THE U.S. DEPARTMENT OF COMMERCE AND THE EUROPEAN COMMISSION HAVE AGREED ON A SET OF DATA PROTECTION PRINCIPLES TO ENABLE U.S. COMPANIES TO SATISFY REQUIREMENTS UNDER EUROPEAN UNION LAW RELATED TO THE TRANSFERS OF PII TRANSFERRED FROM THE EEA TO THE U.S. (THE "U.S. – EU SAFE HARBOR"). IN KEEPING WITH ITS COMMITMENT TO PROTECT PERSONAL PRIVACY, HRC COMPLIES WITH, AND HAS CERTIFIED ITS ADHERENCE TO, THE PRIVACY PRINCIPLES (THE "PRINCIPLES") OF THE U.S.-EU SAFE.
THIS POLICY APPLIES TO ALL PII HRC RECEIVES IN THE U.S. FROM THE, IN ANY FORMAT.
THE FOLLOWING KEY TERMS ARE USED THROUGHOUT THIS POLICY:
"EUROPEAN UNION (EU)" REFERS TO THOSE STATES THAT ARE MEMBERS OF THE EU AND INCLUDE AUSTRIA, BELGIUM, BULGARIA, CYPRUS, CZECH REPUBLIC, DENMARK, ESTONIA, FINLAND, FRANCE, GERMANY, GREECE, HUNGARY, IRELAND, ITALY, LATVIA, LITHUANIA, LUXEMBOURG, MALTA, NETHERLANDS, POLAND, PORTUGAL, ROMANIA, SLOVAKIA, SLOVENIA, SPAIN, SWEDEN, AND THE UNITED KINGDOM.
"EUROPEAN ECONOMIC AREA (EEA)" REFERS TO THOSE STATES OF THE EU, IN ADDITION TO ICELAND, LIECHTENSTEIN AND NORWAY.
"PERSONALLY IDENTIFIABLE INFORMATION (PII)", ALSO KNOWN AS "PERSONAL INFORMATION (PI)", IS ANY TYPE OF DATA AND INFORMATION RELATING TO AN IDENTIFIED OR IDENTIFIABLE NATURAL PERSON. AN IDENTIFIABLE NATURAL PERSON IS A NATURAL PERSON WHO CAN BE IDENTIFIED, DIRECTLY OR INDIRECTLY, BY REFERENCE TO AN IDENTIFICATION NUMBER OR FACTORS SPECIFIC TO HIS OR HER PHYSICAL, PHYSIOLOGICAL, MENTAL, ECONOMIC, CULTURAL OR SOCIAL IDENTITY. SET FORTH BELOW IS A NON-EXCLUSIVE LIST OF INFORMATION THAT CONSTITUTES PII WHEN SUCH INFORMATION RELATES TO AN IDENTIFIED OR IDENTIFIABLE NATURAL PERSON, EITHER ON THEIR OWN OR WHEN COMBINED TOGETHER: ACCOUNT NUMBER (E.G., BANK ACCOUNT, PERSONAL/COMPANY CREDIT CARD), ADDRESS, BIOMETRIC IDENTIFIER (E.G., FINGERPRINTS OR VOICE RECORDINGS), BIRTH CERTIFICATE OR PROFESSIONAL LICENSE NUMBER, DATE OF BIRTH, GOVERNMENT IDENTIFIERS (SUCH AS SOCIAL SECURITY NUMBERS OR DRIVER'S LICENSE NUMBERS), HEALTH INFORMATION, NAME, PERSONNEL NUMBER, PHOTOGRAPH OR VIDEO IDENTIFIABLE TO AN INDIVIDUAL. PII MAY ALSO INCLUDE OTHER INFORMATION RELATED TO AN INDIVIDUAL THAT MAY DIRECTLY OR INDIRECTLY IDENTIFY THE INDIVIDUAL (E.G., IN MOST CASES SALARY, CAREER HISTORY, ETC.).
NOTICE: WHERE HRC COLLECTS PII DIRECTLY FROM INDIVIDUALS IN THE EEA, IT WILL INFORM SUCH INDIVIDUALS ABOUT THE PURPOSES FOR WHICH IT COLLECTS AND USES INFORMATION ABOUT THEM, HOW TO CONTACT HRC WITH ANY INQUIRIES OR COMPLAINTS, THE TYPES OF THIRD PARTIES TO WHICH HRC DISCLOSES THE INFORMATION, AND THE CHOICES AND MEANS HRC OFFERS INDIVIDUALS FOR LIMITING ITS USE AND DISCLOSURE. NOTICE IS PROVIDED IN CLEAR AND CONSPICUOUS LANGUAGE WHEN INDIVIDUALS ARE FIRST ASKED TO PROVIDE PII TO HRC OR AS SOON THEREAFTER AS IS PRACTICABLE, BUT IN ANY EVENT BEFORE HRC USES SUCH INFORMATION FOR A PURPOSE OTHER THAN THAT FOR WHICH IT WAS ORIGINALLY COLLECTED OR PROCESSED BY THE TRANSFERRING ORGANIZATION OR DISCLOSES IT FOR THE FIRST TIME TO A THIRD PARTY. HRC EXPLAINS THE NEED FOR PII RELATING TO ITS PRODUCTS, SERVICES AND GENERAL BUSINESS.
WHERE HRC RECEIVES PII FROM ITS SUBSIDIARIES, AFFILIATES OR OTHER ENTITIES IN THE EEA, IT USES AND DISCLOSES SUCH INFORMATION IN ACCORDANCE WITH THE NOTICES PROVIDED BY SUCH ENTITIES AND THE CHOICES MADE BY THE INDIVIDUALS TO WHOM SUCH PII RELATES.
CHOICE: WITHOUT PREJUDICE TO ANY APPLICABLE LAW OR REGULATION MANDATING PII PROCESSING OR DISCLOSURE, HRC OFFERS INDIVIDUALS THE OPPORTUNITY TO CHOOSE (I.E., OPT OUT) WHETHER THEIR PII IS: (A) TO BE DISCLOSED TO A THIRD PARTY; OR (B) TO BE USED FOR THE PURPOSE THAT IS INCOMPATIBLE WITH THE PURPOSE(S) FOR WHICH IT WAS ORIGINALLY COLLECTED OR SUBSEQUENTLY AUTHORIZED BY THE INDIVIDUAL.
HRC PROVIDES NOTICE WHERE PII WILL BE SHARED OR COLLECTED BY THIRD PARTIES. HRC IS COMMITTED TO HONOR CASES IN WHICH INDIVIDUALS EXPRESS THEIR OBJECTION (OPT OUT) TO HAVE THEIR DATA SHARED WITH, OR COLLECTED BY, OTHER THIRD PARTIES. YET, IN CASES WHERE HRC HAS HIRED THIRD PARTY SERVICE PROVIDERS TO PERFORM SPECIFIC SERVICES (E.G., SUCH AS EXERCISING A MARKETING CAMPAIGN ON HRC'S BEHALF), AND WHERE THE INDIVIDUAL OPTS OUT AS DESCRIBED ABOVE, HRC WILL NOT BE ABLE TO PROVIDE THAT SERVICE.
DATA INTEGRITY: HRC DOES NOT PROCESS PII IN A WAY THAT IS INCOMPATIBLE WITH THE PURPOSES FOR WHICH IT HAS BEEN COLLECTED OR SUBSEQUENTLY AUTHORIZED BY THE INDIVIDUAL. TO THE EXTENT NECESSARY FOR THOSE PURPOSES, HRC WILL TAKE REASONABLE STEPS TO ENSURE THAT PII IS RELIABLE FOR ITS INTENDED USE, ACCURATE, COMPLETE, AND CURRENT.
TRANSFERS TO AGENTS: WHEN DISCLOSING PII FROM INDIVIDUALS IN THE EEA TO A THIRD PARTY, HRC APPLIES THE NOTICE AND CHOICE PRINCIPLES. WHERE HRC WISHES TO TRANSFER SUCH PII TO A THIRD PARTY THAT IS ACTING AS AN AGENT, IT WILL ONLY DO SO IF: (A) IT FIRST ASCERTAINS THAT THE THIRD PARTY SUBSCRIBES TO THE PRINCIPLES; (B) IS SUBJECT TO EU DIRECTIVE 95/46/EC ON DATA PROTECTION AND/OR ANOTHER ADEQUACY FINDING; OR (C) ENTERS INTO A WRITTEN AGREEMENT WITH THE THIRD PARTY REQUIRING THAT THE THIRD PARTY PROVIDE AT LEAST THE SAME LEVEL OF PRIVACY PROTECTION AS IS REQUIRED BY THE PRINCIPLES.
WHERE HRC HAS KNOWLEDGE THAT AN AGENT IS USING OR DISCLOSING PII IN A MANNER CONTRARY TO THIS POLICY, IT WILL TAKE REASONABLE STEPS TO PREVENT OR STOP THE USE OR DISCLOSURE.
SECURITY: HRC TAKES REASONABLE PRECAUTIONS TO PROTECT PII IN ITS POSSESSION FROM LOSS, MISUSE AND UNAUTHORIZED ACCESS, DISCLOSURE, ALTERATION AND DESTRUCTION.
ACCESS AND CORRECTION: UPON REQUEST, HRC WILL GRANT INDIVIDUALS REASONABLE ACCESS TO PII IT HOLDS ABOUT THEM. IN ADDITION, HRC WILL TAKE REASONABLE STEPS TO PERMIT INDIVIDUALS TO CORRECT, AMEND, OR DELETE INFORMATION THAT IS DEMONSTRATED TO BE INACCURATE OR INCOMPLETE.
ENFORCEMENT: HRC MONITORS COMPLIANCE WITH THE PRINCIPLES THROUGH PERIODIC PRIVACY COMPLIANCE ASSESSMENTS AND, AS NECESSARY, AUDITS, AND PROVIDES A READILY AVAILABLE AND AFFORDABLE RECOURSE MECHANISM FOR INDIVIDUALS PROVIDING PII, AS DESCRIBED IN THE DISPUTE RESOLUTION SECTION BELOW.
LIST OF COMPANIES: SET OUT BELOW IS A LIST OF THE ENTITIES BELONGING TO THE HRC GROUP OF COMPANIES OR ITS AGENTS, TO WHICH PII MAY BE TRANSFERRED TO OR FROM SO THAT WE MAY PROVIDE YOU WITH THE PRODUCTS AND SERVICES YOU HAVE REQUESTED OR TO INFORM YOU OF OTHER OFFERINGS FROM HRC.
Country
BELGIUM
CZECH REPUBLIC
DENMARK
NETHERLANDS
SPAIN
FRANCE
GERMANY
ITALY
PORTUGAL
UNITED KINGDOM
UNITED STATES
Company Name
HARD ROCK CAFE (BELGIUM) S.A.
HARD ROCK CAFE (CZECH REPUBLIC) S.R.O.
HARD ROCK CAFE (DENMARK) A/S
HARD ROCK CAFE (AMSTERDAM) B.V.
HARD ROCK (SPAIN) S.A.
HARD ROCK CAFE (FRANCE) S.A.
HARD ROCK CAFE (GERMANY) GMBH
HARD ROCK CAFE (ITALY) SRL
HARD ROCK CAFE (PORTUGAL) S.A.
HARD ROCK INTERNATIONAL LIMITED
HARD ROCK CAFE (EDINBURGH) LIMITED
HARD ROCK CAFE (UK) LIMITED
BRIERELY & PARTNERS, INC.
SILVERPOP SYSTEMS, INC.
Jay WolszczakHard Rock Cafe International (USA), Inc.6100 Old Park Lane, Orlando, FL. 32835 E-Mail customer_care@hardrock.com.
PLEASE INCLUDE YOUR NAME, ADDRESS AND PHONE NUMBER OR E-MAIL IN ALL COMMUNICATIONS AND STATE CLEARLY THE NATURE OF YOUR REQUEST. HRC WILL INVESTIGATE AND ATTEMPT TO RESOLVE COMPLAINTS AND DISPUTES REGARDING USE AND DISCLOSURE OF PII IN ACCORDANCE WITH THIS POLICY. FOR COMPLAINTS THAT CANNOT BE RESOLVED BETWEEN HRC AND THE COMPLAINANT, HRC HAS AGREED TO PARTICIPATE IN THE DISPUTE RESOLUTION PROCEDURES OF THE AMERICAN ARBITRATION ASSOCIATION ("AAA") IN ACCORDANCE WITH ITS APPLICABLE COMMERCIAL RULES AS WELL AS THESE PRINCIPLES. HRC IS ALSO SUBJECT TO THE JURISDICTION OF THE US FEDERAL TRADE COMMISSION. THE FEDERAL TRADE COMMISSION MAY BE CONTACTED AT THE FOLLOWING ADDRESS:
Federal Trade Commission Attn: Consumer Response Center600 Pennsylvania Avenue NW, Washington, DC 20580consumerline@ftc.gov, www.ftc.gov
THIS POLICY IS EFFECTICE AS OF DECEMBER 1, 2012 AND MAY BE AMENDED FROM TIME TO TIME, CONSISTENT WITH THE REQUIREMENTS OF THE PRINCIPLES. A NOTICE WILL BE POSTED ON THE SAFE HARBOR PAGE OF THE HRC WEB SITE (www.hardrock.com) FOR AT LEAST 60 DAYS WHENEVER THIS POLICY IS CHANGED IN A MATERIAL WAY.