Information Required for Safe Harbor Self-Certification

To expedite the certification process, please compile the following information before you go online to self-certify your organization's compliance with the Safe Harbor Framework(s).

Organization Information:

  • Organization Name
  • Address
  • City
  • State
  • Zip
  • Phone
  • Fax
  • Website (Optional)

Organization Contact (i.e., individual or office handling all issues concerning your organization’s compliance with the Safe Harbor Framework(s), including complaints, access requests, and maintenance of your organization’s certification status):

  • Contact Office
  • Contact Name (Optional)
  • Contact Title (Optional)
  • Contact Phone
  • Contact Fax
  • Contact E-mail

Corporate Officer (i.e., individual certifying your organization’s compliance with the Safe Harbor Framework(s)):

  • Corporate Officer Name
  • Corporate Officer Title
  • Corporate Officer Phone
  • Corporate Officer Fax
  • Corporate Officer E-mail

Description of your organization’s activities with respect to personal information received from the EU/EEA and/or Switzerland (i.e., a brief summary of what, why, and when such personal information is received).

Description of your organization's privacy policy for personal information:

  • Effective date of your organization's privacy policy
  • Location of your organization's relevant privacy policy statement(s). Please note that with the exception of a privacy policy statement that exclusively covers your organization’s own human resources data (i.e., if such data is covered by your organization’s self-certification), all other relevant privacy policy statements must be made readily available on your organization’s public website(s) or uploaded hereto if your organization does not have a public website.
  • Appropriate statutory body that has jurisdiction to hear any claims against your organization regarding possible unfair or deceptive practices and violations of laws or regulations governing your organization’s privacy practices (Federal Trade Commission or Department of Transportation)
  • Any privacy program(s) in which your organization is a member (e.g., a self-regulatory privacy program that adheres to the Safe Harbor Privacy Principles) (See FAQ 6)
  • Your organization's verification method (e.g., in-house or third party; if third party, please specify which one) (See FAQ 7)
  • The independent recourse mechanism(s) that is(are) available to investigate unresolved complaints concerning your organization’s compliance with the Safe Harbor Framework(s) (e.g., a specific private sector developed dispute resolution mechanism that incorporates the Safe Harbor Framework(s) and/or the EU and/or Swiss data protection authorities). (See U.S.-EU Safe Harbor Framework FAQ 11 and U.S.-Swiss Safe Harbor Framework FAQ 11). Please note that the Federal Trade Commission (FTC) does not function as an ‘independent recourse mechanism’ under the Safe Harbor Framework(s).
  • The ‘personal data’ (i.e., any data about an identified or identifiable individual) ‘processed’ (i.e., whether or not by automatic means; e.g., collection, recording, organization, storage, adaptation or alteration, combination, retrieval, consultation, use, disclosure by transmission, dissemination, etc.) by your organization within the scope of the Safe Harbor Framework(s) that is covered under your organization’s self-certification (e.g., organization, client, customer, visitor, clinical trial data, etc.). Please indicate whether or not the data covered includes manually processed data.
  • Whether your organization plans to cover ‘organization human resources data’ (i.e., personal information about your organization’s own employees, past or present, collected in the context of the employment relationship) under its self-certification, and if so, whether your organization agrees to cooperate and comply with the EU and/or Swiss data protection authorities (See U.S.-EU Safe Harbor Framework FAQ 5 and FAQ 9, and U.S.-Swiss Safe Harbor Framework FAQ 5 and FAQ 9). Please note that even if your organization does not plan to cover ‘organization human resources data’ under its self-certification, it may nevertheless voluntarily agree to cooperate and comply with the EU and/or Swiss data protection authorities.

Additional Information Required

  • All of the relevant countries (i.e., some or all of the following: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, United Kingdom) from which your organization receives or reasonably anticipates receiving personal information within the scope of the Safe Harbor Framework(s) that will be covered by your organization’s self-certification. Please note that selection of “Switzerland” regardless of whether it is specifically selected or “All” countries are selected, will be interpreted as your organization’s self-certification of compliance with the U.S.-Swiss Safe Harbor Framework; and, failure to select any country will be interpreted as your organization’s self-certification of compliance with only the U.S.-EU Safe Harbor Framework.
  • Your organization’s appropriate industry sectors (View Safe Harbor Industry Sectors)
  • Your organization’s level of sales (this information will not be posted on the website)
  • Your organization’s number of employees (this information will not be posted on the website)