General Data Protection Regulation (GDPR) and the EU-U.S. Data Privacy Framework (EU-U.S. DPF)

Last Updated: August 25, 2023

The General Data Protection Regulation (GDPR) is a European Union data protection law that became effective on May 25, 2018. Its purpose is to harmonize data protection laws across the European Economic Area, give people in the EEA enhanced rights to their data, and require businesses to meet certain technical and organizational controls around their collection and processing of personal information. The UK GDPR is based on the EU GDPR, but with modifications to reflect the UK’s status apart from the EU.

Respondus, Inc. (Respondus) has aligned itself with these regulations, as described below.

Respondus' commitment to privacy and data security

Respondus maintains a commitment to protecting our customers' privacy and data security. The Respondus Privacy Policies, available in our Privacy Center, reflect the protection of the privacy rights of data subjects globally. These documents explain:

  • Details on how we use your personal information — including expanded details for specific products and services we offer — and the choices available to you.
  • Information about the responsibilities of businesses that process personal information, such as the legal basis for processing personal information.
  • Rights of data subjects that may be applicable, such as requesting information about the personal data we store, or how it may be modified or deleted.
  • Data Processing Agreements for licensee institutions in the EU/EEA, the UK, and Switzerland describing the mechanisms for cross-border data transfer.

If you are in the European Union / United Kingdom, you may address privacy-related inquiries to our EU / UK representative pursuant to Article 27 GDPR:

EU:
Writing to – EDPO at Spaces Rio, Calle Manzanares 4, 28005 Madrid, Spain
Online request form – http://edpo.com/gdpr-data-request/

UK:
Writing to – EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom
Online request form – https://edpo.com/uk-gdpr-data-request/

EU-U.S. Data Privacy Framework and UK Extension and the Swiss-U.S. Data Privacy Framework

Respondus complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Respondus has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Respondus has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in Respondus' Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/

With respect to personal data received or transferred pursuant to the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework, Respondus is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission, who has jurisdiction over Respondus’ compliance.

Under certain conditions, more fully described on the Data Privacy Framework website, you may invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms.

Choice: In compliance with Data Privacy Framework Principles, you have the right to opt out of:

  1. Disclosures of your Personal Data to third parties not identified at the time of collection or subsequently authorized, and
  2. Uses of your Personal Data for purposes materially different from those disclosed at the time of collection or subsequently authorized.

Onward Transfers: In the context of an onward transfer Respondus has responsibility for the processing of personal information it receives under the Data Privacy Framework and subsequently transfers to a third party acting as an agent on its behalf. Respondus shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.

If you have a related question or concern, please contact us at [email protected]

In compliance with the Data Privacy Framework Principles, Respondus commits to resolve complaints about our collection or use of your personal information. EU, UK or Swiss individuals with inquiries or complaints regarding our Privacy Policy should first contact Respondus at: [email protected]

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Respondus commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit the JAMS website for more information or to file a complaint. The services of JAMS are provided at no cost to you.