Buffer

Buffer
The platform that powers our solutions
Buffer
The platform that powers our solutions
Buffer
Resources for amazing social media marketers
Buffer
Resources for amazing social media marketers

Buffer Privacy Shield Policy

Last Updated: August 6, 2018

Buffer Inc. (“Buffer”) will comply with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (the “Frameworks”) as set forth by the U.S. Department of Commerce regarding the processing of Personal Information (as defined below) that is transferred to the United States from the European Economic Area (“EEA”) and Switzerland, respectively. Buffer certified to the Department of Commerce that it adheres to the Privacy Shield Principles (the “Principles”). Our certification can be found at [www.privacyshield.gov/list](http://www.privacyshield.gov/list).

If there is any conflict between this Privacy Shield Policy (“Policy”) and the Principles, the Principles will govern. To learn more about the Frameworks please visit https://www.privacyshield.gov/.

This Privacy Shield Policy supplements our Privacy Policy. Capitalized terms used in this Privacy Shield Policy have the meaning given to them by our Privacy Policy, unless specifically defined in this Policy. In case of conflict between our Privacy Policy and this Policy with regard to our privacy practices under the Frameworks, this Policy prevails. This Policy applies to Buffer, which is subject to the investigatory and enforcement powers of the Federal Trade Commission.

Personal Information Received from the European Economic Area & Switzerland
Buffer may receive from the EEA and Switzerland some or all of the information listed in our Privacy Policy. Some of that information may qualify as “personal information” or “personal data” (collectively, “Personal Information”) as defined in the Principles. To the extent that Buffer receives Personal Information from the EEA and Switzerland in reliance on the Frameworks, Buffer will handle such Personal Information in accordance with the Principles.

How We Obtain Personal Information
We obtain and process Personal Information in different capacities.

As a data controller, we collect and process Personal Information from the EEA and Switzerland when offering our products and services to individuals as set forth in our Privacy Policy.

As a data processor, we process Personal Information from the EEA and Switzerland on behalf of our commercial customers when providing our B2B products and services. In that context, we only process Personal Information on behalf of and at the direction of our commercial customers (which are data controllers), as explained in the Privacy Policy.

For all types of processing, Buffer commits to the Principles of the Privacy Shield with respect to all Personal Information received from the EEA and Switzerland in reliance on the Frameworks.

Notice
We provide information regarding our privacy practices in our Privacy Policy.

When we process Personal Information on behalf of our commercial customers, our commercial customers determine the categories of data they provide to our Service and the purposes of the processing. Accordingly, our commercial customers are responsible for providing notice to individuals and you should review their privacy policies for more information regarding their data processing practices.

Data Integrity and Purpose Limitation
Buffer may use the Personal Information it receives from the EEA and Switzerland for the purposes set forth in our Privacy Policy or as you may otherwise be notified. We take reasonable steps to ensure that the Personal Information we process is reliable for its intended use, accurate, complete, and current to the extent necessary for the purposes for which we use the Personal Information. We will not process Personal Information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you. We will adhere to the Principles for as long as we retain the Personal Information collected under the Frameworks.

Onward Transfers
Our Privacy Policy describes the circumstances in which we may disclose your information to third parties. We remain responsible for the processing of Personal Information received under the Frameworks and subsequently transferred to a third party acting as an agent if the agent processes such Personal Information in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage. We may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Data Security
We use reasonable and appropriate measures to protect your Personal Information from loss, misuse, unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the Personal Information.

Choice
We will give you an opportunity to choose whether your Personal Information may be used for a purpose that is materially different from the purposes for which it was originally collected or subsequently authorized by you, or if we intend to disclose it to a third party acting as a data controller that we have not previously disclosed to you. In such circumstances, we will notify you and offer you the opportunity to opt-out of such uses and/or disclosures where non-sensitive Personal Information is involved, and to opt-in where sensitive Personal Information is involved.

Access to Personal Information
Where appropriate, Buffer will provide you with access to the Personal Information that we maintain about you. Buffer will also correct, amend or delete Personal Information that we maintain about you when it is inaccurate or has been processed in violation of the Principles and you send a written request to us using the information provided in the “Contact Information” section below. We will review your request in accordance with the Principles, and may limit or deny access to Personal Information where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by the Principles.

When we process Personal Information on behalf of our commercial customers, our commercial customers control the type of information we obtain, how that information is used and disclosed, and how it can be modified. Accordingly, if you wish to request access, limit use or disclosure of your Personal Information, please contact us using the information provided in the “Contact Information” section below.

Recourse and Enforcement
We conduct an annual self-assessment of our Personal Information practices to verify that the attestations and assertions made in this Policy are true and have been implemented as represented.

If you have any questions or concerns, we encourage you to write to us at the address listed below. We will investigate and attempt to resolve any complaints or disputes regarding our use and disclosure of Personal Information in accordance with the Principles. Within the scope of this privacy notice, if a privacy complaint or dispute cannot be resolved through Buffer, Inc.’s internal processes, Buffer, Inc. has agreed to participate in the VeraSafe Privacy Shield Dispute Resolution Procedure, which serves as our third-party non-profit alternative dispute resolution provider located in the United States and operated by VeraSafe. Subject to the terms of the VeraSafe Privacy Shield Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe under the Privacy Shield Dispute Resolution Procedure, please submit the required information to VeraSafe here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/. For residual complaints not fully or partially resolved by other means, you may be able to invoke binding arbitration as detailed in the Principles.

Privacy Shield Policy Changes
This Policy may be changed from time to time, consistent with the requirements of the Frameworks. You can determine when this Policy was last revised by referring to the “Last Updated” legend at the bottom of this Policy. Any changes to this Policy will become effective when posted to our website.

Contact Information
If you have questions, concerns, or complaints about this Privacy Shield Policy or Buffer’s privacy practices, or if you would like to exercise your rights and choices with regard to your Personal Information, please contact us by email at hello@buffer.com or write to us at the following address:

Buffer Inc
2243 Fillmore St #380-7163
San Francisco, CA 94115
United States

If you have any thoughts or questions about this Privacy Policy please let us know.

Last Updated: August 6, 2018