Statement of Policy
Capital Novus respects the privacy and confidentiality of personal information provided to the company by its clients, employees, and all others who entrust it with personal information. Accordingly, Capital Novus adheres to the set of data protection principles developed by the United States Department of Commerce (DOC) in collaboration with the European Commission, as reflected within the Frequently Asked Questions (FAQ) issued by the Department of Commerce (DOC) on July 21, 2000, and within other documentation provided by DOC (collectively referred to as "The U.S.-EU Safe Harbor Framework"). Capital Novus also adheres to the set of data protection principles developed by the DOC in collaboration with the Federal Data Protection and Information Commissioner of Switzerland, as reflected within the Safe Harbor Principles and FAQs issued by the DOC in 2009 (collectively referred to as the "U.S.-Swiss Safe Harbor Framework").
This policy applies only to personal data that Capital Novus has received from the European Union (EU) or Switzerland. Personal data refers to data that is (a) transferred to the United States from the EU or Switzerland; (b) is about, or relates to, an identified or identifiable individual; (c) can be linked to that individual, and (d) is recorded. Personal data may include, among other things, an individual's name, address, phone number, e-mail address, or social security number, health insurance policy number or other like information. However, the term "personal data" does not include data that pertains to a specific individual, but from which that individual cannot reasonably be identified. Personal data also includes "sensitive personal data", which is defined herein as a subset of personal data that pertains to an individual's medical or health condition, racial or ethnic origin, political opinions, religion, union membership, sexual orientation or actual or alleged criminal activity.
Scope of Business of Capital Novus
Capital Novus provides electronic discovery consulting and technical services to client law firms as well as directly to business organizations who are parties to various types of legal and commercial proceedings. All data collected in the course of Capital Novus' activities are kept under strict privacy and confidentiality protocols since much of this information may constitute evidence in litigation and other sensitive proceedings. Indeed, it is Capital Novus practice (and the customary business practice in the industry in which Capital Novus conducts business) to enter into, with each client, a comprehensive Confidentiality and Non-Disclosure Agreement (C&NDA) as to data received in every engagement undertaken. Moreover, each of Capital Novus' employees has executed C&NDAs pertaining to all information that comes into their possession in the course of their employment.
The facility in which Capital Novus processes (*processing by Capital Novus consists, typically, of the extraction and formatting of the data for review in a document review system) and stores data maintains extensive physical security features and the network infrastructure upon which data is stored is secured by some of the most advanced data security and disaster recovery technology found in the marketplace.
Much of the data processed and hosted by Capital Novus does not constitute "personal data" as that term is defined above. However, personal data will, on occasion, enter into the possession of Capital Novus, the bulk of it contained within the email accounts of individuals in the employ of parties to litigation.
Safe Harbor Principles
Capital Novus has adopted the seven Safe Harbor Principles published by the U.S. Department of Commerce as to notice, choice, onward transfer (transfer to third parties), access, security, data integrity and enforcement with respect to personal data transferred to the United States from the EU or Switzerland.
These Principles, as adhered to by Capital Novus, are described below:
1. Notice:
Under most circumstances, Capital Novus does not collect personal data for processing directly from the party in possession, but receives the data for processing from counsel under an agreement to hold such data under strict rules of confidentiality and privacy. Therefore, when Capital Novus receives personal data from the EU or Switzerland for processing purposes and does not control the collection of the personal data, Capital Novus does not, typically, provide notification to the individuals to which such personal data relates (but, again, is mandated by the client to hold the data in the strictest confidence). In such event, Capital Novus reserves the right to process personal data in the course of providing services to its clients without the knowledge of the individuals involved. Capital Novus never uses data for a purpose other than the purpose for which it was provided to Capital Novus. Neither does Capital Novus ever share information with third parties other than when lawfully directed by the client law firm or originating organization (that is, the owner of the data.) When specifically authorized by counsel or client to do so, Capital Novus will inform effected individuals about the purposes for which it collects and uses personal information about them, how to contact the organization with any inquires or complaints, the types of third parties to which it may disclose the information and any choices and means that Capital Novus may offer individuals for limiting the data's use and disclosure.
2. Choice:
Since Capital Novus does not share personal information with third parties, unless required by law or lawfully directed by the client law firm or originating organization to do so, nor does it ever use the data for a purpose incompatible with the purpose for which it was originally collected, there is no need to offer individuals the opportunity to opt out from having data disclosed. However, should the need ever arise, Capital Novus will provide individuals with reasonable notice and mechanisms to exercise their choice to opt-out from having personal data so disclosed.
3. Onward Transfer (Transfer to Third Parties)
As mentioned above, Capital Novus does not share personal information with third parties, unless required by law or lawfully directed by the client law firm or originating organization to do so. However, should the need ever arise, prior to disclosing personal information to third parties, Capital Novus will utilize the notice and choice principles noted above. Moreover, where the need arises, Capital Novus will obtain assurances from third parties that they will safeguard the personal data consistent with this policy or any other EU adequacy finding, or as an alternative, Capital Novus will enter into a written agreement with such third party to provide at least the same level of personal data protection as is maintained by Capital Novus.
4. Security
Capital Novus takes reasonable precautions to protect personal information from loss, misuse, unauthorized access, disclosure, tampering, alteration, and destruction.
5. Data Integrity
Capital Novus uses personal information only in a manner that is compatible with the purpose for which it was collected or subsequently authorized by the individual. Capital Novus takes reasonable steps to ensure that personal information is reliable for its intended use, accurate, complete, and current.
6. Access
Since, under typical circumstances, the burden or expense of providing access would be disproportionate to the risks to the individual's privacy in the case in question, or the rights of persons other than the individuals would be violated or seriously compromised, individuals cannot be provided access to personal information about them in order to correct amend, or delete the information when inaccurate. However, where appropriate to do so, Capital Novus will grant individuals reasonable access to personal data that it holds about them and Capital Novus will take reasonable steps to permit individuals to correct, amend or delete information that is demonstrated to be inaccurate or incomplete.
7. Enforcement
Capital Novus will assure compliance with the Safe Harbor Principles by committing to investigate and attempt to resolve complaints regarding violations of this privacy policy directly with the complainant and in the event that the complaint cannot be resolved by Capital Novus internally, the complaint may be submitted for dispute resolution to "BBBOnLine", EU Safe Harbor Program, Attn: Steve Salter, Council of Better Business Bureaus, Inc, 3303 Wilson Boulevard, Suite 600, Arlington, VA 22201. Moreover, Capital Novus will subject those employees who are found in violation of this policy to appropriate discipline.
Capital Novus will conduct an annual self-assessment to ensure that this policy is published and disseminated within Capital Novus and on its website, that it is being adhered to and that it conforms to the seven principles set forth above. In addition, Capital Novus has deployed internal auditing measures to monitor its compliance with the Principles and to address all questions or complaints. Capital Novus will also self-certify annually with the U.S. Department of Commerce as being in full compliance with the Principles.
Individuals may raise any concerns or complaints regarding their personal data directly with Capital Novus by contacting Executive Vice President, Thomas J. Skelley, whose contact information is as follows: 10521 Rosehaven Street Fairfax, VA 22030;
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
: telephone: 703.226.1532. If an individual files such a complaint, Capital Novus will investigate the matter and attempt to resolve all issues to the satisfaction of the complainant. If the matter cannot be settled, Capital Novus agrees to cooperate with the dispute resolution system set forth above.
Amendments to this Privacy Policy
Capital Novus may amend this Safe Harbor Policy, from time to time, by posting a revised policy on its website at www.capitalnovus.com. Capital Novus will only amend this Safe Harbor Policy in a manner consistent with the requirements of the Safe Harbor Principles as set forth above. This Policy is effective as of June, 2007.
Capital Novus Safe Harbor Privacy Policy 
SAFE HARBOR
