Bit River, LLC ("Bit River," "we," "us," or "our") is a software consultancy based in Atlanta, GA, USA. This Privacy Policy describes how we collect, use, disclose, and protect personal data, and the rights and choices available to individuals whose personal data we process.

Bit River provides software development, technical consulting, and related professional services to business clients. In the course of delivering these services, Bit River processes personal data on behalf of and under the instructions of its clients, acting as a data processor (also referred to as a service provider). Our clients determine the purposes and means of processing and act as the data controllers. The categories and scope of personal data processed are defined on a per-engagement basis in the applicable services agreement or data processing agreement with each client.

EU-U.S. Data Privacy Framework

Bit River, LLC complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce. Bit River, LLC has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (the "DPF Principles") with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF.

If there is any conflict between the terms in this Privacy Policy and the DPF Principles, the DPF Principles shall govern with respect to personal data received in reliance on the EU-U.S. DPF. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit dataprivacyframework.gov.

Bit River is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC) with regard to its compliance with the EU-U.S. DPF.

Personal Data We Process

As a data processor acting on behalf of its clients, the specific categories of personal data Bit River processes vary by engagement and are defined per-contract in the applicable client agreement. Depending on the nature of a given engagement, personal data processed may include, for example, identifiers, contact information, account or user data, technical and usage data, and information contained within client systems, databases, or application logs to which Bit River is granted access for the purpose of performing services.

Bit River processes such personal data solely for the purpose of providing the contracted services to the relevant client—including software development, system integration, infrastructure configuration and operation, testing, debugging, technical support, and related activities—and in accordance with the documented instructions of that client. Bit River does not use personal data received in reliance on the EU-U.S. DPF for its own marketing purposes or for any purpose incompatible with the purposes for which it was provided by the client.

This Privacy Policy covers personal data other than human resources data. Bit River does not certify human resources data under the EU-U.S. DPF.

Notice

Because Bit River acts as a data processor, personal data is provided to Bit River by its clients rather than collected directly from individuals. The clients that engage Bit River are responsible, as data controllers, for providing notice to the individuals whose personal data is processed, including notice regarding the purposes of processing and the disclosure of personal data to processors such as Bit River.

This Privacy Policy provides notice that Bit River participates in the EU-U.S. DPF; the types of personal data it processes; the purposes for which it processes personal data; the third parties to which it may disclose personal data; the independent recourse mechanism available to individuals; and the means Bit River offers individuals for limiting the use and disclosure of their personal data.

Choice

As a data processor, Bit River processes personal data only as instructed by its clients. Bit River does not disclose personal data to third parties, or use it for a purpose materially different from the purpose for which it was originally provided or subsequently authorized by the client, except as instructed by the client or as required by law.

Individuals who wish to exercise choice regarding the use or disclosure of their personal data should ordinarily contact the relevant data controller (the Bit River client on whose behalf the data is processed). Where Bit River receives such a request directly, it will refer the request to the appropriate client and reasonably assist that client in honoring it.

Accountability for Onward Transfer

Bit River may disclose personal data to third-party service providers (sub-processors) that perform services supporting Bit River's delivery of services to its clients. The categories of sub-processors that may receive personal data are:

Bit River enters into contracts with such sub-processors requiring that they (i) process personal data only for limited and specified purposes consistent with the consent provided by the individual or the instructions of the client; (ii) provide at least the same level of protection for personal data as is required by the DPF Principles; and (iii) notify Bit River if they can no longer meet this obligation and, in such case, cease processing or take other reasonable and appropriate steps to remediate.

In the context of an onward transfer, Bit River remains responsible and liable under the DPF Principles if a sub-processor that it engages to process personal data on its behalf does so in a manner inconsistent with the DPF Principles, unless Bit River proves that it is not responsible for the event giving rise to the damage.

Security

Bit River takes reasonable and appropriate measures to protect personal data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the personal data. These measures include administrative, technical, and physical safeguards appropriate to the scale of Bit River's operations as an independent software consultancy, such as access controls, encryption in transit, and the principle of granting access to personal data only as necessary to perform contracted services.

Data Integrity and Purpose Limitation

Bit River limits its processing of personal data to what is relevant for the purposes of providing the contracted services. Bit River does not process personal data in a way that is incompatible with the purposes for which it was collected or subsequently authorized by the client.

Bit River retains personal data processed in reliance on the EU-U.S. DPF only for as long as it serves the purposes of the relevant engagement, or as otherwise instructed by the client or required by applicable law. Upon completion or termination of an engagement, Bit River returns or deletes personal data in accordance with the applicable client agreement. Bit River takes reasonable steps to ensure that personal data is reliable for its intended use and accurate, complete, and current to the extent consistent with its role as a processor acting on client instructions.

Access

Individuals in the European Union have the right to access personal data about them that Bit River processes, and to correct, amend, or delete that data where it is inaccurate or has been processed in violation of the DPF Principles.

Because Bit River processes personal data as a processor on behalf of its clients, individuals who wish to access, correct, amend, or delete their personal data should direct their request to the relevant data controller (the Bit River client). Where Bit River receives such a request directly, it will refer the individual to the appropriate client and will reasonably assist that client in responding to the request, consistent with Bit River's obligations as a processor.

Recourse, Enforcement, and Liability

Independent Recourse Mechanism

In compliance with the EU-U.S. DPF Principles, Bit River commits to resolve complaints about our collection or use of your personal data transferred in reliance on the EU-U.S. DPF. EU individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF should first contact Bit River at privacy@bitriver.co.

Bit River has further committed to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.

Binding Arbitration

Under certain conditions, more fully described on the Data Privacy Framework website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

Regulatory Oversight

Bit River is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Liability

In the context of an onward transfer, Bit River remains liable under the DPF Principles if its sub-processors process personal data in a manner inconsistent with the DPF Principles, unless Bit River proves that it is not responsible for the event giving rise to the damage.

Changes to This Privacy Policy

Bit River may update this Privacy Policy from time to time. The revised policy will be posted on this page with an updated "Last updated" date. Where required, Bit River will continue to apply the DPF Principles to personal data received in reliance on the EU-U.S. DPF for as long as it retains such data.

Contact Us

If you have any questions or concerns about this Privacy Policy or Bit River's data practices, please contact us at:

Bit River, LLC
Atlanta, GA, USA
Email: privacy@bitriver.co
Web: bitriver.co