PRIVACY POLICY

Privacy

You can browse our web site without providing any personal information. There are points in the web site at which you have the option of entering information. If you choose to do so, that information will be received by Sierra-Cedar and used for its own purposes in assisting you and for other internal purposes. It will not be sold to third parties.

Such information as you decide to submit to Sierra-Cedar via its web page is used to provide information you request, answer questions or concerns, or otherwise in the normal course of Sierra-Cedar’s business. We do not intend to share your information with people or entities outside of Sierra-Cedar and its affiliates except as is required to provide you with the service or information you have requested via the web site. If we are required by law to disclose the information you have provided to us, we will do so.

This privacy statement may be modified from time to time. It is intended as a statement of our current practices, and not as an offer or contract of any sort. If the privacy statement is amended, the amendment will be included on our web page.

Sierra-Cedar is not responsible for the privacy practices of any organization or entity to which we may provide a link on our web page. If you are concerned about those entities’ privacy policies, you should read their policies as found on their web pages.

EU-U.S. DATA PRIVACY FRAMEWORK (DPF) PRINCIPLES  PRIVACY STATEMENT
We self-certify compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF Framework. A list of participating organizations can be found at https://www.dataprivacyframework.gov/s/program-overview.

Data Privacy Framework Standards
This EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF Privacy Statement (the “Statement”) sets forth the privacy principles followed by Sierra-Cedar, LLC and its subsidiary Sierra-Cedar India Pvt Ltd in connection with the transfer and protection of “personal information” received from the European Union (EU).

About The Data Privacy Framework
The EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. Data Privacy Framework (UK Extension to the EU-U.S. DPF) were respectively developed in furtherance of transatlantic commerce by the U.S. Department of Commerce and the European Commission and the UK Government to provide U.S. organizations with reliable mechanisms for personal data transfers to the United States from the European Union / European Economic Area and the United Kingdom (and Gibraltar) while ensuring data protection that is consistent with EU and UK law.

The Data Privacy Framework (DPF) program, which is administered by the International Trade Administration (ITA) within the U.S. Department of Commerce, enables eligible U.S.-based organizations to self-certify their compliance pursuant to the EU-U.S. DPF and, as applicable, the UK Extension to the EU-U.S. DPF. To participate in the DPF program, a U.S.-based organization is required to self-certify to the ITA via the Department’s Data Privacy Framework (DPF) program website and publicly commit to comply with the DPF Principles. While the decision by an eligible U.S.-based organization to self-certify its compliance pursuant to and participate in the relevant part(s) of the DPF program is voluntary, effective compliance upon self-certification is compulsory. Once such an organization self-certifies to the ITA and publicly declares its commitment to adhere to the DPF Principles that commitment is enforceable under U.S. law.

Sierra-Cedar, LLC complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. Sierra-Cedar has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

“Personal Information” means information that can directly or indirectly lead to the identification of a living person, such as an individual’s name, address, e-mail, telephone number, license number, medical identification number, photograph, or other identifying characteristic. The identification can occur by reference to one or more factors specific to the individual’s physical, physiological, mental, economic, cultural or social identity. Personal information does not include information that has been anonymized, encoded or otherwise stripped of its identifiers, or information that is publicly available, unless combined with other non-public personal information.

Scope
This Statement governs personal information transferred from countries in the EU to the United States on behalf of Sierra-Cedar. It applies to personal information in electronic and off-line formats.

Data Privacy Framework (DPF) Privacy Principles
The following privacy principles apply to the transfer, collection, use, or disclosure of personal information from the EU by Sierra-Cedar.

Notice: Sierra-Cedar informs individuals in the EU about the purposes for which it collects and uses their personal information, how to contact Sierra-Cedar, the types of third parties with which Sierra-Cedar shares their personal information, and the choice and means Sierra-Cedar offers for limiting the use and disclosure of their personal information.

Consistent with the Data Privacy Framework (DPF) requirements, Sierra-Cedar may not be in a position to furnish notice in certain limited situations. Specifically, notice is not required where the processing of EU personal information is necessary to respond to a government inquiry; is required by applicable laws, court orders or government regulations; or is necessary to protect Sierra-Cedar’s legal interests and providing notice would interfere with those interests.

Choice: Sierra-Cedar will not process personal information about EU individuals for purposes other than those for which the information was originally obtained or subsequently authorized by the EU individual unless the individual affirmatively and explicitly consents (“opt-in”) to the processing, or unless an exception applies. Sierra-Cedar also provides EU individuals with the opportunity to withdraw consent at any time (“opt-out”), in which case their personal information will not be further processed.

Data Integrity: Sierra-Cedar seeks to ensure that any personal information held about EU individuals is accurate, complete, current, and otherwise reliable in relation to the purposes for which the information was obtained. Sierra-Cedar collects personal information that is adequate, relevant, and not excessive for the purposes for which it is to be processed. EU individuals have a responsibility to assist Sierra-Cedar in maintaining accurate, complete, and current personal information about them.

Transfers To Third Parties: Sierra-Cedar does not share personal information with third parties. Were it to do so in the future, it would only transfer personal information about EU individuals to third-parties where the third-party (a) has provided satisfactory assurances to Sierra-Cedar that it will protect the information consistently with this Statement; or (b) is located in the EU or a country considered “adequate” for privacy by the EU Commission, and therefore is required to comply with the EU data protection laws or substantially equivalent privacy laws; or (c) the third-party has also certified to the Data Privacy Framework, and is accordingly independently responsible for complying with the Data Privacy Framework requirements. Sierra-Cedar assumes responsibility for such onward transfers as required by the Data Privacy Framework.

Where Sierra-Cedar has knowledge that a third-party to whom it has provided EU personal information is processing that information in a manner contrary to this Statement or the Data Privacy Framework requirements, Sierra-Cedar will take reasonable steps to prevent or stop the processing. Sierra-Cedar will disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Access and Correction: Upon written request to Sierra-Cedar, Sierra-Cedar will provide EU individuals with reasonable access to their personal information. Sierra-Cedar will also take reasonable steps to allow EU individuals to review their information for the purposes of correcting their information. There are certain limitations to the Access and Correction rights, as set forth in the US Department of Commerce’s Data Privacy Framework (DPF) program website.

Security: Sierra-Cedar takes reasonable precautions to protect EU personal information in its possession from loss, misuse, unauthorized access, disclosure, alteration, and destruction.

Enforcement: Sierra-Cedar has established internal mechanisms to verify its ongoing adherence to this Statement. Sierra-Cedar also encourages individuals covered by this Statement to raise any concerns about our processing of their personal information by contacting Sierra-Cedar’s Privacy Office at the address below. Sierra-Cedar will seek to resolve any concerns. In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Sierra-Cedar commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit JAMS for more information or to file a complaint. The services of JAMS are provided at no cost to you.

Disputes will be subject to binding arbitration when so required by the Data Privacy Framework. Sierra-Cedar is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

Sierra-Cedar does not plan to transfer personal information to third parties. If in the future it does transfer personal information to a third party acting as an agent on its behalf, Sierra-Cedar shall remain liable under the DFP Principles if its agent processes such personal information in a manner inconsistent with DPF Principles, unless we prove that we are not responsible for the event giving rise to the damage.

How to Contact Us: Questions, comments or complaints about Sierra-Cedar’s EU-U.S. Data Privacy Framework (DPF) Privacy Statement or data collection and processing practices can be e-mailed to Privacy@Sierra-Cedar.com, or mailed to Privacy Office, Sierra-Cedar, Inc., 1255 Alderman Drive, Alpharetta, GA 30005. In the event that a complaint is not satisfactorily addressed by Sierra-Cedar within a reasonable time frame, you may contact the Federal Trade Commission at http://www.ftc.gov/ftc/complaint.htm, or via phone at 202.382.4357.