Safe Harbor Policy

Epiq Systems, Inc. and its subsidiary companies recognize that privacy is very important to our customers and employees, and therefore strives to protect the personal information it collects and handles. This Policy sets forth the privacy principles that Epiq follows with respect to transfers of personal information from the EU to the US.

Epiq Systems complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland.  Epiq Systems has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.  To learn more about the Safe Harbor program, and to view the integrated Epiq Systems’ certification, please visit www.export.gov/safeharbor.

Scope
This Policy applies to all personal information received by Epiq US from the EU. Such personal information may pertain to Epiq EU employees.  It may also pertain to third party individuals in connection with Epiq US providing technical and solutions support to Epiq EU, EU-based clients, or clients in possession or control of personal information in the EU, although  Epiq US personnel would in most instances not have direct contact with those third party individuals about whom such information pertains.

Definitions

The following definitions shall apply throughout this Policy:

“Agent” means any third party that uses personal information provided to Epiq to perform tasks on behalf of and under the instructions of Epiq.

“Epiq” means Epiq Systems, Inc. and its subsidiary companies.

“Epiq EU” means Epiq’s EU-based businesses.

“Epiq US” means Epiq’s US-based businesses.

“EU” means the European Union, including its member states.

“Personal information” means any information or set of information that identifies an individual, or could be used by or on behalf of Epiq to identify an individual.

“Policy” means this Safe Harbor Policy.

“Sensitive personal information” means personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or that concerns an individual’s health or sex life. In addition, Epiq will treat as sensitive personal information any information received from a third party where that third party treats and identifies the information as sensitive.

“US” means the United States and its territories.

Privacy Principles

The privacy principles in this Policy are based on the Safe Harbor Privacy Principles.

Notice
When Epiq collects personal information directly from individuals in the EU, it will inform them about the purposes for which it collects and uses their personal information, the types of non-agent third parties, if any, to which Epiq discloses that information, and the choices and means, if any, that Epiq offers individuals for limiting the use and disclosure of their personal information.

Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to Epiq, or as soon as practicable thereafter, and in any event before Epiq uses the information for a purpose other than that for which it was originally collected.

If Epiq receives personal information from its subsidiaries, affiliates or other entities in the EU, it will use such information in accordance with the notices such entities provided and the consents or choices made by the individuals about whom such personal information relates.

Choice
Epiq will offer individuals the opportunity to choose (opt-out) whether their personal information is (a) to be disclosed to a non-agent third party (unless allowed or required by contract), or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.

For sensitive personal information, Epiq will give individuals the opportunity to affirmatively and explicitly consent (e.g., through an opt-in) to the disclosure of the information to a non-agent third  party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.

Epiq will provide individuals with reasonable methods to exercise their choices.

Data Integrity
Epiq will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. Epiq will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current.

Onward Transfer
Epiq will obtain assurances from its agents that they will safeguard personal information consistently with this Policy. If Epiq has knowledge that an agent is using or disclosing personal information in a manner contrary to this Policy, Epiq will take reasonable steps to prevent or stop the use or disclosure.

Access
Upon request, Epiq will grant individuals reasonable access to personal information that it holds about them, and Epiq will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete.

Security
Epiq will take reasonable precautions to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.

Enforcement
Epiq will conduct compliance reviews of its relevant privacy practices to verify adherence to this Policy. Any employee that Epiq determines is in violation of this policy will be subject to disciplinary action up to and including termination of employment.

Dispute Resolution
Any questions or concerns regarding the use or disclosure of personal information should be directed to Epiq at the email and mailing addresses given below. Epiq will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy. For complaints that cannot be resolved between Epiq and the complainant, Epiq has agreed to participate in the dispute resolution procedures of the panel established by the European data protection authorities to resolve disputes pursuant to the Safe Harbor Principles.

Contact Information
Questions or comments regarding this policy should be submitted to:
Legal Department
Epiq Systems, Inc.
501 Kansas Avenue
Kansas City, KS 66105
(913) 621-9500
safeharbor@epiqsystems.com

Please include your name, address, and phone number or email in all communications and clearly state the nature of your request.

Changes to this Policy
This Policy may be amended from time to time, consistent with the requirements of the Safe Harbor Principles. Appropriate public notice will be given concerning such changes.

Limitation on Application of Principles
Adherence by Epiq to these Safe Harbor Principles may be limited (a) to the extent required to respond to a legal or ethical obligation, and (b) to the extent permitted by applicable law.

Effective Date:  January 31, 2008 (amended January 5, 2012)