Welcome [ Sign in ]   Request Info   Support
  Home » Safe Harbor Policy  
Statements & Policies
Privacy Statement
Terms of Use
Safe Harbor Policy
Safe Harbor Policy

Compliance Concepts, Inc. respects individual privacy and values the confidence of its customers, employees, vendors and others. Compliance Concepts strives to collect, use and disclose Personal information in a manner consistent with the laws of the countries in which it does business, and has a tradition of upholding the highest ethical standards in its business practices. Compliance Concepts complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Compliance Concepts has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.  To learn more about the Safe Harbor program, and to view Compliance Concepts’ certification, please visit http://www.export.gov/safeharbor/.


The United States Department of Commerce and the European Commission have agreed on a set of data protection principles and frequently asked questions (the "Safe Harbor Principles") to enable US companies to satisfy the requirement under European Union law that adequate protection be given to Personal information transferred from the EU to the United States. The EEA also has recognized the US Safe Harbor as providing adequate data protection (OJ L 45, 15.2.2001, p.47). Consistent with its commitment to protect Personal privacy, Compliance Concepts adheres to the Safe Harbor Principles.

Compliance Concepts has a company official responsible for Data Protection and this individual is responsible for ensuring compliance with this Policy and data security issues. Compliance Concepts educates its employees concerning compliance with this Policy and has self-assessment procedures in place to assure compliance. Bryan Rainey, VP, Information Technology, is currently responsible for Data Protection however, there are a number of company officials who are available to any of Compliance Concepts valued employees, customers, vendors or others who may have questions concerning this Policy or data security practices. Relevant contact information is provided herein.


This Policy applies to all Personal information received by Compliance Concepts in any format including electronic, paper or verbal. Compliance Concepts collects and processes Personal information concerning current and former employees and their respective family members, as well as applicants for employment through its Internet websites, electronic mail and manually. Compliance Concepts is the sole owner of information it collects from current and former employees, applicants for employment and their family members. Compliance Concepts also collects information from customers, customer’s employees, patients, patient’s family members and Physicians. Compliance Concepts will not sell or share this information with third parties in ways different than what is disclosed in this Privacy Policy or specific guidelines set forth by our customers. On a global basis, Compliance Concepts will, and will cause its affiliates to, establish and maintain business procedures that are consistent with this Policy.

Personal information collected by Compliance Concepts from employees and applicants for employment, customers, customer’s employees, patients, patient’s family members and physicians is maintained at its corporate offices in Wexford, Pennsylvania as well as their office in Charlotte, North Carolina, in the United States. Personal Information collected by Compliance Concepts may include among other things such as, legitimate human resource business, payroll administration; filling employment positions; administration and operations of its benefit programs; meeting governmental reporting requirements; security, health and safety management; performance management; company network access; and authentication. Compliance Concepts does not request or gather information regarding political opinions, religion or philosophy. To the extent Compliance Concepts maintains Personal Information on employees, customers, customer’s employees, patients, patient’s family members and physicians as legally required or by contractual agreement, Compliance Concepts will protect, secure and use that information in a manner consistent with this Policy and applicable law.

Personal information collected by Compliance Concepts from customers, customer’s employees, patients, patients family members and physicians may be maintained at its corporate offices in Wexford, Pennsylvania or at other Compliance Concepts facilities. Compliance Concepts collects Personal information for, among other things, customer’s employees, patients, patient’s family members and physicians who wish to report legitimate concerns regarding issues that may adversely impact their company, their positions within the company or personal well being. Other Personal Information may be collected for business reasons such as customer service; meeting governmental reporting and records requirements; maintenance of accurate accounts payable and receivable records; internal marketing research; financial and sales data; and contact information. All Personal information collected by Compliance Concepts will be used for legitimate business purposes consistent with this Policy.


For purposes of this Policy, the following definitions shall apply:

"Agent" means any third party that uses Personal information provided by Compliance Concepts to perform tasks on behalf of or at the instruction of Compliance Concepts.

"Compliance Concepts" means Compliance Concepts, Inc., its predecessors, successors, subsidiaries and divisions.

"Personal information" means any information or set of information that identifies or could be used by or on behalf of Compliance Concepts to identify an individual. Personal information does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public Personal information.

"Sensitive Personal information" means Personal information that reveals race, ethnic origin, trade union membership, or that concerns health. In addition, Compliance Concepts will treat as sensitive Personal information any information received from a third party where that third party treats and identifies the information as sensitive.


The privacy principles in this Policy are based on the seven Safe Harbor Principles.

(1) NOTICE: Where Compliance Concepts collects Personal information directly from individuals, it will inform them about the purposes for which it collects and uses Personal information about them, the types of non-agent third parties to which Compliance Concepts discloses that information, and the choices and means, if any, Compliance Concepts offers individuals for limiting the use and disclosure of their Personal information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal information to Compliance Concepts, or as soon as practicable thereafter, and in any event before Compliance Concepts uses the information for a purpose other than that for which it was originally collected. Compliance Concepts may disclose Personal information if required to do so by law or to protect and defend the rights or property of Compliance Concepts or its customers.

(2) CHOICE: Compliance Concepts will offer individuals the opportunity to choose (opt-out) whether their Personal information is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.

For sensitive Personal information, Compliance Concepts will give individuals the opportunity to affirmatively and explicitly (opt-in) consent to the disclosure of the information to a non-agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.

Compliance Concepts will provide individuals with reasonable mechanisms to exercise their choices should requisite circumstances arise.

(3) DATA INTEGRITY: Compliance Concepts will use Personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. Compliance Concepts will take reasonable steps to ensure that Personal information is relevant to its intended use, accurate, complete and current.

(4) TRANSFERS TO AGENTS: Compliance Concepts will obtain assurances from its Agents that they will safeguard Personal information consistently with this Policy. Examples of appropriate assurances that may be provided by Agents include: a contract obligating the Agent to provide at least the same level of protection as is required by the relevant Safe Harbor Principles, being subject to EU Directive 95/46/EC (the EU Data Protection Directive), Safe Harbor certification by the Agent, or being subject to another European Commission adequacy finding (e.g., companies located in Switzerland). Where Compliance Concepts has knowledge that an Agent is using or disclosing Personal information in a manner contrary to this Policy, Compliance Concepts will take reasonable steps to prevent or stop the use or disclosure. Compliance Concepts holds it Agents accountable for maintaining the trust our employees and customers place in the company.

(5) ACCESS AND CORRECTION: Upon request, Compliance Concepts will grant individuals reasonable access to Personal information that it holds about them. In addition, Compliance Concepts will take reasonable steps to permit individuals to correct, amend or delete information that is demonstrated to be inaccurate or incomplete. Any employees or customers employees that desire to review or update their Personal information can do so by contacting the corporate offices of Compliance Concepts or their respective company.

(6) SECURITY: Compliance Concepts will take reasonable precautions to protect Personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction. Compliance Concepts protects data in many ways. Physical security is designed to prevent unauthorized access to database equipment and hard copies of sensitive Personal information. Electronic security measures continuously monitor access to our servers and provide protection from hacking or other unauthorized access from remote locations. This protection includes the use of firewalls, restricted access and encryption technology. Compliance Concepts limits access to Personal information and data to those persons in Compliance Concepts organization, or customers who have a contractual agreement that would allow them access to Personal Information regarding their company and its employees.

Individuals who have been granted access to Personal information are aware of their responsibilities to protect the security, confidentiality and integrity of that information and have been provided training and instruction on how to do so.

(7) ENFORCEMENT: Compliance Concepts will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy and the US Department of Commerce Safe Harbor Principles. Any employee that Compliance Concepts determines is in violation of this Policy will be subject to disciplinary action up to and including termination of employment.


Any questions or concerns regarding the use or disclosure of Personal information should be directed to Bryan Rainey at the address given below. Compliance Concepts will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal information in accordance with the principles contained in this Policy. For complaints that cannot be resolved between Compliance Concepts and the complainant, Compliance Concepts has agreed to participate in the dispute resolution procedures of the panel established by the European data protection authorities to resolve disputes pursuant to the Safe Harbor Principles.


Compliance Concepts sees the Internet, intranets and the use of other technologies as valuable tools for communicating and interacting with customers, employees and others. Compliance Concepts recognizes the importance of maintaining the privacy of Personal information collected through websites that it operates. Compliance Concepts’ sole purpose for operating its websites is to provide information concerning products and services to the public and to gather information for their customers. In general, visitors can reach Compliance Concepts or their respective companies on the Web without revealing any Personal information. Visitors on the Web or customer s or customers employees may elect to voluntarily provide Personal information via Compliance Concepts websites but are not required to do so. Compliance Concepts collects information from visitors to the websites who voluntarily provide Personal information by filling out and submitting online questionnaires concerning feedback on the website, requesting information on products or services, seeking employment or documenting a concern for which they are requesting resolution. The Personal information voluntarily provided by website users may include contact information limited to the user's name, home and/or business address, phone numbers, email address and other information regarding employees within their organization. Compliance Concepts collects this information so it may answer questions and forward requested information. Compliance Concepts does not sell or share this information with non-agent third parties.

Compliance Concepts may also collect anonymous information concerning website users through the use of "cookies" in order to provide better customer service. "Cookies" are small files that websites place on users' computers to identify the user and enhance the website experience. None of this information is reviewed at an individual level. Visitors may set their browsers to provide notice before they receive a cookie, giving the opportunity to decide whether to accept the cookie. Visitors can also set their browsers to turn off cookies. If visitors do so, however, some areas of Compliance Concepts websites may not function properly.

None of Compliance Concepts websites are directed toward children. Nevertheless, Compliance Concepts is committed to complying with applicable laws and requirements, such as the United States' Children's Online Privacy Protection Act ("COPPA").

Compliance Concepts website users have the option to request that Compliance Concepts not use information previously provided, correct information previously provided, or remove information previously provided unless the information belongs to a customer and is governed by contractual agreement. Those that would like to correct or suppress information they have provided to Compliance Concepts should forward such inquiries to:

Compliance Concepts
103 Bradford Road
Suite 320
Wexford, PA 15090
Attention: Bryan Rainey

The inquiries should include the individual's name, address, and other relevant contact information (phone number, email address). Compliance Concepts will use all reasonable efforts to honor such requests as quickly as possible.

Compliance Concepts websites may contain links to other "non-Compliance Concepts" websites. Compliance Concepts assumes no responsibility for the content or the privacy policies and practices on those websites. Compliance Concepts encourages all users to read the privacy statements of those sites; their privacy practices may differ from those of Compliance Concepts.


The practices described in this Policy are current Personal data protection policies as of October 1, 2006. Compliance Concepts reserves the right to modify or amend this Policy at any time consistent with the requirements of the Safe Harbor Principles. Appropriate public notice will be given concerning such amendments.



E-mail this page   Print this page   Save page
:: About CCI     Privacy     Contact Us     Terms of Use  
Safe Harbor Policy  Compliance Concepts, Inc. Copyright 2012, All Rights Reserved.