contact us to

get started

Contact Sales
HR E.U.-U.S. Privacy Shield Privacy Policy

Model N, Inc.

As adopted May 25, 2018

  1. Introduction.

This document sets forth Model N, Inc. HR Privacy Shield Privacy Policy (the “Policy”) governing the use of Personal Data (as defined below). This Policy is applicable to all employees of Model N, Inc. and its subsidiaries (“Model N”). This group of companies is referred to in this Policy document variously as Model N or as the “Company”.

  1. Scope.

Company policy is to respect and protect Personal Data (as defined below) collected or maintained by or on behalf of the Company. In furtherance of the Company’s commitment to this Policy, Model N has certified to adhere to the Privacy Principles set forth in the EU-US Privacy Shield Framework regarding Personal Data related to employees of Model N resident in the European Economic Area (“EEA”), and processed in support of Model N human resources operations. With respect to Personal Data received or transferred pursuant to Privacy Shield, Model N is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. The Company’s commitment to participate in the Privacy Shield program can be found at the following Department of Commerce (“DOC”) website located at https://www.privacyshield.gov that officially lists all U.S. entities that have registered for the program.

  1. Definitions.
    • Agent” means any third party that processes Personal Data under the instructions of and solely for Model N or to which Model N discloses Personal Data for use on its behalf.
    • Data Subject” means a natural person resident in the EEA who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity. For purposes of this Policy, Data Subject shall be restricted to any current and former Model N employees, including but not limited to, temporary and permanent employees, retirees, and other former employees as well as dependents of such employees.
    • Personal Data” means any information or set of information in any form that relates to a Data Subject, including, but not limited to, title, name, address, phone number, email address, date of birth, passport number, driver’s license number, Social Security number or other government-issued identification number, financial information related to background checks, bank details for payroll, information that may be recorded on a CV or application form, contact information of third parties in case of an emergency and beneficiaries under any health or life insurance policy.
    • Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, transfer, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, dispersed erasure or destruction
    • Sensitive Personal Data” means Personal Data that reveals race, ethnic origin, political opinion, religious or philosophical beliefs, trade union membership, any information that concerns health or sex life, or information relating to the commission of a criminal offense. Sensitive Personal Data may include information relating to disability, mental health, medical leave, and maternity leave.
    • Third Party” means any natural person or legal entity that is not a subsidiary, employee or director of Model N or its subsidiaries.
  2. Principles.
    • Notice. Model N shall inform Data Subjects that it participates and subjects itself to the Principles of the EU-US Privacy Shield Framework, the purpose for which it collects and uses Personal Data and the types (or identity) of Agents to whom the Company discloses or may disclose that Personal Data. Model N will provide notice in clear and conspicuous language when Data Subjects are first asked to provide Personal Data to the Company, or as soon as practicable thereafter, and in any event before the Company uses or discloses the Personal Data for a purpose other than that for which it was originally collected.
    • Choice. Model N collects Personal Data about its employees for human resources or compliance related functions, including, without limitation, recruiting, onboarding, performance appraisals and payroll or benefit distribution. If Model N intends to use Personal Data for purposes outside of the Company’s human resources related functions (such as marketing communications) and (i) discloses Personal Data to a Third Party or (ii) uses the Personal Data for a purpose other than the purpose for which it was originally collected or subsequently authorized by the Data Subject, the Company will offer the Data Subject the opportunity to opt-out of whether their Personal Data is (1) to be disclosed to a Third Party or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the Data Subject.
    • Accountability for Onward Transfers. Model N is responsible for the processing of Personal Data it receives under the EU-US Privacy Shield Framework and subsequently transfers to a Third Party acting as an Agent on its behalf. Model N complies with the Privacy Shield Principles for all onward transfers of Personal Data from the EU, including the onward transfer liability provisions. Model N will endeavor to only transfer Personal Data to an Agent where such Agent has given assurances that it provides at least the same level of privacy protection as is required by the Privacy Shield Principles and this Privacy Policy and will notify Model N if it makes a determination it can no longer meet this obligation.

Prior to disclosing Personal Data to a Third Party, Model N shall notify the Data Subject of such disclosure and allow the Data Subject the choice to opt-out of such disclosure unless the disclosure meets an employment requirement or is made to an Agent. Model N shall enter into contracts to ensure that any Third Party to whom Personal Data may be disclosed is aware of and adheres to the Principles or is subject to law providing the same level of privacy protection as is required by the Principles and agrees to provide an adequate level of privacy protection. The Company shall also, upon notice, take reasonable and appropriate steps to stop and remediate unauthorized processing by Agents and agrees to provide a summary or a representative copy of the relevant privacy provisions of its contracts with Agents to the DOC upon request.

The storage by Company of Personal Data on servers and/or on software made available or hosted by Agents shall not be considered disclosures of Personal Data to a Third Party so long as the Agent does not have direct access to the Personal Data stored or hosted. Model N shall endeavor by contract that any such Agent (a) is aware of the Principles or (b) is subject to laws providing the same level of privacy protection as is required by the Principles or (c) has contractual safeguards in place to protect the Personal Data.

  • Security. Model N takes reasonable and appropriate administrative, technical and physical measures designed to protect the confidentiality, integrity and availability of Personal Data, whether in electronic or tangible, hard copy form. Model N shall take reasonable steps designed to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction.
  • Data Integrity and Purpose Limitation. Model N limits the collection, use and retention of Personal Data to that which is relevant for the intended purposes for which it was collected or authorized by the Data Subject and takes reasonable steps designed to establish that all Personal Data is reliable, accurate, complete and current. Model N depends on its employees to keep Personal Data reliable, accurate, complete and current and will rely on its employees to maintain the integrity of all Personal Data they provide to the Company. The Company shall also adhere to the Principles for as long as it retains such Personal Data.
  • Access. Model N shall allow Data Subjects to access their Personal Data and to correct, amend or delete inaccurate information or information that is processed against the Principles, except (i) where the burden or expense of providing access would be disproportionate to the risks to the privacy of the Data Subject in the case in question, (ii)  for requests which are manifestly abusive, based on unreasonable intervals or their number or repetitive or systematic nature, or  (iii) where the rights of persons other than the Data Subject would be violated.

Model N is not required to identify the sources of Personal Data when such identification is not possible through reasonable efforts, or where the rights of persons other than the affected Data Subject would be violated. If there are compelling grounds to doubt the legitimacy of a Data Subject’s request for rectification, amendment or deletion of his or her Personal Data, Model N may require further justifications before performing the Data Subject’s request. Model N is not required to notify Third Parties to whom the Personal Data has been disclosed of any rectification, amendment or deletion when such notification involves a disproportionate effort or unreasonable burden.

  • Recourse, Enforcement, and Liability. Model N periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, is disseminated to its relevant employees, is completely implemented and accessible and is in conformity with the Principles set forth in this Policy. Model N encourages interested persons to raise any concerns using the contact information provided below and will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of Personal Data in accordance with the Principles. Data Subjects also have a binding arbitration option that is available to determine for residual claims whether obligations under the Principles have been violated as to a Data Subject, and whether such violation remains fully or partially remedied. Under this arbitration option, the Privacy Shield Panel can impose individual-specific, non-monetary equitable relief (such as access, correction, deletion, or return of the individual’s data in question) (https://www.privacyshield.gov/article?id=ANNEX-I-introduction).
  • EU residents. For EU residents Model N has agreed to cooperate with the European Data Protection Authorities (https://edps.europa.eu/data-protection/our-role-supervisor/complaints_en) for the purpose of handling any unresolved complaints regarding Personal Data concerns.  EU Data Subjects (employees) may engage their local Data Protection and/or Labor Authority concerning adherence to the Principles and the Company shall respond directly to such authorities with regard to investigations and resolution of complaints.
  1. Limitation on Scope of Principles.

Model N adheres to the Principles except as required or allowed by law, to meet legal, governmental, law enforcement or national security obligations, or to protect the health or safety of an individual.

  1. Changes to this Policy.

This Policy may be amended consistent with the requirements of Privacy Shield. When Model N updates the Policy, it will add or amend the “As Amended” date at the top of this document and make the updated policy available to all relevant employees.

  1. Contact Information.

Questions, comments or complaints regarding this Policy or Model N Personal Data processing practices can be emailed to legal@modeln.com

You have an inquiry? We are here to help.

Thank you for your interest in Model N and our Revenue Management solutions and services. Please submit the form to the right and a representative will contact you to answer questions.

Start typing and press Enter to search