BELLEFIELD PRIVACY POLICY 1.3.18

The Bellefield privacy policy establishes how Bellefield will handle information we learn about you from your visit to our site and the use of the Bellefield SasS (Software-as-a-Service). Please be assured that the privacy of our visitors and clients is of utmost importance to us. We collect no personally identifiable information about you when you visit our site unless you choose to provide that information to us.

COMPLIANCE

Bellefield’s information security framework includes regular compliance assessments with Bellefield’s policies and standards. Compliance with our internal data security controls is validated through the use of internal and external security monitoring utilities and through rigorous internal and external audits.

Bellefield Systems, LLC is registered as a participant in the EU-U.S. and Swiss-U.S. Privacy Shield programs. Information about your rights under the Privacy Act and general information can be found on the following website. https://www.privacyshield.gov/welcome

Bellefield Systems, LLC is listed on the ICDR/AAA’s EU-U.S and Swiss-U.S. Privacy Shield website and thereby certifying ICDR/AAA as the independent recourse mechanism for Privacy Shield complaints. https://www.adr.org

Bellefield complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from the European Union and Switzerland to the United States, respectively. Bellefield has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access and Recourse, Enforcement and Liability.

If there is any conflict between the policies in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/

In compliance with the EU-US Privacy Shield and Swiss-US Privacy Shield Principles, Bellefield commits to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss citizens with inquiries or complaints regarding this privacy policy should first contact Bellefield at: support@bellefield.com.

Bellefield has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to an independent dispute resolution mechanism, the International Centre for Dispute Resolution of the American Arbitration Association.

If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by Bellefield, please visit the ICDR-AAA EU-US Privacy Shield and Swiss-US Privacy Shield Independent Recourse Mechanism web site at www.go.adr.org/privacyshield.html for more information and to file a complaint. Please note that if your complaint is not resolved through these channels, under  limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.

INFORMATION GATHERING AND USAGE

When you register with Bellefield we ask for user profile information such as your name, title, company name, email address and mailing address. User profile information stored on Bellefield’s servers is accessible to your organization’s administrators through the iTimeKeep’s administrative portal. All user profile information stored on Bellefield’s servers is encrypted. Users can access and update user profile information. However, there is currently no mechanism for users to individually limit the use of or disclosure of user profile information.

Bellefield uses collected information for the following general purposes: products and services provision, billing, identification and authentication, services improvement, contact, and research.

Bellefield also collects the e-mail addresses of those who communicate with us via e-mail, aggregate information on what pages users access or visit, and information volunteered by the user (such as survey information and/or site registrations). The information we collect is used to improve the content of our Web pages and the quality of our service, and is not shared with or sold to other organizations for commercial purposes, except to provide products or services you’ve requested, when we have your permission, or under the following circumstances:

Bellefield will not rent or sell your personally identifiable information with third parties. However, we may disclose your personal information or any of its log file information when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) co-operate with the investigations of purported unlawful activities; (c) identify persons who may be violating the law or legal notice; (d) protect and defend the rights or property of Bellefield; (e) protect the safety of an individual or group; or (f) prevent fraud or abuse of Bellefield or its users.

It is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Terms of Service, or as otherwise required by law.

We transfer information about you if Bellefield is acquired by or merged with another company. In this event, Bellefield will notify you before information about you is transferred and becomes subject to a different privacy policy.

COOKIES

A cookie is a small amount of data, which often includes an anonymous unique identifier that is sent to your browser from a web site’s computers and stored on your computer’s hard drive.

We use cookies to record current session information, but do not use permanent cookies unless the user selects to trust the device and stays logged in. To protect you against others accidentally accessing your account contents, you are required to log-in to your Bellefield website after a certain period of time has elapsed.

DATA STORAGE

Bellefield SaaS (Software-as-a-Service) infrastructure and data are hosted on Microsoft Azure, one of the world’s leading and most reputable PaaS (platform-as-a-service) providers, which adheres to security certifications and standards. More info on Microsoft Azure security can be found here. https://www.microsoft.com/en-us/trustcenter

Bellefield’s Azure infrastructure provides the necessary hardware, software, networking, storage, and related technology required to run Bellefield. Although Bellefield owns the code, databases, and all rights to the Bellefield applications, you retain all rights to your data.

Bellefield never stores data which belongs in your time and billing system including client or matter names, client or matter descriptions, timecards, etc. This data remains safely stored in your firm’s database behind your firewall and is never stored on the user’s device or in Bellefield’s servers.

For statistical and reporting purposes, Bellefield will keep track of hours worked for each user, but this data will not be associated with any identifiable client or matter.

DISCLOSURE

Bellefield may disclose personally identifiable information under special circumstances, such as to comply with subpoenas or when your actions violate the Terms of Service. Bellefield will give you prompt notice of any such subpoena and cooperate reasonably in efforts to appropriately protect information of yours disclosed in response thereto.

Belliefield is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) with respect to its compliance with the provisions of the EU-US and Swiss-US Privacy Shield.

Bellefield may transfer information that we collect about you to third party processors across borders and from your country or jurisdiction to other countries or jurisdictions around the world. If you are located in the European Union or other regions with laws governing data collection and use that may differ from U.S. law, please note that you are transferring information to a country and jurisdiction that does not have the same data protection laws as your jurisdiction. These thi rd parties may have access to your information for the limited purpose of providing the service we have contracted with them to provide. They are required to have a privacy policy and security standards in place that are at least as protective of your information as is this Privacy Policy (including those provisions related to compliance with the EU-US and Swiss-US Privacy Shield). Bellefield will take reasonable and appropriate steps necessary to ensure that any third party who is acting as a “data process or” under EU and Swiss terminology is processing the personal information we entrust to them in a manner that is consistent with the EU-US and Swiss-US Privacy Shield principles.

Bellefield is potentially liable in cases of onward transfer to third parties of data of EU and Swiss individuals received pursuant to the EU-US and Swiss-US Privacy Shield, respectively.

SECURITY

Bellefield takes data security seriously and has a multi-faceted approach to strengthen the security of customer information. We use organizational, technical and administrative safeguards to protect information in our care. We have established a wide range of comprehensive data security protections and maintain an overall data risk management strategy that includes monitoring emerging security threats in the marketplace and assessing appropriate responsive measures and steps to react accordingly.

TRAINING

Bellefield provides its employees with data security awareness, education and training. Our annual security awareness training covers a broad range of security topics from password protection and social engineering to privacy and compliance. We provide ongoing training via computer-based training and email publications.

CHANGES

Bellefield may periodically update this policy. We will notify you about significant changes in the way we treat personal information by sending a notice to the primary email address specified in your Bellefield primary account holder account or by placing a prominent notice on our site.

QUESTIONS

Any questions about this Privacy Policy should be addressed to support@bellefield.com or by mail at: Bellefield Systems, LLC, 2605 Nicholson Rd, Suite 2202, Sewickley, PA 15143