Privacy Policy

Welcome

Consilio LLC and all affiliated companies entities, (“Consilio”, “we”, “us”, or “our”) understand that privacy is important and that you consider carefully how your Personal Data, defined in the “Information Collection” section below, is used and shared.  We respect and value the privacy of everyone who interacts with us and will only collect and use Personal Data in ways that are described in this Privacy Notice (“Notice”), and in a manner that is consistent with our obligations and your rights under the law.

If you have any questions regarding this Notice or how we collect and use Personal Data, please contact us electronically at privacy@consilio.com

Scope

This Notice describes the types of Personal Data that Consilio may collect or process, how we may use and disclose that Personal Data, and how you may exercise any rights you may have regarding the processing of your Personal Data. This Notice applies to Personal Data collected or processed by us online (through our websites, applications, and otherwise), when we provide products or services to you, and in other situations where you interact with us, including anywhere this Notice is posted or referenced (products, services, websites, and other systems will be referred to in this Notice as “Products and Services”). This Notice also applies to Personal Data that is collected or processed when you interact with us in-person, by telephone, or by mail.

Consilio may have other unique privacy notices that apply to certain specific situations, such as privacy notices for specific Products and Services in various specific circumstances. To the extent you were provided with a different privacy policy or notice, and those policies or notices apply, those policies or notices will govern our interactions with you, not this one.

If you provide Personal Data of anyone other than yourself, please note that you are responsible for complying with all applicable privacy and data protection laws prior to providing that information to Consilio (including obtaining consent, if necessary and required).

Please carefully review this Notice. To the extent permitted by applicable law, by providing us your Personal Data or otherwise interacting with us, you are agreeing to this Notice.

Consilio entities are a data processor for the services we provide to clients.  In some cases Consilio entities may also be a data controller, this may include (but it is not limited to) for employee data, recruitment data and business admin tasks.

Information Collection
Personal Data

“Personal Data” is any and all data that relates to an identifiable person who can be directly or indirectly identified from that data, such as name, address, email address, telephone number, or credit card number, as applicable. Personal Data in some jurisdictions can include information that indirectly identifies a person, even absent other identifying information.

Some examples of instances where we collect Personal Data include if you:

  • register for an account for one of our Products or Services;
  • sign up for newsletters or other informational or marketing materials;
  • participate in our events, conferences, or trainings;
  • ask us a question by contacting us;
  • apply for employment with us;
  • interact with us as a customer, vendor, supplier, or business partner or an employee or representative of same, including if you provide information about your customers or patients;
  • respond to our surveys or questionnaires;
  • make a complaint to us or to our customers about us; or,
  • purchase, use, or receive our Products or Services.

We will process any Personal Data we collect in accordance with applicable law and as explained in this Notice (unless, as explained above, one of our other policies or notices governs). In some circumstances, if you do not want to provide us with your information, certain Products and Services may be unavailable to you.

Consilio does not sell Covered Information as defined under Nevada law.  For the purposes of California law, Consilio do not sell—and has not sold in the past twelve (12) months—Personal Data of California residents, including those under age sixteen (16).

Below is a summary of our processing activities for the past twelve (12) months, including how we collect, process, and use Personal Data and the potential recipients of your Personal Data. Some jurisdictions require us to state the legal bases for processing your Personal Data, which is included below, but please note that not all jurisdictions may recognize all legal bases.

Sources of your Personal Data Purposes of Processing Legal Bases for Processing Recipients of your Personal Data
Identity and Contact Information

Examples of identity and contact information we process: First and last name, email address, postal address, phone number, job title, account username and password, and Internet Protocol address (commonly referred to as an “IP address”).

Examples of how we use your identity and contact information:  Amongst other uses, we may use your identity and contact information to communicate with you in response to inquiries you make as a supplier, customer, or employment candidate; to provide and support our Products and Services.
We obtain this Personal Data from:

  • you directly
  • your devices
  • our customers
  • our business partners
We process this Personal Data for the following purposes:

  • to provide you with our Products and Services
  • to communicate with you
  • to identify and authenticate you
  • to customize content for you
  • to detect security incidents
  • to protect against malicious or illegal activity
  • to ensure the appropriate use of our Products and Services
  • to improve our Products and Services
  • for short-term, transient use
  • for administrative purposes
  • for marketing, internal research, and development
  • for quality assurance
We process this Personal Data under the following legal bases:

  • for the purposes of our legitimate interests
  • in the public interest
  • to comply with a legal obligation
  • to perform a contract
  • to protect vital interests
  • in circumstances where we have requested and received consent and for other purposes that may be required or allowed by law
We may share this Personal Data with:

  • Consilio, our affiliates, subsidiaries, and related companies
  • third-party vendors that provide business administration, human resources administration, and office management services for our business purposes
  • partners that further our business purposes in providing the Products and Services or help us improve our marketing or administration *
Demographic Information

Examples of demographic information we process: Age, gender, marital status, disability, and date of birth.

Examples of how we use your demographic information:  Amongst other uses, we may use your demographic information to assess our compliance with anti-discrimination laws and to foster diversity in our business operations.
We obtain this Personal Data from:

  • you directly
  • our customers
  • our business partners
We process this Personal Data for the following purposes:

  • to provide you with our Products and Services
  • to communicate with you
  • to identify and authenticate you
  • to customize content for you
  • to detect security incidents
  • to protect against malicious or illegal activity
  • to ensure the appropriate use of our Products and Services
  • to improve our Products and Services
  • for short-term, transient use
  • for administrative purposes
  • for marketing, internal research, and development
  • for quality assurance
We process this Personal Data under the following legal bases:

  • for the purposes of our legitimate interests
  • in the public interest
  • to comply with a legal obligation
  • to perform a contract
  • to protect vital interests
  • in circumstances where we have requested and received consent and for other purposes that may be required or allowed by law
We may share this Personal Data with:

  • Consilio, our affiliates, subsidiaries, and related companies
  • third-party vendors that provide business administration, human resources administration, and office management services for our business purposes
  • partners that further our business purposes in providing the Products and Services or help us improve our marketing or administration *
Commercial and Financial Information

Examples of commercial and financial information we process: Transaction records, Products and Services purchased, obtained, or considered, request documentation, customer service records, financial transaction history, and financial account number.

Examples of how we use your commercial and financial information:  Amongst other uses, we may use your commercial and financial information to sell you our Products and Services; to support our Products and Services; and to support compliance with our financial reporting and tax obligations.
We obtain this Personal Data from:

  • you directly
  • your devices
  • our customers
  • our business partners
We process this Personal Data for the following purposes:

  • to provide you with our Products and Services
  • to communicate with you
  • to identify and authenticate you
  • to customize content for you
  • to detect security incidents
  • to protect against malicious or illegal activity
  • to ensure the appropriate use of our Products and Services
  • to improve our Products and Services
  • for short-term, transient use
  • for administrative purposes
  • for marketing, internal research, and development
  • for quality assurance
We process this Personal Data under the following legal bases:

  • for the purposes of our legitimate interests
  • in the public interest
  • to comply with a legal obligation
  • to perform a contract
  • to protect vital interests
  • in circumstances where we have requested and received consent and for other purposes that may be required or allowed by law
We may share this Personal Data with:

  • Consilio, our affiliates, subsidiaries, and related companies
  • third-party vendors that provide business administration, human resources administration, and office management services for our business purposes
  • partners that further our business purposes in providing the Products and Services or help us improve our marketing or administration*
Professional and Educational Information

Examples professional and educational information we process: Job title or position, employer, work skills, employment history, graduate degree, certification, specialized training, responses to surveys and questionnaires, and enrolment history for our education and training events.

Examples of how we use your professional and educational information:  Amongst other uses, we may use your professional and educational information to assess your application for employment and to manage your participation in seminars and conferences.
We obtain this Personal Data from:

  • you directly
  • our customers
  • from our business partners
We process this Personal Data for the following purposes:

  • to provide you with our Products and Services
  • to communicate with you
  • to identify and authenticate you
  • to customize content for you
  • to detect security incidents
  • to protect against malicious or illegal activity
  • to ensure the appropriate use of our Products and Services; to improve our Products and Services
  • for short-term, transient use
  • for administrative purposes
  • for marketing, internal research, and development
  • for quality assurance
We process this Personal Data under the following legal bases:

  • for the purposes of our legitimate interests
  • in the public interest
  • to comply with a legal obligation
  • to perform a contract
  • to protect vital interests
  • in circumstances where we have requested and received consent and for other purposes that may be required or allowed by law
We may share this Personal Data with:

  • Consilio, our affiliates, subsidiaries, and related companies
  • third-party vendors that provide business administration, human resources administration, and office management services for our business purposes
  • partners that further our business purposes in providing the Products and Services or help us improve our marketing or administration*
Technical Information

Examples technical information we process:  IP addresses, browser type, browser language, device type, advertising IDs associated with your device (such as Apple’s Identifier for Advertising (“IDFA”) or Android’s Advertising ID (“AAID”)), the date and time you use our Products and Services, Uniform Resource Locators (“URLs”), i.e., website addresses, visited prior to arriving and after leaving our Products and Services, activity on our Products and Services and referring websites or applications, data collected from cookies or other similar technologies, and geolocation information.

Examples of how we use your technical information:  Amongst other uses, we may use your technical information to protect against and respond to cybersecurity incidents and to provide you with customized content through our websites.
We obtain this Personal Data from:

  • you directly
  • your devices
  • our business partners
We process this Personal Data for the following purposes:

  • to provide you with our Products and Services
  • to communicate with you
  • to identify and authenticate you
  • to customize content for you
  • to detect security incidents
  • to protect against malicious or illegal activity
  • to ensure the appropriate use of our Products and Services
  • to improve our Products and Services
  • for short-term transient use
  • for administrative purposes
  • for marketing, internal research, and development
  • quality assurance
We process this Personal Data under the following legal bases:

  • for the purposes of our legitimate interests
  • in the public interest
  • to comply with a legal obligation
  • to perform a contract
  • to protect vital interests
  • in circumstances where we have requested and received consent and for other purposes that may be required or allowed by law
We may share this Personal Data with:

  • Consilio, our affiliates, subsidiaries, and related companies for our business purposes
  • third-party vendors that provide business administration, human resources administration, and office management services for our business purposes
  • partners that further our business purposes in providing the Products and Services or help us improve our marketing or administration*
Anonymized / De‑identified Data

Anonymized data is data for which your individual personal characteristics have been removed such that you are not identified and the information is no longer considered Personal Data under data protection laws.

Examples of how we use anonymized/de-identified data:  Amongst other uses, we may use anonymized/de-identified data to help us assess our business operations.
We obtain this Personal Data from:

  • you directly
  • your devices
  • our business partners
We process this Personal Data for the following purposes:

  • to improve our Products and Services
  • for short-term, transient use
  • for administrative purposes
  • for marketing, internal research, and development
  • for quality assurance
  • for our own purposes
We rely on the following legal bases to anonymize Personal Data, after which the data is no longer considered to be Personal Data under relevant data protection laws:

  • for the purposes of our legitimate interests
  • in the public interest
  • to comply with a legal obligation
  • for scientific or historical research or statistical purposes
  • to perform a contract
  • to protect vital interests
  • in circumstances where we have requested and received consent and for other purposes that may be required or allowed by law
We may share this anonymized/de-identified data with:

  • Consilio, our affiliates, subsidiaries, and related companies
  • third-party vendors that provide business administration, human resources administration, and office management services for our business purposes
  • partners that assist us in providing the Products and Services or help us improve our marketing or administration*

*In limited circumstances, recipients may include, (1) in the event of a sale, assignment, or transfer, to the buyer, assignee, or transferee; and, (2) government officials, law enforcement, or others when permitted by this Notice or required by law.

Cookies and Similar Tools

When you visit Consilio websites or applications, we may use “cookies,” web beacons, and other technologies to help us serve users better and to help us evaluate and improve the content or functions of the Products or Services. A cookie is a small piece of data (a unique numeric code) sent from a website or application and stored on a user’s device while the user is browsing the website or using the application. Cookies do lots of different jobs, like identifying previous activity so that your use of the Product or Service is more efficient and enjoyable, remembering your preferences (like language choices), and authenticating you.

Common uses for cookies include:

  • identifying users who have signed into a Product or Service to avoid users having to submit a user name and password repeatedly;
  • keeping track of users’ preferences regarding the content they would like to see and the format in which they would like to view it so they do not need to resubmit preferences;
  • keeping track of which pages users’ request to make improvements to site content and navigation;
  • engaging in analytics about how the Products or Services are used; and
  • collecting information about users’ activities over time and across different websites or applications while using the website or application.

Web beacons (also known as internet tags, pixel tags, and clear GIFs) are small pieces of code that may be placed on our websites or other Products and Services that allow us to obtain information about usage. Web beacons cannot identify you as an individual and are used to help display content to visitors and to generate statistics regarding web traffic and trends.

If you would like to opt-out or withdraw consent to use non-essential cookies and related technologies, you can set your web browser to prevent the use of cookies from Consilio websites, as well as other websites that you may visit (see www.aboutcookies.org for more information on how to do this). If you do so, you can still use Consilio Products and Services, but it is possible that some portions of the Products and Services will not function properly or may perform more slowly. You may also be able to opt-out / withdraw consent to use non-essential cookies and related technologies by clicking the “Preferences” button at the bottom of this Product or Service. Except where prohibited by law, by using our Products and Services and not disabling cookies, you consent to their use.

For more information on our use of cookies, web beacons, and similar technologies, please see the Consilio Cookie Notice.

Third-Party Sub-Processors

Consilio may use Third-Party Sub-Processors to deliver services.  Where we engage data processors we will ensure that they work under a specified contract and the appropriate technical safeguards are in place to ensure that your data remains secure.  A list of current Third Party Suppliers can be found here.

Children’s Information

Consilio does not knowingly collect, maintain, disclose, or otherwise process Personal Data from minors below the age of sixteen (16), or equivalent minimum age depending on jurisdiction (“Child(ren)”). If you, a parent or guardian of a Child, believe your Child may have provided Consilio with Personal Data, please contact us at privacy@consilio.com to have the information deleted from our records. If Consilio discovers that we have inadvertently collected a Child’s Personal Data, then we will take steps to delete the information as soon as possible.

Combination of Data

We may combine information we collect, whether Personal Data or not, with Personal Data that we may obtain from third parties, including social media sites.

Interactive Features of our Websites

To the extent we offer any public or group forums on our Products or Services, such as newsfeeds, blogs, message boards, or similar tools (“Interactive Features”), the posts or comments you make may be public and viewed by others. You should use care before posting information about yourself, including Personal Data. You acknowledge and understand that you have no assurance of privacy or confidentiality over the content you submit to Interactive Features over the Products and Services. Except when required to do so by applicable law, we assume no obligation to remove Personal Data you post on our Products and Services, and you disclose any Personal Data at your own risk.

Links to Other Websites

Our Products or Services may contain links to other websites, applications, products, or services that are not owned or operated by Consilio, such as social media websites and applications like Facebook and Twitter. You should carefully review the privacy policies and practices of other websites, products, and services as we cannot control and are not responsible for privacy policies, notices, or practices of third-party websites, applications, products, and services.

Safeguarding Information

Data security is extremely important to us, and we have taken suitable technical and organisational measures to safeguard and secure any Personal Data we collect, including:

  • Consilio is certified for the ISO\IEC 27001:2013 standard and HITRUST CSF V9.3, and meets all of their stringent requirements to appropriately handle sensitive data. All of Consilio’s colocated data centers are certified for either ISO 27001 or SOC 2 Type 2. Consilio complies with ITAR regulations, EU-US and Swiss-US EU-US Data Privacy Framework principles (still applicable in the US), the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and many other data privacy regulations across the globe. Consilio’s data center and office locations in the UK are also certified for the Cyber Essentials Plus scheme.
  • As required by our ISO 27001 certification, Consilio maintains overarching security policies and procedures that standardize our security posture across all our global locations. Enterprise information security policies and procedures are properly reviewed by management and provided to Consilio personnel. Consilio’s chief information security officer heads our highly qualified information security team, which manages all of the organization’s information security activities.
  • Risk management is part of Consilio’s holistic approach to security. As part of Consilio’s vendor management program, all of our vendors must be vetted to ensure they do not pose unnecessary security risks to Consilio or our clients. Consilio’s computing networks are set up with a DMZ and multiple firewalls to separate internet-accessible network segments from sensitive data storage segments. Our networks are protected by stringent firewalls, third-party monitoring services, intrusion detection and prevention software, antivirus software, and strict access control policies
  • Consilio’s privacy policies and practices follow and often exceed international best practices for data security. Our enterprise privacy structures and policies ensure that we meet the requirements of international and local privacy regulations, based on the location of each project and data. These include regulations such as GDPR, HIPAA, ITAR, CCPA, and others like it.
  • All Consilio employees and contractors must complete background screening before being hired.
  • Consilio’s policies for handling internal and client data ensure that data and devices are stored securely and protected from unauthorized access while in Consilio’s possession. All client data is treated as confidential, whether the data includes personally identifiable information (PII), protected health information (PHI) or simply non-public information.
  • Consilio’s incident management policy ensures that we take proactive measures to prevent and report security incidents and mitigate their effects.
  • Consilio’s vendor risk assessment policy requires that Consilio vendors and third-party suppliers be properly vetted and approved before engaging in work for Consilio and periodically undergo security audits by Consilio.
  • Consilio’s disaster recovery and business continuity policies require that Consilio prepare for disaster scenarios that could disrupt business operations at our data centers or offices. Plans cover events such as natural disasters, pandemic scenarios, utility disruptions, personnel shortages, and other events that could affect staffing or business resources.
  • Consilio’s data backup policy requires that we perform a combination of data replication, daily incremental backups, and weekly full backups of critical data.

Your Rights Regarding Your Personal Data

Under your jurisdiction’s data protection law, you may exercise the following rights with respect to some or all of your Personal Data:

  • to request access to your Personal Data (including under GDPR Article 15);
  • to request that we rectify or erase your Personal Data (including under GDPR Articles 16 and 17);
  • to request that we restrict or block the processing of your Personal Data (including under GDPR Articles 18, 21 and 22);
  • to provide your Personal Data directly to another, i.e., a right to data portability (including under GDPR Article 20); and
  • when we previously obtained your consent, to withdraw consent to processing (including under GDPR Article 21).

To exercise these rights, please write to us at privacy@consilio.com

California law grants its residents certain rights regarding the collection and use of their personal information. If you are a California resident and would like to exercise your rights, please submit a request using the CA Privacy Request Form linked below so that our support team can communicate with you and provide assistance regarding your request. Please note that we may require additional information from you or your authorized agent to honour your request and may deny your request if we cannot verify your identity or status as a California resident.

CA Privacy Request Form

If you are concerned about how your Personal Data is used, please email us at privacy@consilio.com You may also have the right to lodge a complaint against us. To do so, contact your local data protection authority (if one exists in your jurisdiction).

Transfer of Personal Data Across National Borders

Consilio is a global company with its headquarters located in the United States. Sharing data across borders may be essential in providing you our Products and Services, and as a result, your Personal Data may be collected, transferred to, and stored by us and our affiliates outside your jurisdiction, including outside the European Economic Area (EEA), and in countries that are not subject to an adequacy decision by the European Commission and that may not provide for the same level of data protection as your jurisdiction.

We will, subject to applicable law, rely upon legally permitted data transfer mechanisms in order to transfer, process and store your Personal Data in a jurisdiction outside of your home jurisdiction. We ensure that the recipient of your Personal Data offers an adequate level of data protection and security. For instance, for transfers of Personal Data originating from the EU, we may rely on adequacy decisions of the European Commission where available, on the Standard Contractual Clauses and other data  protection clauses, intra-company data protection agreements entered into among our affiliates, or derogations for specific situations as set forth in Articles 46 and 49 of the GDPR, such as your explicit consent to such transfer; to perform a contract with you; or to fulfil a compelling legitimate interest of the Company in a manner that does not outweigh your rights and freedoms.  We also rely upon the UK Standard Contractual Clauses and an Inter-Company Transfer Agreement where appropriate.

Direct Marketing and “Do Not Track” Signals

We do not track website visitors over time and across third-party websites to provide targeted advertising and therefore do not respond to Do Not Track (DNT) signals. However, some third-party sites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. If you are visiting such sites, your browser may include controls to block and delete cookies, web beacons and similar technologies, to allow you to opt out of data collection through those technologies.

California

California residents are entitled to contact us to request information about whether we have disclosed Personal Data to third parties for the third parties’ direct marketing purposes. Under the California “Shine the Light” law, California residents may opt-out of our disclosure of Personal Data to third parties for their direct marketing purposes. You may choose to opt-out of the sharing of your Personal Data with third parties for marketing purposes. To make such a request you should send (a) an email to privacy@consilio.com with the subject heading “California Privacy Rights”. In your request, please attest to the fact that you are a California resident and provide a current California address for our response. Please be aware that not all information sharing is covered by the California privacy rights requirements and only information on covered sharing will be included in our response. We reserve our right not to respond to requests submitted to addresses other than the addresses specified in this paragraph.

United Kingdom/EEA

We do not process Client Personal Data for marketing purposes.  We may use business contact information to provide you with information on other services that may be of use to you.  If you wish to opt-out of these communications please email privacy@consilio.com

How Long Your Personal Data Will Be Retained

We will continue to process your Personal Data for as long as is reasonably necessary for us to comply with our contractual or legal obligations, to pursue our legitimate interests.  We will retain your Personal Data in accordance with our “Data Retention and Disposal Policy” document.  For more information, please email privacy@consilio.com

Changes to This Privacy Notice

We may update this Notice from time to time without notice. As such, you should review this Notice periodically. Your continued interactions with us and/or the use of our Products and Services subject to this Notice constitutes your agreement to this Notice.

Contact Us

If you have any questions, including how to access this Notice in an alternative format, please email us at privacy@consilio.com

Updated: August 2022

EU-US Data Privacy Framework Statement for Privacy Notice

Consilio LLC complies with the EU-U.S. EU-US Data Privacy Framework Framework and Swiss-U.S. EU-US Data Privacy Framework Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Consilio LLC has certified to the U.S. Department of Commerce that it adheres to the EU-US Data Privacy Framework Principles.  If there is any conflict between the terms in this privacy policy and the EU-US Data Privacy Framework Principles, the EU-US Data Privacy Framework Principles shall govern.  To learn more about the EU-US Data Privacy Framework program, and to view our certification, please visit https://www.privacyshield.gov/

Consilio LLC and it’s entities do not rely on either the EU-US or Swiss-US EU-US Data Privacy Framework as a transfer mechanism for international transfers.  Consilio LLC and it’s entities rely on a Intra-Company Data Transfer Agreement which contains the EU SCC’s and UK Addendum.  For transfers with clients and Third-Party sub-processors, contractual agreements are in place which include the EU SCC’s and UK Addendum.

In compliance with the EU-US Data Privacy Framework Principles, Consilio LLC commits to resolve complaints about our collection or use of your personal information.  EU and Swiss individuals with enquiries or complaints regarding our EU-US Data Privacy Framework policy should first contact privacy@consilio.com

Consilio LLC has further committed to refer unresolved EU-US Data Privacy Framework complaints to an alternative dispute resolution provider.  If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit email privacy@consilio.com for more information or to file a complaint.  These services are provided at no cost.

The Federal Trade Commission has jurisdiction over Consilio LLC’s compliance with the EU-US Data Privacy Framework.

Under certain conditions, there may be a possibility for the individual to invoke binding arbitration.  An individual who decides to invoke this arbitration option must take the following steps prior to initiating an arbitration claim: (1) raise the claimed violation directly with the organization and afford the organization an opportunity to resolve the issue within the timeframe set forth in Section III.11(d)(i) of the Principles; (2) make use of the independent recourse mechanism under the Principles, which is at no cost to the individual; and (3) raise the issue through their Data Protection Authority to the Department of Commerce and afford the Department of Commerce an opportunity to use best efforts to resolve the issue within the timeframes set forth in the Letter from the International Trade Administration of the Department of Commerce, at no cost to the individual. This arbitration option may not be invoked if the individual’s same claimed violation of the Principles (1) has previously been subject to binding arbitration; (2) was the subject of a final judgment entered in a court action to which the individual was a party; or (3) was previously settled by the parties.  To raise an issue please email privacy@consilio.com

There may be a requirement for Consilio LLC to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In the context of an onward transfer, a EU-US Data Privacy Framework organization has responsibility for the processing of personal information it receives under the EU-US Data Privacy Framework and subsequently transfers to a third party acting as an agent on its behalf. The EU-US Data Privacy Framework organization shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.