Capital Novus Privacy Policy

Company Overview:

Capital Novus is a global technology company and provides electronic discovery services, including information governance technology and data analytics services to law firms, corporations and government agencies who are parties to various types of litigations, investigations, commercial, arbitration and regulatory compliance proceedings

All data collected in the course of Capital Novus’ activities are kept under strict privacy and confidentiality protocols since much of this information may constitute evidence in litigation and other sensitive proceedings. Indeed, it is Capital Novus’ practice (and the customary business practice in the industry in which Capital Novus conducts business) to enter into, with each client, a comprehensive Confidentiality and Non-Disclosure Agreement (C&NDA) as to data received in every engagement undertaken. Moreover, each of Capital Novus’ employees have executed C&NDAs pertaining to all information that comes into their possession in the course of their employment.

The facility in which Capital Novus processes (*processing by Capital Novus consists, typically, of the extraction and formatting of the data for review in a document review system) and stores data maintains extensive physical security features and the network infrastructure upon which data is stored is secured by some of the most advanced data security and disaster recovery technology found in the marketplace.

Much of the data processed and hosted by Capital Novus does not constitute “personal data” as the term is defined above. However, personal data will, on occasion, enter into the possession of Capital Novus, the bulk of it contained within the email accounts of individuals in the employ of parties to litigation

Statement of Policy:

This policy applies to personal data that Capital Novus has received from the European Union (EU) or Switzerland. Personal data refers to data that is (a) transferred to the United States from the EU or Switzerland; (b) is about, or relates to, an identified or identifiable individual; (c) can be linked to that
individual, and (d) is recorded. Personal data may include, among other things, an individual’s name, address, phone number, e-mail address, or social security number, health insurance policy number or other like information. However, the term “personal data” does not include data that pertains to a specific individual, but from which that individual cannot reasonably be identified. Personal data also includes “sensitive personal data”, which is defined herein as a subset of personal data that pertains to an individual’s medical, or health condition, racial or ethnic origin, political opinions, religion, union membership, sexual orientation or actual or alleged criminal activity

EU-U.S. Privacy Shield Framework:

The EU-U.S. Privacy Shield Framework has been designed to provide companies with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce.

As a EU-U.S. Privacy Shield participating company, Capital Novus strongly affirms its commitment to the Privacy Shield principles and the Privacy Shield Framework, as follows:

Capital Novus complies with the EU-U.S. Privacy Shield Framework as set forth by the US Department of Commerce (DOC) regarding the collection, use, and retention of personal information from European Union member countries. Capital Novus has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and toe review our certification page, please visit https://www.privacyshield.gov/.

Complaint Handling Mechanism:

Capital Novus is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) for compliance with this Policy, the EU-US Privacy Shield Framework and the US-Swiss Safe Harbor Framework.

Capital Novus has identified BBB EU Privacy Shield as our independent recourse mechanism for Privacy Shield privacy complaints, and we are providing below a hyperlink to our online complaint handling system for use by European Union individuals.

In compliance with the EU-U.S. Privacy Shield Principles, Capital Novus commits to resolve complaints about your privacy and our collection or use of your personal information. European Union individuals with inquiries or complaints regarding this privacy policy should first contact: 

Capital Novus
Strategic Accounts Team
10521 Rosehaven Street, 3rd Floor
Fairfax, VA 22030
Phone: 703.226.1500
Attention: Haris Aqil
Phone: 703.364.5545
This email address is being protected from spambots. You need JavaScript enabled to view it.

Capital Novus has further committed to refer unresolved privacy complaints under the EU-U.S. Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.

Please note that if your complaint is not resolved through the aforesaid channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel. 

Adherence to EU-U.S. Privacy Shield Principles:

Capital Novus has adopted the EU-U.S. Privacy Shield Framework and hereby adheres to each of the Privacy Shield Principles with respect to data received from the EU in reliance on Privacy Shield: These Principles, as adhered to by Capital Novus, are described below:

1. Notice

Under most circumstances, Capital Novus does not collect personal data for processing directly from the party in possession, but receives the data for processing from counsel under an agreement to hold such data under strict rules of confidentiality and privacy. Therefore, when Capital Novus receives personal data from the EU for processing purposes and does not control the collection of the personal data, Capital Novus does not, typically, provide notification to the individuals to which such personal data relates (but, again, is mandated by the client to hold the data in the strictest confidence.). In such event, Capital Novus reserves the right to process personal data in the course of providing services to its clients without the knowledge of the individuals involved. Capital Novus never uses data for a purpose other
than the purpose for which it was provided to Capital Novus. Neither does Capital Novus ever share information with third parties other than when lawfully directed by the client law firm or originating organization (that is, the owner of the data.) When specifically authorized by counsel or client to do so, Capital Novus will inform effected individuals about the purposes for which it collects and uses personal information about them, how to contact the organization with any inquires or complaints, the types of third parties to which it may disclose the information and any choices and means that Capital Novus may offer individuals for limiting the data’s use and disclosure.

2. Choice

Since Capital Novus does not share personal information with third parties, unless required by law or lawfully directed by the client law firm or originating organization to do so, nor does it ever use the data for a purpose incompatible with the purpose for which it was originally collected, there is no need to offer individuals the opportunity to opt out from having data disclosed. However, should the need ever arise, Capital Novus will provide individuals with reasonable notice and mechanisms to exercise their choice to opt-out from having personal data so disclosed.

3.  Accountability for Onward Transfer (Transfer to Third Parties)

As mentioned above, Capital Novus does not share personal information with third parties, unless required by law or lawfully directed by the client law firm or originating organization to do so. However, should the need ever arise, prior to disclosing personal information to third parties, Capital Novus will utilize the notice and choice principles noted above. If we ever were to engage in any onward transfers of your data with third parties for a purpose other than which it was originally collected or subsequently authorized, we would provide you with an opt-out choice to limit the use and disclosure of your personal data. Moreover, Capital Novus will obtain assurances from third parties that they will safeguard the personal data consistent with this policy or any other EU adequacy finding, or as an alternative, Capital Novus will enter into a written agreement with such third party to provide at least the same level of personal data protection as is maintained by Capital Novus. Nevertheless, in cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, Capital Novus is potentially liable.

4. Security

Capital Novus takes reasonable precautions to protect personal information from loss, misuse, unauthorized access, disclosure, tampering, alteration, and destruction.

5. Data Integrity and Purpose Limitation

Capital Novus uses personal information only in a manner that is compatible with the purpose for which it was collected or subsequently authorized by the individual. Capital Novus takes reasonable steps to ensure that personal information is reliable for its intended use, and is accurate, complete, and current. We understand that we may also be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. This regulatory compliance will be adhered to under the guidance of our clients and their lawyers since we solely act on their behalf to collect, process and produce such personal information.

6. Access and Recourse

Since, under typical circumstances, the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or the rights of persons other than the individuals would be violated or seriously compromised, individuals cannot be provided access to personal information about them in order to correct amend, or delete the information when inaccurate. However, where appropriate to do so, Capital Novus will grant individuals reasonable access to personal data that it holds about them and Capital Novus will take reasonable steps to permit individuals to correct, amend or delete information that is demonstrated to be inaccurate or incomplete. Capital Novus acknowledges that EU individuals have the right to access the personal information that we maintain about them. An EU individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct his query to This email address is being protected from spambots. You need JavaScript enabled to view it.. If requested to remove data, we will respond within a reasonable timeframe.

7. Enforcement and Liability

Capital Novus will assure compliance with the Privacy Shield Principles by committing to investigate and attempt to resolve complaints regarding violations of this privacy policy directly with the complainant and in the event that the complaint cannot be resolved by Capital Novus internally, the complaint may be submitted for dispute resolution to BBB EU Privacy Shield Program at www.bbb.org. Moreover, Capital Novus will subject those employees who are found in violation of this policy to appropriate discipline.

Capital Novus will conduct an annual self-assessment to ensure that this policy is published and disseminated within Capital Novus and on its website, that it is being adhered to and that it conforms to the seven principles set forth above. In addition, Capital Novus has deployed internal auditing measures to monitor its compliance with the Principles and to address all questions or complaints. Capital Novus will also self-certify annually with the U.S. Department of Commerce as being in full compliance with the Principles.

Individuals may raise any concerns or complaints regarding their personal data directly with Capital Novus by contacting Strategic Accounts Team (Attn: Haris Aqil ) at 10521 Rosehaven Street Fairfax, VA 22030; This email address is being protected from spambots. You need JavaScript enabled to view it.; phone: 703.364.5545. If an individual files such a complaint, Capital Novus will investigate the matter and attempt to resolve all issues to the satisfaction of the complainant. If the matter cannot be settled, Capital Novus agrees to cooperate with the dispute resolution system set forth above.

U.S.-Swiss Safe Harbor Framework:

Capital Novus is also a U.S. – Swiss Safe Harbor participant, and committed to adhere to the Safe Harbor Privacy Principles and the US-Swiss Safe Harbor Framework, as follows:

Capital Novus complies with the US-Swiss Safe Harbor Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from Switzerland. Capital Novus has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. If there is any conflict between the policies in this privacy policy and the Safe Harbor Privacy Principles, the Safe Harbor Privacy Principles shall govern. To learn more about the US-Swiss Safe Harbor and to view our certification page, please visit http://www.export.gov/safeharbor/.

In compliance with the US-Swiss Safe Harbor Principles, Capital Novus commits to resolve complaints about your privacy and our collection or use of your personal information. Swiss citizens with inquiries or complaints regarding this privacy policy should first contact:

Capital Novus
Strategic Accounts Team
10521 Rosehaven Street,
Fairfax, VA 22030
Phone: 703.226.1500
Attention: Haris Aqil
Phone: 703.364.5545
This email address is being protected from spambots. You need JavaScript enabled to view it.

Capital Novus has further committed to refer unresolved privacy complaints under the US-Swiss Safe Harbor to an independent dispute resolution mechanism operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/us/safe-harbor-complaints for more information and to file a complaint.

Amendments to this Privacy Policy

Capital Novus may amend this Privacy Shield Policy, from time to time, by posting a revised policy on its website at www.capitalnovus.com. Capital Novus will only amend this Privacy Shield and Swiss Safe Harbor Policies in a manner consistent with the privacy and data protection requirements as set forth above. This Policy is effective as of October 01, 2016.

Download a copy of our Safe Harbor Privacy Policy 

 

 

Go to top