Midiax Online Backup - Safe Harbor Data Privacy Policy            

Midiax Online Backup (“Midiax”) provides secure, off-site backup and local backup software, and abides by the Safe Harbor Principles of the United States Department of Commerce.

Midiax respects the individual privacy of its customers. In all cases Midiax treats personal information in a manner consistent with the laws of the countries in which Midiax does business, but it also aims to uphold the highest applicable ethical standards in all its business activities.

Effective February 10, 2009, this Privacy Policy sets forth the privacy principles that Midiax follows with respect to the protection and transfers of personal information, whether it is in electronic, paper or verbal format, between the United States and the EU. This statement applies to all personal information Midiax processes (except as noted below), including on-line, off-line, and manually processed data. Any employee whom Midiax determines is in violation of this Privacy Policy will be subject to disciplinary process, up to and including termination.

Safe Harbor

Consistent with its commitment to protect personal privacy, Midiax declares that it adheres to the Safe Harbor Principles embodied in the Safe Harbor Agreement concerning the transfer of personal data from the European Union to the United States of America. The United States Department of Commerce and the European Commission have agreed on the Safe Harbor Principles as they are articulated in a set of data protection principles and frequently asked questions as a means to enable U.S. companies to satisfy EU law requirements for adequate protection of personal information transferred from the EU to the United States. If there is a conflict between the provisions of this Privacy Policy and the Safe Harbor Principles, the Safe Harbor Principles will govern.

Definitions

The following definitions apply to all statements throughout this Privacy Policy.
"Personal information" means any information or set of information that is transferred from the EU to the United States, is recorded in any form, pertains to or is about any individual, and can be linked to or used to identify that individual. Personal information does not include information that is encoded, anonymized, or publicly available information that has not been combined with non-public personal information. Personal information does not include information that pertains to or is about a specific individual, but from which that individual could not reasonably be identified.

"Sensitive personal information" means personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or that concerns health or sex life. For purposes of this Privacy Policy, Midiax will treat as sensitive personal information any information received from a third party where that third party treats and identifies the information as sensitive.

The Privacy Principles

Midiax’s operations and processing of personal information conform to the following Safe Harbor Privacy Principles as stated below under the heading of each principle.

Notice and Change

To the extent permitted by the Safe Harbor Agreement, Midiax reserves the right to process personal information in the course of providing professional services to Midiax’s clients and customers without the knowledge of individuals involved. If and when Midiax collects personal information directly from individuals in the EU, Midiax will inform them about the types of personal information it collects from them, the purposes for which Midiax collects and uses it, and the types of non-agent third parties to which Midiax discloses that information. Midiax will also inform those individuals about the choices and means, if any, that Midiax offers to limit the use or disclosure of their information.

Disclosures and Transfers

Midiax will not disclose an individual's personal information to third parties, except when one or more of the following conditions is true:

a) Midiax has the individual's permission to make the disclosure;

b) The disclosure is required by law or professional standards;

c) The disclosure is reasonably related to the sale or disposition of all or part of Midiax’s business;

d) The information in question is publicly available;

e) The disclosure is reasonably necessary for the establishment or defence of legal claims; or

f) The disclosure is to another Midiax entity or to persons or entities providing services on Midiax’s or the individual's behalf (each a "transferee"), consistent with the purpose for which the information was obtained, if the transferee, with respect to the information in question:

Permitted transfers of information, whether to third parties or within Midiax, include the transfer of data from one jurisdiction to another, including transfers to and from the U.S. Because privacy laws vary from one jurisdiction to another, personal information may be transferred to a jurisdiction where the laws provide less or different protection than the jurisdiction in which the information originated.

Data Security

To prevent unauthorized access or disclosure, to maintain data accuracy, and to ensure the appropriate use and confidentiality of information, either for its own purposes or on behalf of its clients, customers and business partners, Midiax has put in place and rigorously enforces appropriate physical, electronic, and managerial procedures to safeguard and secure the information that Midiax processes. However, Midiax cannot guarantee the security of information on or transmitted via the Internet.

Data Integrity

Midiax processes personal information only in ways compatible with the purpose for which it was collected or subsequently authorized by the individual. To the extent necessary for such purposes, Midiax takes reasonable steps to make sure that personal information is accurate, complete, current, and otherwise reliable for its intended use.

Access and Correction

If an individual becomes aware that information Midiax maintains about that individual is inaccurate, or if an individual would like to update or review that individual’s information, the individual may contact Midiax using the contact information below. In every case, Midiax will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate. The individual seeking to amend such information will need to provide sufficient identifying information, such as name, address, birth date, and social security number. Midiax may request additional identifying information as a security precaution. In addition, Midiax may limit or deny access to personal information where providing such access would be unreasonably burdensome or expensive in the circumstances, or as otherwise permitted by the Safe Harbor Agreement. In some circumstances, Midiax may charge a reasonable fee, where warranted, for access to personal information.

Enforcement and Dispute Resolution

Midiax utilizes the self-assessment approach to assure its compliance with this Privacy Policy. Midiax periodically verifies that this Privacy Policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented, and in conformity with the Safe Harbor Principles. Midiax encourages interested persons to raise any concerns about its implementation of this Privacy Policy using the contact information below. Midiax will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Privacy Policy.

Any claim arising out of or relating to Midiax’s adherence to the EU Data Directive, or the breach thereof, that cannot be resolved through Midiax’s internal processes, will be settled by arbitration administered by the American Arbitration Association (“AAA”) in accordance with its applicable commercial rules.  Any arbitrator will be either an attorney or retired judge having significant and recognized experience with and knowledge of privacy issues and information technology.  The arbitration panel should apply California law, without regard to its conflict of laws principles, as well as the Safe Harbor Enforcement Principles issued by the U.S. Department of Commerce. In addition, the exclusive location for such arbitration will be Los Angeles & California. All decisions of the arbitration panel will be final and binding on the parties, which waive any right to appeal the arbitration award further, to the extent an appeal may be lawfully waived.

Midiax is also subject to the jurisdiction of the U.S. Federal Trade Commission.

Changes

Midiax may change this Privacy Policy from time to time, consistent with the requirements of the Safe Harbor Principles or the United States Department of Commerce. Midiax will post any revised privacy policy in its work places, train its employees about such changes and how to comply with them, and will publish any amended privacy policy on this Web site or a similar Web site that replaces this Web site.

Information Subject to other Policies or Standards

Midiax is committed to following the Safe Harbor Principles for all personal information within the scope of the Safe Harbor Agreement. Certain information, however, is subject to policies of Midiax that may differ in some respects from the provisions of this Privacy Policy. Information subject to such additional policies includes information obtained from or relating to a client, customer or business partner or former client, customer or business partner that is subject to the terms of any privacy notice to or agreement with such client, customer or business partner, any engagement letter or letters with such client, customer or business partner, and applicable laws and professional standards.

Contact Information

Questions or comments regarding Midiax’s Safe Harbor certification and this Privacy Policy should be submitted to Midiax by mail or e-mail as follows:

Midiax Online Backup
6822 22nd Avenue North #211
St. Petersburg, FL 33710

or
onlinebackup@midiax.com