Privacy & Legal
Updated: April 4, 2023
Individuals and use of their data
Privacy Shield is a program designed by the U.S. Department of Commerce, the European Commission, and the Swiss Administration. As a Privacy Shield participant, Abett declares its commitment to comply with the Privacy Shield Principles, such that the commitment is enforceable under U.S. law.
Via Privacy Shield:
- Individuals have the right to access their personal data.
- Abett has the obligation to disclose personal information in response to lawful request by public authorities.
Free and accessible dispute resolution
Individuals may bring a complaint directly to Abett, which must respond within 45 days. To contact Abett regarding a complaint or dispute, please send an e-mail message to privacyshield@abett.com.Abett provides individuals, at no cost, an independent recourse mechanism by which each individual’s complaints and disputes can be investigated and expeditiously resolved. Abett commits to binding arbitration at the request of the individual to address any complaint that has not been resolved by other recourse and enforcement mechanisms.
Data integrity and limited use
As a Privacy Shield participant, Abett limits the personal data it collects and stores to the information relevant for the purposes of processing, per our agreement(s) with the data’s owner(s). Abett transfers data to third parties only at the direction of the data owner(s), and for limited and specified purposes. Abett demands any third-party recipients provide at least the same level of privacy protection as is required by the Privacy Shield Principles.
Principles
Abett’s privacy policy is based on seven core principles, as defined by Privacy Shield.
- Notice
- Choice
- Accountability for Onward Transfer
- Security
- Data Integrity and Purpose Limitation
- Access
- Recourse, Enforcement, and Liability
For a detailed description of each principle, see Privacy Shield’s principle overview.
Abett, Inc. complies with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and or Switzerland to the United States. Abett, Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.
Notice
The Notice Principle requires Abett to inform individuals about:
- The types of personal data that are collected.
- The purposes for which data is collected and the types of third parties to which data is disclosed.
- The right of individuals to access their personal data.
- The choices and means the organization offers individuals for limiting the use and disclosure of their personal data.
- The requirement to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
The answers to these questions vary across individuals. Individuals who desire specific information about their own data should contact privacyshield@abett.com for a personalized response.
Choice
Abett shares data with third parties only in circumstances in which the third party is acting as an agent to perform task(s) on behalf of, and under the instructions of, the organization that owns the data.
In some circumstances, individuals may have the right to choose to opt out of disclosing their personal information to a third party. Any individuals interested in exercising that right should contact privacyshield@abett.com.
Accountability for Onward Transfer
Abett shares data with third parties only in cases in which the third party is constrained to limited and specified purposes. In cases of onward transfers to third parties, Abett’s liability is defined in both contracts and business associate agreements with the organization that owns the data.
Security
As a Privacy Shield participant, Abett takes reasonable and appropriate measures to protect data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the personal data.
Abett maintains current ISO 27001 certification and undergoes annual re-audits in order to receive certification.
Data Integrity and Purpose Limitation
Consistent with the Principles, Abett’s collection and storage of personal information is limited to the information that is relevant for the purposes of processing. Depending on the circumstances, examples of compatible processing purposes may include those that reasonably serve customer relations, compliance and legal considerations, auditing, security and fraud prevention, preserving or defending the organization’s legal rights, or other purposes consistent with the expectations of a reasonable person given the context of the collection. For direct users of Abett's services, a specific example of use is that login credentials are associated with an individual's first and last name, e-mail address, and potentially with a mobile number, to support multi-factor authentication.
Abett may not process personal information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual and or data owner(s). To the extent necessary for those purposes, Abett takes reasonable steps to ensure that personal data is reliable for its intended use, accurate, complete, and current.
Information may be retained in a form identifying or making identifiable the individual only for as long as it serves a purpose of processing described above. This obligation does not prevent organizations from processing personal information for longer periods for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research, and statistical analysis. In these cases, such processing shall be subject to the other Principles and provisions of the Framework. Organizations should take reasonable and appropriate measures in complying with this provision.
Access
Abett shall provide individuals access to personal information about them, and shall correct, amend, or delete that information where it is inaccurate, or has been processed in violation of the Principles, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated.
Recourse, Enforcement, and Liability
As described above, individuals may bring a complaint directly to Abett, which must respond within 45 days. To contact Abett regarding a complaint or dispute, please send an e-mail message to privacyshield@abett.com.
Unless otherwise stated, terms herein shall remain in effect for as long as required by prevailing law.