switzerland in reliance on the Privacy Shield:
In addition to your organization, list all entities or subsidiaries of your organization that are also adhering to the Privacy Shield Principles and are covered under your organization’s self-certification. Note that references to “organization” in this form as well as in the Privacy Shield Principles include all covered entities and subsidiaries listed here.
What types of personal data does your organization’s Privacy Shield commitment cover?
Note that for purposes of this self-certification form, the term “human resources data” refers to personal data about employees, past or present, collected in the context of the employment relationship. Examples of other types of personal data that could be covered include the following: customer, client, visitor, and clinical trial data.
(select all that apply)
- Human resources data
- Personal data other than human resources data
Briefly describe the purposes for which your organization processes personal data in reliance on the Privacy Shield, including the types of personal data processed by your organization (e.g. customer, client, visitor, and clinical trial data) and, if applicable, the type of third parties to which it discloses such personal information.
Independent recourse mechanism(s) available to investigate unresolved complaints:
If your organization wishes its Privacy Shield commitments to cover personal data other than human resources data, on an annual basis you must designate a private sector developed independent recourse mechanism or you may choose to cooperate with the EU Data Protection Authorities (DPA) under the EU-U.S. Privacy Shield Framework or the Swiss Federal Data Protection and Information Commissioner under the Swiss-U.S. Privacy Shield Framework and have the DPA panel or the Swiss Federal Data Protection and Information Commissioner serve as your independent recourse mechanism. Your annual selection will apply to all information received by your organization under the Privacy Shield other than human resources data.
- If your organization has designated a private sector developed independent recourse mechanism, it must provide this mechanism’s name and website.
Which appropriate statutory body has jurisdiction to investigate claims against your organization regarding possible unfair or deceptive practices and violations of laws or regulations covering privacy? Note that to be transferred in reliance on the Privacy Shield, personal data must be processed in connection with an activity that is subject to the jurisdiction of at least one appropriate statutory body listed below to investigate.
- Federal Trade Commission
- Department of Transportation
List any privacy program in which your organization is a member.
What is your organization's verification method?
- outside compliance review
- If your organization has chosen an outside compliance review, it must provide the name and web address for the third party that conducts the review.
Indicate your organization’s annual revenue. This information will be used to determine the fee your organization must pay to self-certify to the Privacy Shield Framework and will not be viewable by the general public.
- Under $5 million
- Over $5-25 million
- Over $25-500 million
- Over $500 million - $5 billion
- Over $5 billion
Although your organization is not required to do so for purposes of its self-certification, please provide the following information.
Select the industry sector(s) applicable to your organization. This is for information only but will be disclosed on the Privacy Shield website.
(select all that apply from the list provided online)
Indicate the number of employees in your organization. This information will not be publicly disclosed on the Privacy Shield website.
- Fewer than 100
- 501 or more