Privacy Policy

Purpose

The purpose of this privacy policy is to inform our clients, employees, business partners and the general public how we protect and handle private and sensitive information. At Project Lunar, we are committed to protecting your privacy through stringent privacy practices like Standard Contractual Clauses and adherence to the Privacy Shield Principles of the Privacy Shield Program. As of 2016, The EU-U.S. Privacy Shield Framework replaces the Safe Harbor Framework, and the Swiss-U.S. Privacy Shield Framework replaces the U.S.-Swiss Safe Harbor Framework. Project Lunar Brand Strategy in the U.S.,

Project Lunar complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland, to the United States. Project Lunar has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

Project Lunar is a diverse, global consultancy with offices across the United States, and in London, Berlin, Zurich, Hong Kong and Shanghai. Our business practices and processes are shared between our global offices, which means that our client and employee data is shared between our US, European and other international offices. Project Lunar is fully committed to the proper handling and privacy of the personal information that it collects or uses for all individuals within the European Union and Switzerland. To protect the individual’s information, Project Lunar complies with both the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework designed by the U.S. Department of Commerce, the European Commission and the Swiss Administration.

Project Lunar is under the jurisdiction of the U.S. Federal Trade Commission for investigations and enforcement related to compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. All of Project Lunar’s privacy practices comply with the following Privacy Shield Principles, as detailed in the policy section of this document:

Notice
Choice
Accountability for Onward Transfer
Security
Data Integrity and Purpose Limitation
Access
Recourse, Enforcement and Liability

Scope and Applicability

This Privacy Policy applies to all data and information collected by Project Lunar that allows for identification of an individual (Personal Information [PI] or Personal Identifiable Information[PII]), including all personal data received from the EU and Switzerland. The personal information (for either clients or employees) may include names, email addresses, mailing and/or business addresses, telephone and fax numbers and employee identification information.

Adherence to this policy applies to all employees who work for Project Lunar, or one of its subsidiary companies in the United States, United Kingdom, Germany, Switzerland, Singapore and China.

Policy

The following sections of the Project Lunar Privacy Policy comply with the seven Principles and sixteen Supplemental Principles of the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework.

Notice

Project Lunar collects, handles and processes your personal information only for business purposes with you and/or your company. If your personal information is collected and used, Project Lunar will notify you, usually at the time of collection or as soon as possible after the information is collected. Project Lunar may disclose your personal information to comply with any lawful requests from public authorities, law enforcement, or matters of national security.

Project Lunar does not sell or rent your personally identifiable information to anyone. Project Lunar may disclose your personal data to third parties for legitimate business purposes. The types of third parties that may be used by Project Lunar, and the purposes for disclosing personal information, include but are not limited to:

Vendors that assist with payroll, benefits and HR support for employees
Vendors that supply Software as a Service (SaaS) for internal communications and sales tracking
Credit card companies that have employee credit card information
Travel expense vendors who manage employee travel expense information
Vendors who provide project support or project management support
Vendors who provide analytics services for projects
Vendors who provide backup or storage services for data

Online Information

In addition to your personal and demographic information, when you visit a Project Lunar website your web browser software may automatically provide us with information such as the browser name and version, your computer type, operating system and the previous website you visited if you clicked a link to our site from another website. We also automatically determine your internet IP address or your internet service provider’s IP address. Any of this information may be recorded in our system logs or securely collected on our behalf via third-party services. This information will only be used internally in anonymous, aggregate reporting.

You may choose to provide Project Lunar with additional personal information by completing our online forms. We will inform you of how your personal information will be used at the point of collection, and Project Lunar will only use your personal information as described in this Privacy Policy.

Use of Cookies

Certain parts of our website use cookies to provide a more optimal web experience. A cookie is a small piece of data sent to your web browser and saved on your computer. On subsequent visits to our site, your browser will automatically re-transmit the cookie data to our site. We may use cookies to customize the content shown to you, to provide conveniences to your browsing experience or to track aggregate traffic trends on our site. You are not required to accept and store cookies to browse our websites. However, to access any of our protected websites that require a username and password, you will need to accept and store an authentication-related cookie for the duration of your visit.

Our website contains links to other sites. Project Lunar does not share your personal information with these sites, nor do we have any control over the privacy policies of those sites. We encourage you to learn about the privacy policies of the companies responsible for those sites.

Employee Information

We collect and use employee information only for business purposes, and our employees’ personal information is never sold or rented to third parties. Data may be collected and stored from potential candidates for hire with Project Lunar, which includes direct employees and contractors. Employee information, including personally identifiable information (PII), performance and disciplinary information, health-related information or other sensitive employee information is only accessible by Project Lunar employees who have legitimate human resource purposes, and/or a business need to know.

Choice

Project Lunar will provide you with the opportunity to opt-out of having your personal information (1) disclosed to a third party who is not currently working for Project Lunar, and (2) used for a purpose that is different from the original use purpose when it was collected or authorized for use by you. The only exception to this choice is the requirement of disclosure of personal information by government or judicial order, or other legal requirements.

You can choose to opt-out of marketing materials from Project Lunar at any time. To exercise your rights to limit how your data is used as described above, contact us at command@project-lunar.com with instructions on which opt-out options you would like applied to your personal data. Project Lunar system administrators will manually apply the appropriate control measures to any records that contain your personal information.

In addition, to opting out of how your information is used for marketing purposes, you have the right to request that your data be forgotten (known as the right of erasure), and removed in the following circumstances:

when your personal data is no longer necessary to achieve the purposes for which it is collected or processed
when you have withdrawn your consent
where you object to the processing of your personal data
where consent is provided by a child who is not fully aware of the risks involved by the processing, and later wants to remove such personal data, especially on the internet
where the processing of personal data does not otherwise comply with the GDPR

The right to erasure does not apply where personal data is necessary for compliance with legal or regulatory requirements, legal claims, if the data is required for the good of public health or public interest, or if the data is needed for scientific or historical archival purposes. To exercise your right to be forgotten, contact us at command@Project-Lunar.com and we will respond to your request as quickly as possible. Project Lunar system administrators will manually remove your personal data where possible and contact you when the data has been successfully removed. Project Lunar is required to comply with your request unless the data is impossible to remove or requires a disproportionate cost or effort to remove, in which case Project Lunar will respond with information concerning where your data could and could not be removed.

Under the Privacy Shield Program, organizations do not have to obtain express consent (opt-in) with respect to sensitive data under the following processing conditions – If the data processing is in the vital interest of the data subject or another person, if it is necessary for the establishment of legal claims or defenses, if it is required to provide medical care or diagnosis, if the data processing is carried out in the course of legitimate activities by a foundation, association or any other non-profit body with a political, philosophical, religious or trade-union aim and on condition that the processing relates solely to the members of the body or to the persons who have regular contact with it in connection with its purposes and that the data are not disclosed to a third party without the consent of the data subjects, if it is necessary to carry out an organization’s obligations in the field of employment law, or if it is related to data that has been made public by the individual.

Accountability for Onward Transfer of Personal Data

Project Lunar will not transfer personal information originating in the EU or Switzerland to third parties unless such third parties have entered into an agreement in writing that requires them to provide at least the same level of privacy protection to your personal information as required by the Principles of the EU-US Privacy Shield Framework or the Swiss-US Privacy Shield Framework. Project Lunar only transfers data to agents or third-party service providers who have a legitimate need to the information in order to provide services on behalf of Project Lunar. Project Lunar will be liable for these data transfers to third parties.

Security

Project Lunar is committed to protecting the personal information that it collects and stores, and we have implemented technical, operational, and administrative security measures to prevent the loss, misuse, disclosure, alteration, theft, or destruction of such information.

Data Integrity and Purpose Limitation

Project Lunar only collects and retains personal information that is relevant to the purposes for which it is collected. Personal information will not be used in a way that is incompatible with such purposes, unless such use as been explicitly authorized by you. Project Lunar will take reasonable steps to preserve the integrity of your personal information and to ensure that it is reliable for its intended use, accurate, complete, and current. Project Lunar may contact you to verify that the data we have is accurate and current.

Per Privacy Shield Supplemental Principle 2, personal information that is gathered for publication, broadcast, or other forms of public communication of journalistic material, whether used or not, as well as information found in previously published material disseminated from media archives, is not subject to the requirements of the Privacy Shield Principles.

Access

You have the right to access and correct your personal information data that is used by Project Lunar. You can correct, amend, or request that information is deleted if it is inaccurate or has been processed in violation of the Privacy Shield Principles. The only exception to an access request for personal information is where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated.

Recourse, Enforcement and Liability

If you have any questions or concerns about Project Lunar compliance with our Privacy Policy or the Privacy Shield Principles, please contact us at command@project-lunar.com. We will investigate your complaint thoroughly and will respond to you within 45 days from the time we were notified.

In compliance with the Privacy Shield Principles, Project Lunar commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Project Lunar at: command@project-lunar.com .

If you are not satisfied with Project Lunar’s response to your complaint, we will provide an additional recourse mechanism at no cost to you. Project Lunar cooperates and complies with the EU data protection authorities (DPAs) under the EU-U.S. Privacy Shield Framework, and with the Swiss Federal Data Protection and Information Commissioner (FDPIC) under the Swiss-U.S. Privacy Shield Framework and complies with the advice given by such authorities with regard to human resources and non-human resources data transferred from the EU and Switzerland. Contact information for the EU DPA and the Swiss Federal Data Protection Information Commissioner are as follows:

European Data Protection Supervisor

Rue Wiertz 60
1047 Bruxelles/Brussel
Office: Rue Montoyer 63, 6th floor
Tel. +32 2 283 19 00
Fax +32 2 283 19 50
e-mail: edps@edps.europa.eu
Website: https://www.edps.europa.eu/EDPSWEB/

Swiss Federal Data Protection and Information Commissioner

Verantwortliche Person Adrian Lobsiger

Adresse Feldeggweg 1, 3003 Bern

Telefonnummer +41 (0)58 462 43 95 (Mo. bis Fr., 10.00 bis 12.00 Uhr)

Email-Adresse Kontaktformular

Webseite www.edoeb.admin.ch

Additional lists of more specific DPAs by country, city or region can be found here- https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm and here- https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/links/data-protection—switzerland.html.

Under certain conditions, if you are not satisfied with the recourse mechanisms provide by Project Lunar or Project Lunar’s compliance with the Privacy Shield Principles, you may be able to invoke binding arbitration to address your complaint.

Regarding onward transfers of personal data, Project Lunar is responsible for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. Project Lunar shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless Project Lunar proves that it is not responsible for the event giving rise to the damage.

Right to Change Policy

Any changes to the EU-U.S. Privacy Shield Framework or the Swiss-U.S. Privacy Shield Framework, or the addition of new or updated applicable laws will result in changes to the Project Lunar Privacy Policy. Project Lunar reserves the right to amend this Privacy Policy and its related business procedures at any time.

Project Lunar Employee Policy Adherence and Enforcement

It is the responsibility of all Project Lunar employees to read and adhere to this policy, and by signing this policy each employee agrees to abide by its contents. Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.