compliPOINT Privacy Policy

compliPOINT (“we,” “us,” “our”) respects individual privacy and values the confidence of its customers, vendors, business partners and others. compliPOINT complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce. compliPOINT has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit dataprivacyframework.gov/.
compliPOINT is subject to the regulatory and enforcement authority of the US Federal Trade Commission (FTC).
Processor on Behalf: compliPOINT provides enterprise compliance management software designed to help companies manage data more effectively. compliPOINT does not own or control any of the information it processes on behalf of the customer. compliPOINT does not process HR data on its own employees. compliPOINT: personal data or PII data is not required nor is it needed for the applications use. It is up to our clients/customers to determine if they are going to provide and use personal data, such as social security and employee name, in the creation of records. All such information is owned and controlled by the customer. In this capacity, compliPOINT receives information transferred from the EU, UK, and Switzerland to the United States merely as a processor on behalf of its clients which are made up of various companies and organizations who wish to track safety related incidents. With the exception of performing data imports or as otherwise directed by its clients, compliPOINT does not collect or enter data into its clients’ software systems. compliPOINT does not transmit data to third parties without permission from its clients. Third parties can include, Insurance Carriers clients use for employee injuries. Any access to or use of client data by compliPOINT is incidental to performing compliPOINT’s contractual obligations to its clients as a processor.
compliPOINT As Processor on Behalf: When compliPOINT acts as a processor on behalf of its customer, the policies outlined below apply to all data processing operations concerning personal information that has been transferred from the EU and Switzerland to the United States.
The Data Privacy Framework is based on the following Principles:
Notice: Individuals are notified of compliPOINT being a data processor by their employer. In its role as data processor, compliPOINT does not require individuals to provide any PII.
Choice: As a data processor for its clients, compliPOINT will work with individuals (may refer back to our client) regarding the purposes for which their personal information is collected and used by its clients (the individuals’ employers). compliPOINT relies on its clients to provide and comply with any required options. Individuals wishing to exercise their choice regarding the processing of their personal data or access their personal data must contact our customer who is also their employer.
Onward Transfer: compliPOINT occasionally transfers personal information to third parties that act as agents for its clients (with regard to interfaces/integrations with third party software products) or for compliPOINT (with regard to software implementations). When compliPOINT transfers personal information as described above, compliPOINT enters into a written agreement with the third party requiring the third party to provide at least the same level of privacy protection as is required by the relevant principles. compliPOINT may be liable for the third-party transfer of personal data.
Security: Security is extremely important to compliPOINT and our clients. Accordingly, compliPOINT takes significant security precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction. compliPOINT relies on its clients to establish in the software appropriate password requirements and user roles and levels of access.
Data Integrity: As a data processor for its clients, compliPOINT does not typically collect, access or use the personal information provided by its clients. compliPOINT relies on its clients (the data subjects’ employers) to ensure that personal information is relevant for the purposes for which it is used, reliable for its intended use, accurate, complete and current.
Access: compliPOINT acknowledges the individual’s right to access their personal data. Personal information may be accessed only by authorized users at compliPOINT and its clients. As a data processor for its clients, compliPOINT must refer all individual requests to our client, who remains the data controller.
Enforcement: compliPOINT utilizes the self-assessment approach to assure its compliance with our privacy statement. compliPOINT periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented, and in conformity with the Principles. We encourage interested persons to raise any concerns with us using the contact information below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this policy.
compliPOINT notifies and trains appropriate team members regarding its privacy policies and practices and the consequences for failing to comply with them. Any person who we determine is in violation of our privacy policies will be subject to a disciplinary process.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
compliPOINT’s accountability for personal data that it receives in the United States under the Data Privacy Frameworks and subsequently transfers to a third party is described in the Data Privacy Framework Principles. In particular, compliPOINT remains responsible and liable under the Data Privacy Framework Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Data Privacy Framework Principles, unless compliPOINT proves that it is not responsible for the event giving rise to the damage.
In compliance with the Data Privacy Framework Principles, compliPOINT commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the Data Privacy Frameworks. European Union, United Kingdom, and Swiss individuals with DPF inquiries or complaints should first contact compliPOINT by email at privacypolicy@applicationsinternational.com.
Lauren Leventer, lleventer@appsint.com
Vice President of Human Resources & Operations
compliPOINT has further committed to refer unresolved privacy complaints under the Data Privacy Framework Principles to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.
For Our Clients and End Users of compliPOINT: compliPOINT commits to cooperate with the panel established by the EU data protection authorities (DPA Panel), [the UK Information Commissioner’s Office, and the Swiss Federal Data Protection and Information Commissioner, as applicable] and to comply with the advice given by the DPA panel [ICO, or FDPIC, as applicable. Contact details for the EU data protection authorities can be found at edpb.europa.eu/about-edpb/board/members_en.
If you have any questions regarding our privacy policy, please contact us at: privacypolicy@applicationsinternational.com.
Contact Information: Executive Vice President and Policy Officer – Elle Field
Changes: compliPOINT reserves the right to revise this policy at any time in accordance with the Data Privacy Framework Principles. You agree to be bound by any such revisions and should therefore periodically visit this page to determine the current terms to which you are bound.

compliPOINT Privacy Policy

compliPOINT (“we,” “us,” “our”) respects individual privacy and values the confidence of its customers, vendors, business partners and others. compliPOINT complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce. compliPOINT has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit dataprivacyframework.gov/.
compliPOINT is subject to the regulatory and enforcement authority of the US Federal Trade Commission (FTC).
Processor on Behalf: compliPOINT provides enterprise compliance management software designed to help companies manage data more effectively. compliPOINT does not own or control any of the information it processes on behalf of the customer. compliPOINT does not process HR data on its own employees. compliPOINT: personal data or PII data is not required nor is it needed for the applications use. It is up to our clients/customers to determine if they are going to provide and use personal data, such as social security and employee name, in the creation of records. All such information is owned and controlled by the customer. In this capacity, compliPOINT receives information transferred from the EU, UK, and Switzerland to the United States merely as a processor on behalf of its clients which are made up of various companies and organizations who wish to track safety related incidents. With the exception of performing data imports or as otherwise directed by its clients, compliPOINT does not collect or enter data into its clients’ software systems. compliPOINT does not transmit data to third parties without permission from its clients. Third parties can include, Insurance Carriers clients use for employee injuries. Any access to or use of client data by compliPOINT is incidental to performing compliPOINT’s contractual obligations to its clients as a processor.
compliPOINT As Processor on Behalf: When compliPOINT acts as a processor on behalf of its customer, the policies outlined below apply to all data processing operations concerning personal information that has been transferred from the EU and Switzerland to the United States.
The Data Privacy Framework is based on the following Principles:
Notice: Individuals are notified of compliPOINT being a data processor by their employer. In its role as data processor, compliPOINT does not require individuals to provide any PII.
Choice: As a data processor for its clients, compliPOINT will work with individuals (may refer back to our client) regarding the purposes for which their personal information is collected and used by its clients (the individuals’ employers). compliPOINT relies on its clients to provide and comply with any required options. Individuals wishing to exercise their choice regarding the processing of their personal data or access their personal data must contact our customer who is also their employer.
Onward Transfer: compliPOINT occasionally transfers personal information to third parties that act as agents for its clients (with regard to interfaces/integrations with third party software products) or for compliPOINT (with regard to software implementations). When compliPOINT transfers personal information as described above, compliPOINT enters into a written agreement with the third party requiring the third party to provide at least the same level of privacy protection as is required by the relevant principles. compliPOINT may be liable for the third-party transfer of personal data.
Security: Security is extremely important to compliPOINT and our clients. Accordingly, compliPOINT takes significant security precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction. compliPOINT relies on its clients to establish in the software appropriate password requirements and user roles and levels of access.
Data Integrity: As a data processor for its clients, compliPOINT does not typically collect, access or use the personal information provided by its clients. compliPOINT relies on its clients (the data subjects’ employers) to ensure that personal information is relevant for the purposes for which it is used, reliable for its intended use, accurate, complete and current.
Access: compliPOINT acknowledges the individual’s right to access their personal data. Personal information may be accessed only by authorized users at compliPOINT and its clients. As a data processor for its clients, compliPOINT must refer all individual requests to our client, who remains the data controller.
Enforcement: compliPOINT utilizes the self-assessment approach to assure its compliance with our privacy statement. compliPOINT periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented, and in conformity with the Principles. We encourage interested persons to raise any concerns with us using the contact information below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this policy.
compliPOINT notifies and trains appropriate team members regarding its privacy policies and practices and the consequences for failing to comply with them. Any person who we determine is in violation of our privacy policies will be subject to a disciplinary process.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
compliPOINT’s accountability for personal data that it receives in the United States under the Data Privacy Frameworks and subsequently transfers to a third party is described in the Data Privacy Framework Principles. In particular, compliPOINT remains responsible and liable under the Data Privacy Framework Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Data Privacy Framework Principles, unless compliPOINT proves that it is not responsible for the event giving rise to the damage.
In compliance with the Data Privacy Framework Principles, compliPOINT commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the Data Privacy Frameworks. European Union, United Kingdom, and Swiss individuals with DPF inquiries or complaints should first contact compliPOINT by email at privacypolicy@applicationsinternational.com.
Lauren Leventer, lleventer@appsint.com
Vice President of Human Resources & Operations
compliPOINT has further committed to refer unresolved privacy complaints under the Data Privacy Framework Principles to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.
For Our Clients and End Users of compliPOINT: compliPOINT commits to cooperate with the panel established by the EU data protection authorities (DPA Panel), [the UK Information Commissioner’s Office, and the Swiss Federal Data Protection and Information Commissioner, as applicable] and to comply with the advice given by the DPA panel [ICO, or FDPIC, as applicable. Contact details for the EU data protection authorities can be found at edpb.europa.eu/about-edpb/board/members_en.
If you have any questions regarding our privacy policy, please contact us at: privacypolicy@applicationsinternational.com.
Contact Information: Executive Vice President and Policy Officer – Elle Field
Changes: compliPOINT reserves the right to revise this policy at any time in accordance with the Data Privacy Framework Principles. You agree to be bound by any such revisions and should therefore periodically visit this page to determine the current terms to which you are bound.