Buffer Privacy Shield Policy
Last Updated: August 6, 2018
Buffer Inc. (“Buffer”) will comply with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (the “Frameworks”) as set forth by the U.S. Department of Commerce regarding the processing of Personal Information (as defined below) that is transferred to the United States from the European Economic Area (“EEA”) and Switzerland, respectively. Buffer certified to the Department of Commerce that it adheres to the Privacy Shield Principles (the “Principles”). Our certification can be found at [www.privacyshield.gov/list](http://www.privacyshield.gov/list).
If there is any conflict between this Privacy Shield Policy (“Policy”) and the Principles, the Principles will govern. To learn more about the Frameworks please visit https://www.privacyshield.gov.
Personal Information Received from the European Economic Area & Switzerland
How We Obtain Personal Information
We obtain and process Personal Information in different capacities.
For all types of processing, Buffer commits to the Principles of the Privacy Shield with respect to all Personal Information received from the EEA and Switzerland in reliance on the Frameworks.
When we process Personal Information on behalf of our commercial customers, our commercial customers determine the categories of data they provide to our Service and the purposes of the processing. Accordingly, our commercial customers are responsible for providing notice to individuals and you should review their privacy policies for more information regarding their data processing practices.
Data Integrity and Purpose Limitation
We use reasonable and appropriate measures to protect your Personal Information from loss, misuse, unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the Personal Information.
We will give you an opportunity to choose whether your Personal Information may be used for a purpose that is materially different from the purposes for which it was originally collected or subsequently authorized by you, or if we intend to disclose it to a third party acting as a data controller that we have not previously disclosed to you. In such circumstances, we will notify you and offer you the opportunity to opt-out of such uses and/or disclosures where non-sensitive Personal Information is involved, and to opt-in where sensitive Personal Information is involved.
Access to Personal Information
Where appropriate, Buffer will provide you with access to the Personal Information that we maintain about you. Buffer will also correct, amend or delete Personal Information that we maintain about you when it is inaccurate or has been processed in violation of the Principles and you send a written request to us using the information provided in the “Contact Information” section below. We will review your request in accordance with the Principles, and may limit or deny access to Personal Information where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by the Principles.
When we process Personal Information on behalf of our commercial customers, our commercial customers control the type of information we obtain, how that information is used and disclosed, and how it can be modified. Accordingly, if you wish to request access, limit use or disclosure of your Personal Information, please contact us using the information provided in the “Contact Information” section below.
Recourse and Enforcement
We conduct an annual self-assessment of our Personal Information practices to verify that the attestations and assertions made in this Policy are true and have been implemented as represented.
If you have any questions or concerns, we encourage you to write to us at the address listed below. We will investigate and attempt to resolve any complaints or disputes regarding our use and disclosure of Personal Information in accordance with the Principles. Within the scope of this privacy notice, if a privacy complaint or dispute cannot be resolved through Buffer, Inc.’s internal processes, Buffer, Inc. has agreed to participate in the VeraSafe Privacy Shield Dispute Resolution Procedure, which serves as our third-party non-profit alternative dispute resolution provider located in the United States and operated by VeraSafe. Subject to the terms of the VeraSafe Privacy Shield Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe under the Privacy Shield Dispute Resolution Procedure, please submit the required information to VeraSafe here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/. For residual complaints not fully or partially resolved by other means, you may be able to invoke binding arbitration as detailed in the Principles.
Privacy Shield Policy Changes
This Policy may be changed from time to time, consistent with the requirements of the Frameworks. You can determine when this Policy was last revised by referring to the “Last Updated” legend at the bottom of this Policy. Any changes to this Policy will become effective when posted to our website.
If you have questions, concerns, or complaints about this Privacy Shield Policy or Buffer’s privacy practices, or if you would like to exercise your rights and choices with regard to your Personal Information, please contact us by email at email@example.com or write to us at the following address:
2243 Fillmore St #380-7163
San Francisco, CA 94115
Last Updated: August 6, 2018