Bellefield’s information security framework includes regular compliance assessments with Bellefield’s policies and standards. Compliance with our internal data security controls is validated through the use of internal and external security monitoring utilities and through rigorous internal and external audits.
Bellefield Systems, LLC is registered as a participant in the EU-U.S. and Swiss-U.S. Privacy Shield programs. Information about your rights under the Privacy Act and general information can be found on the following website. https://www.privacyshield.gov/welcome
Bellefield Systems, LLC is listed on the ICDR/AAA’s EU-U.S and Swiss-U.S. Privacy Shield website and thereby certifying ICDR/AAA as the independent recourse mechanism for Privacy Shield complaints. https://www.adr.org
Bellefield complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from the European Union and Switzerland to the United States, respectively. Bellefield has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access and Recourse, Enforcement and Liability.
Bellefield has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to an independent dispute resolution mechanism, the International Centre for Dispute Resolution of the American Arbitration Association.
If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by Bellefield, please visit the ICDR-AAA EU-US Privacy Shield and Swiss-US Privacy Shield Independent Recourse Mechanism web site at www.go.adr.org/privacyshield.html for more information and to file a complaint. Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
PERSONAL INFORMATION GATHERING AND USAGE
When you register with Bellefield we ask for user profile information such as your name, title, company name, email address and mailing address. User profile information stored on Bellefield’s servers is accessible to your organization’s administrators through the iTimeKeep’s administrative portal. All user profile information stored on Bellefield’s servers is encrypted. Users can access and update user profile information. However, there is currently no mechanism for users to individually limit the use of or disclosure of user profile information.
Bellefield uses collected information for the following general purposes: products and services provision, billing, identification and authentication, services improvement, contact, and research.
Bellefield also collects the e-mail addresses of those who communicate with us via e-mail, aggregate information on what pages users access or visit, and information volunteered by the user (such as survey information and/or site registrations). The information we collect is used to improve the content of our Web pages and the quality of our service, and is not shared with or sold to other organizations for commercial purposes, except to provide products or services you’ve requested, when we have your permission, or under the following circumstances:
Bellefield will not rent or sell your personally identifiable information with third parties. However, we may disclose your personal information or any of its log file information when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) co-operate with the investigations of purported unlawful activities; (c) identify persons who may be violating the law or legal notice; (d) protect and defend the rights or property of Bellefield; (e) protect the safety of an individual or group; or (f) prevent fraud or abuse of Bellefield or its users.
It is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Terms of Service, or as otherwise required by law.
A cookie is a small amount of data, which often includes an anonymous unique identifier that is sent to your browser from a web site’s computers and stored on your computer’s hard drive.
Bellefield SaaS (Software-as-a-Service) infrastructure and data are hosted on Microsoft Azure, one of the world’s leading and most reputable PaaS (platform-as-a-service) providers, which adheres to security certifications and standards. More info on Microsoft Azure security can be found here. https://www.microsoft.com/en-us/trustcenter
Bellefield’s Azure infrastructure provides the necessary hardware, software, networking, storage, and related technology required to run Bellefield. Although Bellefield owns the code, databases, and all rights to the Bellefield applications, you retain all rights to your data.
Bellefield never stores data which belongs in your time and billing system including client or matter names, client or matter descriptions, timecards, etc. This data remains safely stored in your firm’s database behind your firewall and is never stored on the user’s device or in Bellefield’s servers.
For statistical and reporting purposes, Bellefield will keep track of hours worked for each user, but this data will not be associated with any identifiable client or matter.
Bellefield may disclose personally identifiable information under special circumstances, such as to comply with subpoenas or when your actions violate the Terms of Service. Bellefield will give you prompt notice of any such subpoena and cooperate reasonably in efforts to appropriately protect information of yours disclosed in response thereto.
Belliefield is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) with respect to its compliance with the provisions of the EU-US and Swiss-US Privacy Shield.
Bellefield is potentially liable in cases of onward transfer to third parties of data of EU and Swiss individuals received pursuant to the EU-US and Swiss-US Privacy Shield, respectively.
Bellefield takes data security seriously and has a multi-faceted approach to strengthen the security of customer information. We use organizational, technical and administrative safeguards to protect information in our care. We have established a wide range of comprehensive data security protections and maintain an overall data risk management strategy that includes monitoring emerging security threats in the marketplace and assessing appropriate responsive measures and steps to react accordingly.
Bellefield provides its employees with data security awareness, education and training. Our annual security awareness training covers a broad range of security topics from password protection and social engineering to privacy and compliance. We provide ongoing training via computer-based training and email publications.
Bellefield may periodically update this policy. We will notify you about significant changes in the way we treat personal information by sending a notice to the primary email address specified in your Bellefield primary account holder account or by placing a prominent notice on our site.