NetSuite General EEA Safe Harbor Notice
Scope of Safe Harbor Certification
NetSuite Inc. ("NetSuite" or "we") recognize that the European Community has established a data protection regime pursuant to Directive 95/46/EC, which applies to the European Economic Area ("EEA") and restricts companies in the EEA in transferring personal data about individuals in the EEA to the United States, unless there is "adequate protection" for such personal data when it is received in the United States. To create such "adequate protection" and allow our subsidiaries and business partners to overcome the restriction on international data transfers established by the Directive, we adhere to the Safe Harbor Privacy Principles published by US Department of Commerce ("Safe Harbor Principles") with respect to personal data about individuals in the EEA that we receive from our subsidiaries, customers and other business partners. Our Safe Harbor Certification does not extend to data that we receive directly through NetSuite's publicly accessible websites (any of our websites such as www.netsuite.com that can be accessed without a password). More information on the Safe Harbor Principles and NetSuite's scope of participation is available at www.export.gov/safeharbor/sh_overview.html.
Scope of this Notice
This Notice does not apply to employees of NetSuite or our subsidiaries; this Notice addresses other data subjects residing in the EEA ("EEA Persons") whose data we may receive from one of our subsidiaries, customers, suppliers or other business partners in the EEA e.g., referral partners, integration partners, etc. We have issued a separate Safe Harbor Notice for NetSuite Employees in the EEA.
Categories of EEA Data
We, together with our subsidiaries ("NetSuite Group"), sell integrated web-based business application software largely to small and midsize businesses. We receive mostly business-related information from the EEA, including contact information of individual representatives of the businesses with whom we are dealing, including, without limitation, names, addresses, work phone numbers, work email addresses, etc. of EEA Persons ("EEA Data"). In connection with some services, e.g., NetSuite's Customer Relationship Management services, our customers use our hosted technology platform to store and process EEA Data at their own discretion. Since EEA Data covered by this Notice is by definition sent to us by another company in the EEA (e.g., a customer of the NetSuite Group), the categories of data sent and the purposes of processing often depend on such other company, with whom the EEA Persons typically have a closer employment or business relationship (and which, therefore, can provide additional information on categories of data shared with us).
We collect and use EEA Data for purposes of providing products and services to our customers, communicating with corporate business partners about business matters, processing EEA Data on behalf of corporate customers, providing information on our services, and conducting related tasks for legitimate business purposes.
We share EEA Data with our subsidiaries, affiliates and contractors, who process EEA Data on behalf of the NetSuite Group. We also share EEA Data with other third parties for the purposes for which we receive the EEA Data (e.g., performance of contractual obligations and rights), and we may also disclose EEA Data where we are legally required to disclose (e.g., under statutes, contracts or otherwise) or the disclosure is permitted by law or the Safe Harbor Principles and we have a legitimate business interest in such disclosure.
With respect to marketing emails, EEA Persons may opt-out of receiving further email marketing communications from NetSuite by sending an email to email@example.com, or by following opt-out instructions that are contained in each marketing email. EEA Persons may also send an email to this address to ask to opt-out of disclosures to third parties, but such a limitation on data sharing may make it difficult or impossible for us to provide the requested services.
Access and Review
If you are an EEA Person about whom we hold EEA Data, you may request access to, and the opportunity to update, correct or delete, such EEA Data. To submit such requests or raise any other questions, please contact the business that provided your EEA Data to us. You can also contact our Safe Harbor Contact. We reserve the right to take appropriate steps to authenticate an applicant's identity, to charge an adequate fee before providing access and to deny requests, except as required by the Safe Harbor Principles.
Safe Harbor Contact
If you have questions, please contact NetSuite's Director of Security at NetSuite Inc., 2955 Campus Drive, Suite 100, San Mateo, California 94403, telephone: 650-627-1000, e-mail: firstname.lastname@example.org, or fax: 650-627-1001. If you have a comment or concern that cannot be resolved with us directly, you may contact the competent local data protection authority.