Capital Novus is a global technology company and provides electronic discovery services, including information governance technology and data analytics services to law firms, corporations and government agencies who are parties to various types of litigations, investigations, commercial, arbitration and regulatory compliance proceedings
All data collected in the course of Capital Novus’ activities are kept under strict privacy and confidentiality protocols since much of this information may constitute evidence in litigation and other sensitive proceedings. Indeed, it is Capital Novus’ practice (and the customary business practice in the industry in which Capital Novus conducts business) to enter into, with each client, a comprehensive Confidentiality and Non-Disclosure Agreement (C&NDA) as to data received in every engagement undertaken. Moreover, each of Capital Novus’ employees have executed C&NDAs pertaining to all information that comes into their possession in the course of their employment.
The facility in which Capital Novus processes (*processing by Capital Novus consists, typically, of the extraction and formatting of the data for review in a document review system) and stores data maintains extensive physical security features and the network infrastructure upon which data is stored is secured by some of the most advanced data security and disaster recovery technology found in the marketplace.
Much of the data processed and hosted by Capital Novus does not constitute “personal data” as the term is defined above. However, personal data will, on occasion, enter into the possession of Capital Novus, the bulk of it contained within the email accounts of individuals in the employ of parties to litigation
Statement of Policy:
This policy applies to personal data that Capital Novus has received from the European Union (EU) or Switzerland. Personal data refers to data that is (a) transferred to the United States from the EU or Switzerland; (b) is about, or relates to, an identified or identifiable individual; (c) can be linked to that individual, and (d) is recorded. Personal data may include, among other things, an individual’s name, address, phone number, e-mail address, or social security number, health insurance policy number or other like information. However, the term “personal data” does not include data that pertains to a specific individual, but from which that individual cannot reasonably be identified. Personal data also includes “sensitive personal data”, which is defined herein as a subset of personal data that pertains to an individual’s medical, or health condition, racial or ethnic origin, political opinions, religion, union membership, sexual orientation or actual or alleged criminal activity
EU-U.S. Privacy Shield Framework:
The EU-U.S. Privacy Shield Framework has been designed to provide companies with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce.
As a Privacy Shield participating company, Capital Novus strongly affirms its commitment to the Privacy Shield principles and the Privacy Shield Framework, as follows:
Complaint Handling Mechanism:
Capital Novus is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) for compliance with this Policy and the EU-US Privacy Shield Framework.
Capital Novus has identified BBB EU Privacy Shield as our independent recourse mechanism for Privacy Shield privacy complaints, and we are providing below a hyperlink to our online complaint handling system for use by European Union individuals.
10521 Rosehaven Street, 3rd Floor
Fairfax, VA 22030
Attention: Harivadan Pandya
Capital Novus has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit EU-privacy-shield file-a-complaint for more information and to file a complaint.
Please note that if your complaint is not resolved through the aforesaid channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
Adherence to EU-U.S. Privacy Shield Principles:
Capital Novus has adopted the EU – U.S. Privacy Shield Framework and hereby adheres to each of the Privacy Shield Principles with respect to data received from the EU in reliance on Privacy Shield: These Principles, as adhered to by Capital Novus, are described below:
Under most circumstances, Capital Novus does not collect personal data for processing directly from the party in possession, but receives the data for processing from counsel under an agreement to hold such data under strict rules of confidentiality and privacy. Therefore, when Capital Novus receives personal data from the EU for processing purposes and does not control the collection of the personal data, Capital Novus does not, typically, provide notification to the individuals to which such personal data relates (but, again, is mandated by the client to hold the data in the strictest confidence.). In such event, Capital Novus reserves the right to process personal data in the course of providing services to its clients without the knowledge of the individuals involved. Capital Novus never uses data for a purpose other than the purpose for which it was provided to Capital Novus. Neither does Capital Novus ever share information with third parties other than when lawfully directed by the client law firm or originating organization (that is, the owner of the data.) When specifically authorized by counsel or client to do so, Capital Novus will inform effected individuals about the purposes for which it collects and uses personal information about them, how to contact the organization with any inquires or complaints, the types of third parties to which it may disclose the information and any choices and means that Capital Novus may offer individuals for limiting the data’s use and disclosure.
Since Capital Novus does not share personal information with third parties, unless required by law or lawfully directed by the client law firm or originating organization to do so, nor does it ever use the data for a purpose incompatible with the purpose for which it was originally collected, there is no need to offer individuals the opportunity to opt out from having data disclosed. However, should the need ever arise, Capital Novus will provide individuals with reasonable notice and mechanisms to exercise their choice to opt-out from having personal data so disclosed.
3. Accountability for Onward Transfer (Transfer to Third Parties)
As mentioned above, Capital Novus does not share personal information with third parties, unless required by law or lawfully directed by the client law firm or originating organization to do so. However, should the need ever arise, prior to disclosing personal information to third parties, Capital Novus will utilize the notice and choice principles noted above. If we ever were to engage in any onward transfers of your data with third parties for a purpose other than which it was originally collected or subsequently authorized, we would provide you with an opt-out choice to limit the use and disclosure of your personal data. Moreover, Capital Novus will only enter into written contracts with third parties to provide the same level of personal data protection as is maintained by Capital Novus. Nevertheless, in cases of onward transfer to third parties of data of EU individuals received pursuant to the Privacy Shield, Capital Novus is potentially liable.
Capital Novus takes reasonable precautions to protect personal information from loss, misuse, unauthorized access, disclosure, tampering, alteration, and destruction.
5. Data Integrity and Purpose Limitation
Capital Novus uses personal information only in a manner that is compatible with the purpose for which it was collected or subsequently authorized by the individual. Capital Novus takes reasonable steps to ensure that personal information is reliable for its intended use, and is accurate, complete, and current. We understand that we may also be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. This regulatory compliance will be adhered to under the guidance of our clients and their lawyers since we solely act on their behalf to collect, process and produce such personal information.
6. Access and Recourse
7. Enforcement and Liability
Capital Novus will conduct an annual self-assessment to ensure that this policy is published and disseminated within Capital Novus and on its website, that it is being adhered to and that it conforms to the seven principles set forth above. In addition, Capital Novus has deployed internal auditing measures to monitor its compliance with the Principles and to address all questions or complaints. Capital Novus will also self-certify annually with the U.S. Department of Commerce as being in full compliance with the Principles.
Individuals may raise any concerns or complaints regarding their personal data directly with Capital Novus by contacting Capital Novus at:
10521 Rosehaven Street, 3rd Floor
Fairfax, VA 22030
Attention: Harivadan Pandya
If an individual files such a complaint, Capital Novus will investigate the matter and attempt to resolve all issues to the satisfaction of the complainant. If the matter cannot be settled, Capital Novus agrees to cooperate with the dispute resolution system set forth above.
Capital Novus may amend this Privacy Shield Policy, from time to time, by posting a revised policy on its website at www.capitalnovus.com. Capital Novus will only amend this Privacy Shield in a manner consistent with the privacy and data protection requirements as set forth above. This Policy is effective as of July 7, 2017.