TyMetrix Web Site Privacy and Safe Harbor Policy

This page sets forth: (a) TyMetrix’ privacy policies related to visits to the TyMetrix website (www.tymetrix.com; the "Website") and (b) TyMetrix Policies relevant to the USA - EU / USA - Swiss Safe Harbor Frameworks.

WEB SITE PRIVACY POLICY

What We Collect and How We Use It. TyMetrix ("we" or "us") may collect and analyze, when you visit the Website, certain non-personally-identifiable information such as the Internet protocol (IP) address used to connect your computer to the Internet; computer and connection information such as your browser type and version, operating system, and platform; and the Uniform Resource Locator (URL) referring page to our Website along with each page viewed, including date and time. Visitors accessing this Website may be offered a "cookie", which can be described as a small text file containing information that is transferred to a visiting computer's hard drive for record-keeping purposes during a visit. The use of cookies enables us to analyze site traffic patterns. A cookie will not give us access to data stored on your computer or to any information other than what is voluntarily provided to us. Most web browsers will automatically accept cookies. There are many methods and applications available for disabling a browser's handling of cookies, or restricting the exchange of data. Should a visitor to the Website disable cookies, he or she may still view the publicly available information on the Website.

We may use third-party products such as LeadLander and certain software tools such as JavaScript to measure and collect and analyze the foregoing collected data. We do this in order to analyze traffic to our site, and to better understand the needs of our customers and visitors.

The information that is collected using the foregoing data and tools is never sold to or shared with any unauthorized third party.

Our fundamental privacy principles incorporate the guidelines set forth by the Federal Trade Commission for web sites that collect personally identifying information: (i) Notice; (ii) Choice; (iii) Access, and (iv) Security, each of which is discussed below:

Notice. TyMetrix is committed to clearly and readily disclosing our data collection practices so that you can make informed decisions about your activities at our Website.

Choice. TyMetrix provides you with a choice to participate in its data collection activities either anonymously or not at all. However, TyMetrix does not disclose personal information to third parties.

Access. TyMetrix provides you with the opportunity to review, modify, and delete any personally identifiable information that you have previously provided.

Security. TyMetrix has taken proactive measures to protect against the loss, misuse, or alteration of data that it collects. Our network infrastructure utilizes leading technology to protect data at each point of transfer. We limit our employees' access to your data, so that access is permitted only to fulfill your requests for information, our contractual obligations with our clients and consistent with this Privacy Statement.
By using the Website, you have consented to the collection and use of the data provided to us as outlined in this Privacy Policy.

How We Notify You of Changes To This Policy. If we decide to change our Privacy Policy, we will post those changes to this Privacy Policy, and other places we deem appropriate so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. Users should check this Privacy Policy regularly to keep abreast of any changes.

Your California Privacy Rights. Beginning on January 1, 2005, California Civil Code Section 1798.83 permits those customers that are California residents to request that companies not share your personal information with third parties for their direct marketing use. TyMetrix does not share your personal information with any third parties.

TYMETRIX SAFE HARBOR POLICY

Definitions

For purposes of this Policy:
• "Personal Information" means any information that (i) is transferred from the EEA or Switzerland to TyMetrix in the U.S.; (ii) is about an identified or identifiable individual; and (iii) is recorded in any form.
• "Data Controller" means an entity that alone or jointly with others determines the purposes and the means of the processing of Personal Information.
• "Data Processor" means an entity that processes Personal Information on behalf of a Data Controller in accordance with the Data Controller's instructions.

Overview of How TyMetrix May Receive Personal Information

TyMetrix provides legal e-billing and matter management services (the "Services") to corporate clients ("Client(s)").

The Services are provided according to an application service provider (ASP) / software as a service (SaaS) model pursuant to the terms of an agreement between TyMetrix and a Client (the "Client Agreement"). The Client obtains the Services by using a computer application (the "Application") accessed through a secure, password protected Internet site (the "Secure Site"). Once authorized access to the Secure Site is gained, the Client may use the Application to manage legal matters or to process invoices submitted by outside vendors, including legal service providers (such vendors, collectively, "LSPs").

The Client determines what individuals within its organization ("Client Users") and in LSPs ("LSP Users") are permitted to access the Secure Site. The Client further determines what level of access to the Secure Site to grant to such Client Users and LSP Users (collectively, "Users"). The Client may submit Personal Information to the Application in connection with registering Users for access to the Secure Site, configuring User rights and designating administrative contacts ("User Information"). Alternatively, the Client may require Users to submit User Information themselves for these purposes. The submission of User Information is determined by the Client, and the Client has the right to alter, delete or otherwise configure User Information as it sees fit.

In the course of using the Services or as the Services are prepared for use during implementation, Users may provide data ("Data") for inclusion in the Secure Site. Users may also cause the Application to process such Data. Clients are solely responsible for the contents of the Data so provided. Any Personal Information included in the Data is submitted at the discretion of such Clients. TyMetrix does not receive Personal Information directly from, and does not have a direct relationship with, individuals whose Personal Information is included in Data. The Application processes the Data (and any Personal Information such data may contain) based on the instructions of and for the purposes determined by the applicable Client.

With respect to the User Information and any Personal Information included in the Data, TyMetrix is a Data Processor.

Safe Harbor Privacy Principles

TyMetrix has certified its privacy practices as consistent with the U.S. Department of Safe Harbor Privacy Principles: Notice, Choice, Onward Transfer, Access and Accuracy, Security, and Oversight/Enforcement. The European Commission and the Federal Data Protection and Information Commissioner of Switzerland recognize the respective Safe Harbor Frameworks, which include the Safe Harbor Privacy Principles, as providing adequate protection for personally identifiable information sent to Safe Harbor certified companies from Europe. More information about the U.S. Department of Commerce Safe Harbor Privacy Principles can be found at http://www.export.gov/safeharbor/. Without limiting the foregoing, TyMetrix hereby supplies the following additional information; to the extent that any conflict may exist between the following and the provisions of the Safe Harbor Frameworks, the provisions of the Frameworks will control:

Notice

TyMetrix does not have a direct relationship with individuals whose Personal Information is included in Data. Clients, as Data Controllers, are responsible under applicable law for providing the required notice to individuals. The form of such notice is determined by the data protection law applicable to the relevant Client.

User Information is used for the sole purposes determined by Client pursuant to the Client Agreement. TyMetrix does not use User Information for any purpose other than the fulfillment of TyMetrix' obligations to Client under the applicable Client Agreement.

Choice

Clients are responsible for providing choice to individuals as to whether their Personal Information included in Data may be disclosed to TyMetrix or used for a purpose that is incompatible with the purpose(s) for which the information was originally collected or subsequently authorized by the individual.

Clients are responsible for providing choice to individuals as to whether their Personal Information may be included in User Information.

Onward Transfer of Personal Information

TyMetrix will transfer Personal Information only as is permitted by a Client in the applicable Client Agreement. TyMetrix does not transfer onward any Personal Information in any human-readable (i.e., unencrypted) form, with the exception of the Application making available Data (which may contain Personal Information) to Users in the course of their authorized use of the Services. TyMetrix may transfer encrypted data files (which may contain Personal Data) to the service provider whose facilities host the Data and the Application. Such data files are encrypted in transit and at rest, and the service provider does not have or otherwise control the encryption keys to either the in-transit or at-rest data files. The secure hosting facility and emergency backup hosting facility are both located within the United States.

TyMetrix requires or otherwise verifies that service providers to whom it transfers data files which may contain Personal Information and who are not subject to laws based on the European Union Data Protection Directive either (i) subscribe to the Safe Harbor principles or (ii) contractually agree to provide at least the same level of protection for Personal Information as is required of a Data Processor by the relevant Safe Harbor principles.

TyMetrix may disclose Personal Information if such Personal Information is within information required to be disclosed by legal process or otherwise required by law. To the extent that the information is designated confidential or otherwise protected in a Client Agreement, TyMetrix will follow any applicable provisions regarding Client notification and pursuit of a protective order set forth in the applicable Client Agreement. TyMetrix reserves the right to transfer Personal Information in the event of a sale or transfer of all or a portion of TyMetrix' business or assets. Should such a sale or transfer occur, TyMetrix will use reasonable efforts to direct the transferee to use Personal Information in a manner that is consistent with TyMetrix' Safe Harbor Policy.

Access to Personal Information

Clients are responsible, pursuant to applicable law, for providing individuals with access to their Personal Information and allowing individuals to correct, amend and delete their information, as required by applicable law. To exercise these rights, individual should contact the appropriate Client that transferred their Personal Information to TyMetrix. TyMetrix will cooperate fully with its Clients in responding to any such request. In the event a request is made directly to TyMetrix, TyMetrix will notify the applicable Client for appropriate resolution.

Security

TyMetrix maintains reasonable administrative, technical and physical safeguards to protect Personal Information from loss, misuse and unauthorized access, disclosure, alternation and destruction. In the applicable Client Agreement, further information is provided on a confidential basis to give Clients further detail regarding TyMetrix' security measures.

Data Integrity

Clients are responsible, pursuant to their contractual relationships with TyMetrix, for taking reasonable steps to ensure that the Personal Information is reliable for its intended use, accurate, complete and current.

Enforcement

TyMetrix reviews its compliance with this Policy to verify that the assertions made in it are true and that the practices the Policy contains are implemented correctly. TyMetrix will investigate any breach of this Policy that has been reported to TyMetrix.

Dispute Resolution
 
Individuals should submit complaints concerning the processing of their Personal Information to the Client that originally collected their information for resolution in accordance with the Client's relevant dispute resolution mechanism (if available). TyMetrix will participate in the Client's dispute resolution process at the request of the individual.

To the extent that a dispute regarding Personal Information is deemed not to be controlled by a Client's dispute resolution mechanism, in addition to any measures set forth on TyMetrix' Safe Harbor certification, JAMS mediation may be commenced as provided for in the JAMS International Mediation Rules, which are accessible on the JAMS website. Mediation will be conducted by telephone, email or other electronic means of communication. TyMetrix will take steps, consistent with applicable law, to remedy any problem arising out of a failure to comply with the Safe Harbor Privacy Principles.

The mediator or the individual also may refer the matter to the U.S. Federal Trade Commission, which has Safe Harbor enforcement jurisdiction over TyMetrix.

How to Contact Us

Please address any questions or concerns regarding this Policy or TyMetrix ' practices concerning Personal Information by contacting us through our website: www.tymetrix.com or by writing to:

Information Security Officer
TyMetrix, Inc.
20 Church Street
Hartford, CT 06103-3220
Attention: Privacy Office
TyMetrix.Privacy@wolterskluwer.com

Notification of Changes

Any material changes to TyMetrix' Safe Harbor Policy will be posted here and other places TyMetrix deems appropriate. TyMetrix will use information in accordance with the privacy policy under which the information was collected.

This Safe Harbor Policy was last revised December 28, 2012