Odysseus complies with the requirements of the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce (the “Principles”). Odysseus has certified that it adheres to the Principles with respect to personal information (as described below) that is transferred from the European Union and its Member States, the European Economic Area, the United Kingdom to the United States. If there is any conflict between the terms in this Privacy Shield Policy and the Principles, the Principles shall govern. Odysseus is subject to investigatory and enforcement powers of the U.S. Federal Trade Commission.
This Privacy Shield Policy applies to personal information within the scope of Odysseus’s Privacy Shield certification, which covers the following categories of information:
- Personal information regarding current, former and prospective clients and their personnel or others for the purposes of delivering Odysseus services, maintaining ongoing relationships and performing business development activities.
- Personal information regarding our third parties (e.g., vendors, service providers, etc.) and their personnel for the purposes of managing and administering Odysseus’s business relationships with such third parties.
- Personal information regarding traveler data on behalf of Odysseus Clients.
For the purposes of this Privacy Shield Policy, “personal information” means information that is about, or pertains to a specific individual and can be linked either directly or indirectly to that individual. In addition, certain personal information covered by Odysseus’s Privacy Shield certification may be subject to more specific privacy policies of Odysseus, which are also consistent with the requirements of the Principles, and in the case of any conflict between these policies and the Principles, the Principles will supersede the policies.
- Odysseus website maintains its own privacy policies that apply to personal information collected via the Odysseus application. These policies may be accessed through our website.
- Personal information obtained on behalf of our clients is further subject to the terms of any specific privacy notice provided to and by the client, any contractual arrangements with the client and applicable laws and professional standards.
Individual Notice and Choice
We collect and process personal information from certain individuals and for the purposes described in this Privacy Shield Policy. Personal information covered by this Privacy Shield Policy is collected and processed only as permitted by the Principles.
Notice to individuals regarding the personal information collected from them and how that information is used may be provided through this Privacy Shield Policy, other Odysseus website notices, client website notices, or other direct forms of communication with appropriate parties, such as contracts or agreements. Where necessary and appropriate, consent for personal information to be collected, used, and/or transferred may also be obtained through these same means of communication (including opt-in consent for sensitive personal information).
Disclosures & Accountability for Onward Transfers
Consistent with the Principles, Odysseus may transfer personal information to third parties, including transfers from one country to another. We will only disclose an individual’s non-public personal information to third parties under one or more of the following conditions:
- The disclosure is to a third party providing services to Odysseus, or to the individual, in connection with the operation of our business, and is consistent with the purpose for which the personal information was collected. We maintain written contracts with these third parties and require that these third parties provide at least the same level of privacy protection and security as required by the Privacy Shield Principles. To the extent provided by the Principles, Odysseus or its Clients (as applicable) remain responsible and liable under the Privacy Shield Principles if a third-party that either party engages to process personal information on its behalf does so in a manner inconsistent with the Privacy Shield Principles, unless Odysseus or the Client proves that it is not responsible for the matter giving rise to the damage;
- With the individual’s permission to make the disclosure;
- Where required to the extent necessary to meet a legal obligation to which Odysseus is subject, including a lawful request by public authorities and national security or law enforcement obligations and applicable law, rule, order, or regulation.
- Where reasonably necessary for compliance or regulatory purposes, or for the establishment of legal claims.
Individuals whose personal information is covered by this Privacy Shield Policy have the right to access the personal information that Odysseus maintains about them as specified in the Principles. Individuals must first contact our client (if the client is unable to support, client or the individual can contact Odysseus) to correct, amend or delete such personal information if it is inaccurate or has been processed in violation of the Principles (except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to the individual’s privacy, or where the rights of persons other than the individual would be violated). Requests for access, correction, amendment or deletion should be sent to: compliance@OdysseusSolutions.com.
Odysseus takes appropriate measures to protect personal information in its possession to ensure a level of security appropriate to the risk of loss, misuse, unauthorized access, disclosure, alteration, and destruction. These measures take into account the nature of the personal information and the risks involved in its processing, as well as best practices in the industry for security and data protection.
Data Integrity and Purpose Limitation
Odysseus collects and processes personal information only to the extent that is compatible with the purposes for which it was collected or subsequently authorized by the data subject. Odysseus does not retain personal information after it no longer serves the purposes for which it was collected or subsequently authorized. Odysseus takes reasonable steps to ensure that personal information is accurate, complete, current, and reliable for its intended use.
In compliance with the Principles, Odysseus commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield Policy should first contact Odysseus by sending an email to compliance@OdysseusSolutions.com,
Odysseus has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU.
Odysseus has a policy of responding to individuals within forty-five (45) days of an inquiry or complaint. If an individual has an unresolved complaint or concern that is not addressed satisfactorily, that individual may contact the United States Council for International Business (USCIB, the American affiliate of the International Chamber of Commerce (ICC), the Business and Industry Advisory Committee (BIAC) to the OECD, and the International Organisation of Employers (IOE)). As such, it has agreed to act as a trusted third party on behalf of the European Union (EU) Data Protection Authorities) USCIB can be contacted via their website at https://www.uscib.org/.
You may have the option to select binding arbitration under the Privacy Shield Panel for the resolution of your complaint under certain circumstances. For further information, please see the Privacy Shield website. To learn more about the Privacy Shield Framework, and to view Odysseus’s certification, please visit https://www.privacyshield.gov.
Odysseus may update this Policy at any time by publishing an updated version here. We will not update this Privacy Shield Policy in contravention to the Principles so long as we remain certified to the Privacy Shield.
Effective Date: May 1, 2020