Data Privacy Framework Principles

To request a DPA (Data Processing Agreement), please submit a request to privacy@mezmo.com.

Mezmo Commitments:

Mezmo Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Mezmo Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Mezmo Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.

To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.Mezmo Inc. commits to cooperate with EU data protection authorities (DPAs) and UK Information Commissioner (ICO) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and UK in the context of the employment relationship.

Mezmo EU-U.S., and Swiss-U.S. Data Privacy Framework Principles Notice:

Mezmo, formerly LogDNA Inc., (“We” or “Our”) has certified with the EU-U.S., UK Extension to EU-US., and Swiss-U.S. Data Privacy Framework Principles with respect to the personal data we receive and process on behalf of our customers through our online workplace productivity tools and platform (the “Services”). Mezmo certifies that it adheres to the Data Privacy Framework Principles principles of notice, choice, onward transfer, security, data integrity, access, and enforcement for personal data submitted by our customers in participating European countries through the Services, and our Data Privacy Framework Principles certification will be available here. We may also process personal data our customers submit relating to individuals in the EU, UK, and Switzerland via other compliance mechanisms, including data processing agreements based on the EU Standard Contractual Clauses. If you need more information on how we collect personal data references our Privacy Policy.

Third Parties With Whom We May Share Customer Data:

We use a limited number of third-party providers to assist us in providing the Services to our customers. As of the date hereof, these third-party providers perform technical operations such as database monitoring, data storage and hosting services and customer support software tools. These third parties may access, process or store personal data in the course of providing these services, but based on our instructions only.

If we receive personal data subject to our certification under the Data Privacy Framework Principles and then transfer it to a third-party service provider acting as an agent on our behalf, we have certain liability under the Data Privacy Framework Principles if both (i) the agent processes the personal data in a manner inconsistent with the Data Privacy Framework Principles and (ii) we are responsible for the event giving rise to the damage.

Questions or Complaints:

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Mezmo commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S should first contact Mezmo at privacy@mezmo.com or at our mailing address:

Mezmo
2059 Camden Ave. #297
San Jose, California 95124
United States

We will work with you to resolve your issue.

Dispute Resolution

In compliance with the EU-U.S. Data Privacy Framework (DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Mezmo Inc. commits to resolve complaints about our collection or use of your personal data. Individuals with inquiries or complaints regarding our handling of personal data received in reliance on these frameworks should first contact Mezmo Inc. at: privacy@mezmo.com.

For unresolved complaints concerning Non-HR data, Mezmo Inc. commits to cooperate with and comply with the advice of the following independent recourse mechanisms, at no cost to you:

The EU Data Protection Authorities (DPAs) for the EU-U.S. DPF,
The UK Information Commissioner’s Office (ICO) for the UK Extension,
The Swiss Federal Data Protection and Information Commissioner (FDPIC) for the Swiss-U.S. DPF.

For human resources (HR) data transferred from the EU and the UK in the context of the employment relationship, Mezmo Inc. commits to cooperate with and comply with the advice of the EU Data Protection Authorities (DPAs) and the UK Information Commissioner’s Office (ICO), respectively.

If you do not receive timely acknowledgment of your DPF-related complaint from us, or if we have not addressed your complaint to your satisfaction, you may contact the relevant authority for further assistance. Contact details for the EU DPAs can be found at https://edpb.europa.eu/about-edpb/board/members_en; for the UK ICO at https://ico.org.uk/ ; and for the Swiss FDPIC at https://www.edoeb.admin.ch/edoeb/en/home.html .

Arbitration

If your DPF-related complaint cannot be resolved through the independent recourse mechanisms described above, under certain conditions, you may be able to invoke binding arbitration through the Data Privacy Framework Panel, a mechanism established by the U.S. Department of Commerce and the European Commission.

The arbitration option is available to address residual complaints not resolved by any other means. To invoke this option, you must:

First raise your complaint directly with Mezmo and allow us the opportunity to resolve the issue;
Then pursue resolution through the applicable independent recourse mechanism:
- The EU Data Protection Authorities (DPAs) for EU-U.S. DPF matters,
- The UK Information Commissioner’s Office (ICO) for UK Extension matters, or
- The Swiss Federal Data Protection and Information Commissioner (FDPIC) for Swiss-U.S. DPF matters.

If your complaint remains unresolved after these steps, you may invoke binding arbitration by submitting a request to the Data Privacy Framework Panel.

Binding Arbitration

You may be entitled to invoke binding arbitration under the Data Privacy Framework Panel as a last resort, but only for certain residual claims not otherwise resolved through the independent recourse mechanisms or enforcement by the U.S. Federal Trade Commission. More information about this process can be found at the U.S. Department of Commerce’s DPF website: https://www.dataprivacyframework.gov.

U.S. Federal Trade Commission Enforcement

Our Data Privacy Framework Principles compliance is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Right of Access

Users (including those whose personal data is within the scope of this Data Privacy Framework Principles certification) have certain legal rights to access certain personal data we hold about them and to obtain its correction, amendment or deletion. Those users may exercise some of those rights through the options described in our Privacy Policy, But please be advised that because our personnel have a limited ability to identify and access an individual user’s personal data that our a customer has submitted to the Services, if you wish to request access, to limit use, or to limit disclosure, we may first refer your request to the customer who submitted your personal data, and we will support them as needed in responding to your request.

Requirement to Disclose

We may disclose personal data when we have a good faith belief that such action is necessary to: conform to legal requirements or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements; or to enforce our contractual obligations.