Power Auctions

Power Auctions LLC Privacy Policy

24 January 2011

Power Auctions LLC (“Power Auctions”) is a provider of consulting and software development services for high-stakes auctions. Protecting privacy is important to Power Auctions. The company and its affiliates (hereinafter collectively referred to as the “Power Auctions”, “we”, “us”, or “our”) have established this privacy policy (“Privacy Policy”) to help us respect and protect your data privacy rights.

European Union – USA Safe Harbor Privacy Statement

Power Auctions adheres to the Safe Harbor framework negotiated by the European Union (“EU”) and the United States of America (“USA”). Accordingly, the Safe Harbor Privacy Principles issued by the U.S. Department of Commerce on 21 July 2000 (“Principles”) are incorporated by reference into this Privacy Policy. This Privacy Policy outlines our general policy and practices for implementing the Principles, including the types of information we gather and how we use it. It applies to all Personal Information received by Power Auctions whether in electronic, paper or verbal format. Additional information about Safe Harbor, including the Principles, can be found at the following web address: http://www.export.gov/safeharbor/.

Definitions:

Personal Information – Information that is recorded in any form, is about, or pertains to a specific individual, and can be linked to that individual.
Business Sensitive Information – Information about a company whose disclosure may harm the business.

Scope:

This Privacy Policy applies to all Personal Information and Business Sensitive Information that we collect or receive as part our business operations.

Notice – Collection and Use of Personal Information and Business Sensitive Information

Information Collected by Power Auctions: We collect Personal Information and Business Sensitive Information directly from individuals and companies, through clients and trustees, and through other contractors involved in our business operations. The following types of information are collected: Personal Information including but not limited to individual names, contact information such as phone number, physical address, and email address; and Sensitive Business Information including but not limited to the names of companies bidding in a given auction, their associated financial limits, the list of items in the auction, and bid data such as bids submitted during an auction.

Information Collected Automatically: When you visit a Power Auctions website, web log information is automatically collected by the web server. The web server automatically recognizes some non-personal information, such as the Internet Protocol (IP) address used to connect your computer to the Internet, information about your operating system, browser type and language, and the date and time you are accessing the website.

Use of Cookies: When you visit a Power Auctions website, we assign your computer a “cookie”, which is stored on your computer. Our web site uses this cookie exclusively for managing your session with the auction software. The cookie and its contents are not shared with any other sites and it expires when the browser is closed.

Use of Personal information: Personal information will only be used for the limited purpose for which it was collected. For example, Power Auctions uses Personal Information to register authorized individuals for an auction, to contact representatives before, during, and after an auction (as needed), and to log who placed a bid for a particular company. Notwithstanding this policy, Personal Information may be disclosed to a relevant authority when necessary to comply with any law or court order.

Use of Business Sensitive Information: Power Auctions uses Business Sensitive Information to set up and run an auction. The auction software must be configured with the names of companies that are bidding in a given auction, including their associated financial limits, plus the list of items that are being auctioned. The Power Auctions software collects Business Sensitive Information during an auction such as bid data. This information is utilized, processed and disclosed in accordance with the auction rules, which may vary from auction to auction. For example, the rules of some auctions provide that bid data will be disclosed to a trustee, an observer or the seller. The rules of some auctions provide that bid data, in aggregated or disaggregated form, and with or without company identifiers, will be disclosed to auction participants or third parties during or after the auction. The rules of most auctions provide that bid data will be used to determine the auction outcome, which will be disclosed to third parties; to the extent that this occurs, third parties may be able to infer parts of a given company’s bid data. All such disclosures of Business Sensitive Information that occur in accordance with the auction rules shall be considered to be fully consistent with this Privacy Policy. In addition, Business Sensitive Information may be disclosed to a relevant authority when necessary to comply with any law or court order.

Contact Information for individuals requesting information regarding this Privacy Policy: The Power Auction’s Compliance Officer is responsible for implementing and overseeing the administration of the Privacy Policy. The Compliance Officer may be reached at the Power Auctions corporate office using the contact information listed below.

Disclosure and Transfer of Personal Information and Business Sensitive Information

Power Auctions recognizes the importance of respecting individual privacy preferences and protecting companies’ sensitive information. Power Auctions does not use and will not transfer Personal Information or Business Sensitive Information for a purpose incompatible with the purpose for which it was originally collected. Disclosure of Personal Information and Business Sensitive Information is only for the purpose of administering an auction, facilitating its implementation, or studying its results. We may share Personal Information and Business Sensitive Information with our corporate affiliates, divisions, or with other third parties who are acting on our behalf or who we are acting on behalf of, pursuant to the information disclosure policies and procedures of the auction.

Access to Personal Information

Power Auctions provides individuals with a reasonable opportunity to examine their Personal Information and to correct, amend or delete it as appropriate for a particular auction. Individuals who wish to review the Personal Information held by Power Auctions may request access to this information by contacting the auction manager, as documented in the auction rules and system documentation for a particular project. Upon receipt of the request, Power Auctions will verify the individual requesting the information is the individual whose Personal Information is held by us, prior to disclosing any Personal Information to the requesting party. If we are notified that the Private Information that we maintain is incorrect, we will correct the information once we are provided with the appropriate supporting documentation, according to the auction rules.

Security of Personal Information and Business Sensitive Information

Power Auctions has implemented technical and organizational security measures to protect against unauthorized access to Personal Information and Business Sensitive Information. The servers that hold the Power Auctions software and associated sensitive information are located in secure commercial data centers which maintain strict standards of physical security: access is restricted by proximity reader access that records all access to the data center, and it is monitored by CCTV at all times. The commercial data centers have been certified by Safe Harbor as providing “adequate” privacy protection based on the standard of the European Commission’s Directive on Data Protection.

Access Security and Strong Encryption: Our servers are installed with digital certificates issued by recognized certificate authorities such as Verisign and GoDaddy. The digital certificates authenticate Power Auctions’ websites. Depending on the project, we use user ids and passwords, digital certificates and/or security token devices to authenticate our users. All login credentials are distributed to users by appropriate means.

Secure Socket Layer (SSL) encryption: Power Auctions’ websites use industry standard Secure Sockets Layer (SSL) technology with high grade (256-bit) encryption to protect Personal Information and Business Sensitive data. This helps to assure that anyone eavesdropping on communications through the Internet between users and the auction system will not be able to interpret the data sent or received from the system.

Defined User Roles in Auction Software: The Power Auctions software includes defined user roles that limit access to Personal Information and Business Sensitive Data. The auction rules for a given auction determine who has access to what data. For most auctions, the individuals bidding in the auction only have access to the Personal Information and Business Sensitive Data that pertains to themselves or their company, and to bid data that, in aggregated or disaggregated form, is to be provided to other parties in accordance with the auction rules. System access is only granted to certain approved individuals to administer the auction.

Organizational security measures: All Power Auctions personnel receive security training that emphasizes the importance of maintaining security, especially for Personal Information and Business Sensitive Data. Protected data is encrypted using high-grade encryption software such as PGP when it is stored or sent to an authorized recipient. Printed materials containing Personal Information or Business Sensitive Data are stored appropriately and/or shredded when not in use.

Users’ role in maintaining security of Private Information and Business Sensitive Information: System users play a vital role in maintaining security by protecting their login credentials used to access the system, keeping their own paper records under lock and key when not in use, and disposing of records and reports no longer needed in a secure manner.

Data Integrity

Power Auctions employs comprehensive processes to keep Personal Information and Business Sensitive Information accurate, complete and up-to-date in its systems. Individuals are expected to contact the auction manager for a given project if they believe that information contained in Power Auctions systems is inaccurate, incomplete or out-of-date.

Enforcement

Compliance: Power Auctions maintains processes to ensure compliance with the Privacy Policy, as well as with legal requirements, contractual agreements, and other commitments in the handling of Personal Information and Business Sensitive Information. Power Auctions uses a self-assessment approach to assure compliance with this Privacy Policy and periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible, and in conformity with the Principles of the Safe Harbor framework.

Complaint Resolution: The Power Auctions’ Compliance Officer is responsible for implementing and overseeing the administration of the Privacy Policy. The Compliance Officer may be reached at the Power Auctions corporate office using the contact information listed below.

Dispute Resolution Mechanism: Some jurisdictions have established data protection authorities overseeing the processing of private information that are willing to assist in the resolution of complaints. Power Auctions is committed to working with these authorities to resolve any complaint and to comply with their decisions in such cases. Power Auctions commits to cooperate with the European Union Data Protection Authorities (DPAs) in the investigation and resolution of complaints brought under the Safe Harbor framework and will comply with any advice given by the DPAs where the DPAs take the view that Power Auctions needs to take specific action to comply with the Safe Harbor Principles, including remedial or compensatory measures for the benefit of individuals affected by any non-compliance with the principles and will provide the DPAs with written confirmation that such auction has been taken.

Changes to this policy

If Power Auctions changes this Privacy Policy, we will post the revised Privacy Policy here, with an updated revision date.

Power Auctions Corporate Headquarters:
Power Auctions LLC
1000 Potomac St NW, Suite 260
Washington, DC 20007-3540 USA

Email: info@powerauctions.com
Phone: +1 202.342.0909