Do I need to be accredited with my local BBB to enroll in BBB EU Privacy Shield? Does accreditation include EU Privacy Shield dispute resolution?
No, you do not need BBB Accreditation to sign up for BBB EU Privacy Shield program, and accreditation does not include EU Privacy Shield dispute resolution. BBB EU Privacy Shield is a separate specialized program recognized by the Department of Commerce as a dispute resolution mechanism under the EU Privacy Shield Framework. The BBB EU Privacy Shield Participation Agreement binds participating businesses to arbitrate disputes from European consumers concerning alleged violations of the EU Privacy Shield Principles and includes other necessary provisions that are not part of your local BBB accreditation agreement.
How long will it take for BBB EU Privacy Shield to accept my application after you receive my Participation Agreement and annual fee?
- The policy must include an affirmative commitment to adhere to each of the Privacy Shield Principles at the core of the Privacy Shield Framework, and should address the 13 requirements of the Privacy Shield Notice principle.
- The policy must identify BBB EU Privacy Shield as your independent recourse mechanism for Privacy Shield privacy complaints and include contact information for the program.
- The policy must be clearly posted on your Web site or be publicly available on request.
Can our Participation Agreement be structured to cover our subsidiaries or affiliates? When must a subsidiary create its own separate account?
Other legal entities (subsidiaries or affiliates) may be covered under the parent organization’s Agreement in some limited circumstances. At a minimum, the parent and the subsidiary must be covered by a common website Privacy Shield notice that is posted on all subsidiary websites and that links to the BBB’s complaint handling page, they must share a privacy officer and point of contact for privacy complaints, and the parent must be able to designate a corporate officer to sign the Agreement who is authorized to bind both the parent and the subsidiary. Where several entities are covered under a single Agreement, the annual fee will be based on the aggregated gross annual revenues of the parent and all covered entities. Where all of these conditions cannot be met, a separate application and Agreement must be submitted for each subsidiary.
If you would like your subsidiaries to be covered by the Program, please contact us to check on their eligibility. If we determine that subsidiaries may be covered under your Agreement, you must add the names of all subsidiaries to be covered before signing the Agreement and returning it to us.
Is your fee schedule based on my business’s worldwide gross revenue or on revenue from EU business alone?
Our fees are based on your business’s total gross revenue, not simply revenue from EU-related business.
Will BBB EU Privacy Shield provide a program seal or mark for our Web site?
Will BBB EU Privacy Shield assist us with the required annual verification that our privacy practices are consistent with the Principles?
While BBB EU Privacy Shield does provide self-certification guidance and ongoing compliance assistance to our participating businesses, we do not offer verification services. However, an annual verification to ensure compliance with the Principles is a Privacy Shield certification requirement. The majority of our participants choose to internal self-assessment and verification rather than using a third-party provider. When choosing this option, simply select “Self-Assessment” in the verification section of your Department of Commerce certification application.
Does BBB EU Privacy Shield publish information on the complaints it receives?
The Program Rules require that a Procedure Report be published online each year there is relevant data to report. The Reports include a statistical summary showing: (1) the number and nature of contacts from the public and the actions taken by the BBB NP and Panelist with respect to those contacts; and (2) the number and nature of Complaints deemed ineligible for processing during the period, including the specific reason for a determination of ineligibility.