Safe Harbor Privacy Policy

This Safe Harbor Privacy Policy describes our policy regarding the collection, use, disclosure, and processing of information relating to identifiable individuals (“Personal Information”) by Client (“Client”). Personal Information that is not collected on these web sites is not subject to this Privacy Policy.

Safe Harbor Privacy Principles

Client subscribes and adheres to the European Union Safe Harbor Privacy Principles as set forth by the U.S. Department of Commerce (“Safe Harbor Privacy Principles”) regarding Personal Information gathered from Client Corporate Sites (“Client Sites”) to individuals in the European Union. Client also adheres to the Safe Harbor Privacy Principles that apply to agents with respect to Personal Information from the European Union that we obtain through web sites that we host and manage as a service to our corporate, organization, and non-profit customers (“Managed Sites”). In regard to Managed Sites, we process Personal Information solely as a processing agent, on our customers’ behalf, and in accordance with our Customers’ instructions and defined processes. Our Customers ultimately determine how data is collected, used, disclosed, and processed on their Managed Sites and for what purposes. For more information on Safe Harbor Principles, please visit the U.S. Department of Commerce web site at http://export.gov/safeharbor.

Collection of Personal Information

You can visit a Client Site and submit Personal Information for Client sponsored events, materials, or activities that Client uses to confirm and contact you with information you requested.

You can visit our Customer’s Managed Sites without telling us who you are or revealing any Personal Information about yourself. There are some activities, however, where providing Personal Information is required, such as becoming a member of a Customer’s organization, participating in an organization’s member activities, downloading certain specifications, white papers or registering for certain services, as outlined below.

If you wish to participate in member activities, download or obtain specifications, white papers, newsletters, or certain other articles or materials, you often must register or be a member with our one or more of our customers. Registration requires the provision of certain Personal Information such as your name, company name, email address and other contact information. The specific categories of Personal Information on the registration form that are required are marked with an asterisk (*). If you do not wish to provide the required information, you may not be able to engage in the particular activity at issue.

Client acts as a mere processing agent for your organization, and therefore will collect, use, disclose, and otherwise process such Personal Information in accordance with your organization’s instructions.

Session and Usage Tracking

Client Sites and Managed Sites may use certain user tracking technologies. These technologies allow us to remember your session, pre-fill an online form, and know your progress as expressed by the pages you visit on the Managed Sites. A cookie, for example, is a small text file that may be used to collect information about your activities on the Managed Sites. The cookie transmits this information back to our Managed Sites web server that, generally speaking, is the only computer that can read it. Some cookies may serve to recall Personal Information previously registered by you. Most web browsers allow you to control cookies, including whether or not to accept them and how to remove them. You can set your browser to notify you when you are sent a cookie, giving you the chance to decide whether or not to accept it. You can also set your browser to block or remove cookies; however, if you choose to do so, certain features and functionality of our Websites may no longer be available to you.

Our Client Sites and Managed Sites also use other tracking technologies to record anonymous information, as in; the name of the domain and host from which you access the Internet, the Internet protocol (IP) address of the computer you are using, the browser software you use and your operating system, the date and time you access our Managed Sites, and the Internet address of the website from which you linked directly to our Managed Sites. Client, and for Managed Sites, the Customer, may make use of usage data collected through the Managed Sites that is not Personal Information.

How Personal Information is Used

Client uses the Personal Information collected on a Managed Site to provide the Customer with user management / member administration information and to provide you with access to the requested web pages, materials, online tools, and services provided by the Customer. We also use Personal Information to customize and improve your user experience on the Managed Site.

To the extent we obtain credit card information, on a Client or Managed Site, from you in connection with online event registration, membership signup or renewal, we use such information solely to confirm your qualification to pay for the services, and to perform and administer the payment transactions. Credit card information collected is immediately encrypted and only kept long enough to complete the intended transaction.

Disclosure of Personal Information

The Managed Sites display and allow access to Personal Information which Customer administrators, staff and key members require to assist them in performing tasks in connection with the Customer’s mission and goals. Such activities as member administration, committee / workgroup management, and member communication are typical tasks requiring access to Personal Information stored on the Managed Site.

Customers may also disclose Personal Information to technology partners that may wish to offer their own products and services to you, or to resellers that may offer our products and services to you. Since Client acts as an agent for Customer, you should contact Customer about the opportunity to opt out of having your Personal Information shared with such third parties before it is disclosed. Generally, this option will be available to you on the registration or other page where you provide Personal Information to Customer. You may also opt out of Customer sharing of Personal Information with such third parties in the future by sending us an email as described below in the paragraph below on “Opt Out Choice.”

Client may also share Personal Information with government agencies or other third parties where required by or in connection with law enforcement actions, subpoenas or other litigation or applicable law. We may also disclose your Personal Information in connection with a prospective or actual sale, merger, transfer or other reorganization of all or parts of our business.

Ability to Opt Out

You may opt out of receiving newsletters and marketing communications from any Managed Site in the future by contacting Customer directly.

You may opt out of any disclosures of Personal Information by any Client Site (not a Managed Site) by contacting us at safe_harbor_optout@galois.com. These opt out choices do not apply to communications for the purposes of accounting, contracts, technical support, website warnings or website updates, or other comparable activities.

Access and Accuracy

For any Client Site, you can keep your Personal Information accurate, current, and complete, by contacting us as specified in the paragraph below on “Questions or Comments.” We will make reasonable efforts to update or correct Personal Information that we maintain in our possession on our own behalf.

For Managed Sites, please contact that organization for steps to access and review your Personal Information.

Security of Personal Information

For Client Sites, Client takes appropriate and reasonable precautions to protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction.

For Managed Sites, Client provides the web infrastructure and the Customer is the manager of and has access to all Personal Information. They are responsible for proper procedures and policies.

Notification of Changes

If we decide to change our Safe Harbor Privacy Policy, we will post the revised Privacy Policy on this web site via a link from the galois.com home page. All revisions will be dated.

Questions or Comments

If you have any questions or comments regarding our Safe Harbor Privacy Policy, please contact us at safe_harbor@galois.com or send a letter to Safe Harbor Dept, Galois, Inc, Portland, OR 97204.