PRIVACY POLICY

Introduction:

Sandline Discovery, LLC (“Sandline”), a Virginia limited liability company, is committed to protecting your privacy. Our policy is published on our website (https://www.sandlinediscovery.com) to explain our privacy practices and how your information is safeguarded. Sandline provides electronic discovery services to law firm, corporate and government clients that are parties to litigation, investigation and regulatory proceedings. All Personal Data Sandline collects, uses and transfers to the US is subject to strict privacy, confidentiality and security protocols. “Personal Data” is information relating to an individual that identifies that individual, or could reasonably be used to identify the individual, regardless of the medium involved (e.g., paper, electronic, video, or audio.)

Scope:

This Privacy Policy outlines Sandline’s collection and use of Personal Data for those who use Sandline’s website or those whose information is collected via transfer from the European Union and Switzerland to the United States for business or human resources use.

EU-US Privacy Shield:

Sandline complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and/or Switzerland to the United States.  Sandline has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

Notice:

Sandline notifies data subjects covered by this Privacy Policy about our privacy practices:

•	The types of data collected 
•	The purpose for which we collect and use Personal Data
•	The types of third parties to which we disclose Personal Data and the purposes for disclosure
•	The rights of Data Subjects to their data
•	The choices and means we offer for limiting our use and disclosure of Personal Data
•	How we enforce our obligations under the Privacy Shield
•	How users can contact us with any inquiries or complaints

Types of Data Collected and the Purposes of Collection:

eDiscovery and Digital Evidence – Sandline may collect or receive user data from its clients that could include data subject names, personal and business physical addresses, personal and business e-mail addresses, personal and business telephone numbers, identification numbers, and physical, physiological, mental, economic, political, religious, cultural and social identity data. This data is collected for the purpose of legal data processing at the direction of Sandline’s clients and in accordance with contractual agreements to provide services to our clients and/or clients’ counsel.

Personal Data Protection, Rights and Choices:

Sandline implements strict security measures to protect Personal Data from unauthorized access. All data received, collected, processed, hosted and produced is protected with physical and electronic safeguards including dual-factor authentication, firewalls and encryption in transit and at rest. Sandline employees are trained in the proper handling of secure information and are aware of their responsibilities to protect Personal Data. To the extent necessary for such purposes, Sandline takes reasonable steps to make sure that personal information is accurate, complete, updated, and otherwise reliable with regard to its intended use. Where Sandline receives Personal Data from clients, affiliates or other Controller entities in the EU or Switzerland, it will use and disclose such information in accordance with the notices provided by such entities and the choices made by the individuals to whom such personal information relates. Sandline processes Personal Data only in accordance with the purposes for which it was received, collected or subsequently authorized by the individual. If any changes to this privacy policy occur, we will provide individuals with the choice to opt-out or to opt-in if sensitive data is involved.

Disclosure and Onward Transfers:

•	Sandline processes Personal Data only in accordance with the purposes for which it was received, collected or subsequently authorized by the individual. 
•	Sandline does not disclose, sell trade, rent or otherwise share for marketing purposes Personal Data with third parties without your consent. 
•	We will provide an individual opt-out choice, or opt-in for sensitive data, before we ever share your data with third parties other than our agents.
•	Sandline uses contractors, service providers, and other third parties who provide various Information Technology services to support our business. All contractors, service providers, and other third parties are bound by contractual obligations to keep all information confidential and use it only for the purposes for which we disclose it to them and in accordance with our Privacy Policy.
•	Sandline may disclose Personal Data as required by court order, law, regulation or the rules of practice of a governmental or regulatory body.
•	Sandline’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Sandline  remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless Sandline  proves that it is not responsible for the event giving rise to the damage.
•	In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Enforcement:

The Federal Trade Commission has jurisdiction over Sandline’s compliance with this Policy, the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework.

Access, Escalation and Independent Recourse Mechanism for Privacy Shield Complaints:

Pursuant to the Privacy Shield Frameworks, EU and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to  privacy@sandlinediscovery.com. If requested to remove data, we will respond within a reasonable timeframe.

In compliance with the Privacy Shield Principles, Sandline commits to resolve complaints about our collection or use of your personal information. European Union and/or Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Sandline at:

privacy@sandlinediscovery.com

or via mail to: 

Attn: Privacy Officer
105 North Virginia Ave
Suite 302
Falls Church, VA 22046
U.S.A.

Sandline has further committed to refer unresolved Privacy Shield complaints to the BBB EU PRIVACY SHIELD, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information or to file a complaint.  The services of the BBB EU PRIVACY SHIELD are provided at no cost to you.

If your complaint involves human resources data transferred to the United States from the EU and/or Switzerland in the context of the employment relationship, and Sandline does not address it satisfactorily, Sandline commits to cooperate with the panel established by the EU data protection authorities (DPA Panel) and/or the Swiss Federal Data Protection and Information Commissioner, as applicable, and to comply with the advice given by the DPA panel and/or Commissioner, as applicable, with regard to such human resources data. To pursue an unresolved human resources complaint, you should contact the state or national data protection or labor authority in the appropriate jurisdiction. Contact details for the EU data protection authorities can be found at https://edpb.europa.eu/about-edpb/board/members_en. Complaints related to human resources data should not be addressed to the BBB EU PRIVACY SHIELD. 

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.  See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction

Amendments:

Sandline may amend this policy by posting a revised Policy on this site located at https://www.sandlinediscovery.com.

This policy was updated July 8, 2019.