Best viewed on a device with a bigger screen...
On 16th July 2020 the European Court of Justice ruled that the EU-US Privacy Shield Framework is no longer a valid mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States. Both the European Data Protection Board (EDPB) and the US Government are committed to finding a solution to replace the Privacy Shield. This process gained momentum in March 2021 when the new US administration and the EU ageed to intensify the search for a solution. In the meantime, The U.S. Department of Commerce’s International Trade Administration (ITA) continues to administer the Privacy Shield program, including processing submissions for self-certification and re-certification to the Privacy Shield and maintaining the Privacy Shield List.
We continue to transfer data to our US subsidiary as described below as we have data processing agreements in place between our UK and US companies which include standard contractual clauses giving EU and UK data subjects the same rights over their data when it is processed by us in the US as they have when it is processed in the UK.
We also continue to maintain our certification with the Privacy Shield Program as evidence of our commitment the highest standards of data protection and to provide an independent arbitrator in the event of complaints about our US data processing which cannot be resolved directly with Pantheon. In due course we will seek certification with whatever scheme replaces the Privacy Shield.
If you or your employer have requested that we send you our products, we have a contractual right to process the data needed to do this and to manage your account. In most other circumstances, our lawful basis for processing your data is Legitimate Interest. This is where we have identified a genuine and legitimate reason for processing your data, which does not override your rights or interests. We process personal data in order to find and contact businesses who we believe have a commercial interest in reading our economics research, and to allow us to make existing customers aware of new products as they become available. We also retain the minimum information necessary to make sure that we do not contact anyone who has told us that they do not want to hear from us. In this case, we will have obtained consent to continue to process this data.
Pantheon Macroeconomics collects the minimum data required to meet our objectives, above.
We collect the following information from public and commercially available sources such as the financial media, social media and commercial financial market databases:
Once we have contacted you, we keep a record of the date and content of any communications that we have had with you
As our website hosts, El Roboto Ltd (4th Floor Sunco House, 5 Carliol Square, Newcastle Upon Tyne, Tyne & Wear, NE1 6UF) have access to your data. Information is transferred between our U.K. Company (Pantheon Macroeconomics Limited) and our U.S. subsidiary (Pantheon Macroeconomics Inc) for sales and marketing purposes. We also send information to third-party companies, who maintain our marketing databases and ensure they are accurate and up to date. Our EU data is processed within the EU by carefully chosen partners who have shown that they comply with GDPR regulations and our own high data protection standards.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Pantheon Macroeconomics, Inc. is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.
Pursuant to the Privacy Shield Frameworks, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to email@example.com. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to firstname.lastname@example.org
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Pantheon Macroeconomics, Inc’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Pantheon Macroeconomics, Inc. remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless Pantheon Macroeconomics, Inc. proves that it is not responsible for the event giving rise to the damage.
In compliance with the Privacy Shield Principles, Pantheon Macroeconomics, Inc, commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union, UK, and Swiss individuals with Privacy Shield inquiries or complaints should first contact Pantheon Macroeconomics, Inc at:
400 Columbus Ave., Suite 10s
Valhalla, NY 10595
By Email: email@example.com
Pantheon Macroeconomics, Inc. has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction. Please note that European Union and Swiss individuals who have inquiries or complaints regarding our privacy policies other than as they relate to the Privacy Shield, should first contact Pantheon Macroeconomics, Ltd at:
5th Floor Cathedral Buildings, Dean Street
Newcastle upon Tyne, NE1 1PG, UK
By email: firstname.lastname@example.org
Annex I: Section C
An individual who decides to invoke this arbitration option must take the following steps prior to initiating an arbitration claim: (1) raise the claimed violation directly with the organization and afford the organization an opportunity to resolve the issue within the timeframe set forth in Section III.11(d)(i) of the Principles; (2) make use of the independent recourse mechanism under the Principles, which is at no cost to the individual; and (3) raise the issue through their Data Protection Authority to the Department of Commerce and afford the Department of Commerce an opportunity to use best efforts to resolve the issue within the timeframes set forth in the Letter from the International Trade Administration of the Department of Commerce, at no cost to the individual. This arbitration option may not be invoked if the individual’s same claimed violation of the Principles (1) has previously been subject to binding arbitration; (2) was the subject of a final judgment entered in a court action to which the individual was a party; or (3) was previously settled by the parties. In addition, this option may not be invoked if an EU Data Protection Authority or the Commissioner (1) has authority under Sections III.5 or III.9 of the Principles; or (2) has the authority to resolve the claimed violation directly with the organization. A DPA’s/the Commissioner's authority to resolve the same claim against an EU or a Swiss data controller does not alone preclude invocation of this arbitration option against a different legal entity not bound by the DPA/Commissioner's authority.