Data Privacy Framework
Lyric Services, Inc. (“Lyric”) complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Lyric has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Lyric has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/
This policy outlines how we collect, use, disclose, and safeguard personal information received from individuals residing in these regions.
Key Principles
Notice:
We will provide clear and comprehensive notice to individuals regarding the types of personal data collected, the purpose of collection, how it will be used, and the recipients of such data.
Choice:
Individuals will have the opportunity to opt-out of certain data uses, including the sharing of their personal data with third parties, except where legally required or necessary for the provision of our services.
Accountability for Onward Transfer:
When transferring personal data to third parties, we will ensure that they adhere to the same level of privacy protection as outlined in this policy and the DPF principles.
Data Integrity and Purpose Limitation:
We will collect only the necessary personal data relevant to the stated purpose and will take steps to maintain the accuracy and completeness of such data.
Security:
We will implement appropriate security measures to protect personal data from unauthorized access, disclosure, alteration, or destruction.
Access and Recourse:
Individuals can access their personal data and request corrections or deletion, subject to applicable laws and limitations.
Specific Practices
Data Collection:
We collect personal data pertaining to the management and analysis of life insurance policies (a “Policy” or “Policies”) for our clients, who may own or manage Policies, or be considering the purchase of a Policy or Policies (a “life settlement”). This includes information from the Policy, and related health information on the insured individuals, including information protected under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).
Data Use:
Personal data will be used only for the purposes disclosed at the time of collection or as otherwise permitted by applicable laws.
Data Sharing:
We may share personal data with trusted third parties who provide services on our behalf, and only when necessary to fulfill our business functions. These third parties are required to comply with the DPF principles.
Data Retention:
We retain personal data only for as long as necessary to achieve the purposes for which it was collected, taking into account legal requirements and our business needs.
Compliance and Enforcement:
We have designated a designated privacy point of contact to address any concerns regarding personal data processing.
Individuals can submit complaints regarding our handling of their personal data to the appropriate data protection authority in their jurisdiction.
Onward Transfer
Lyric may disclose Personal Data to subcontractors and third-party agents who assist Lyric in providing Services to its customers and prospective customers. Before disclosing Personal Data to a subcontractor or third-party agent, Lyric will obtain assurances from the recipient that it will: (a) use the Personal Data only to assist Lyric in providing the Services; (b) provide at least the same level of protection for Personal Data as required by the DPF Principles; and (c) notify Lyric if the recipient is no longer able to provide the required protections. Upon notice, Lyric will act promptly to stop and remediate unauthorized processing of Personal Date by a recipient. Lyric will remain liable for onward transfers to its subcontractors and third-party agents.
Lyric may also be required to disclose, and may disclose, Personal Data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. To the extent permitted, Lyric will inform its relevant customer or prospective customer before making such disclosure and provide it with a reasonable opportunity to object to such disclosure. Lyric will not otherwise disclose Personal Data to third parties.
Recourse, Enforcement & Liability
In compliance with the EU-U.S. DPF Principles, including the UK Extension of the EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles, Lyric commits to resolve complaints about your privacy and Lyric’s collection or use of Personal Data transferred to the United States pursuant to this Policy.
European Union, Swiss, and United Kingdom individuals with DPF inquiries or complaints should first contact Lyric’s Data Protection & Privacy administrator by emailing ajgillies@lyric.email.
Lyric has further committed to refer unresolved privacy complaints under the DFP Principles to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/dpf-dispute-resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.
If your DFP compliant cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not otherwise resolved by other redress mechanisms. For more information about binding arbitration, visit DPF Arbitration Procedures.
The Federal Trade Commission has jurisdiction over Lyric’s compliance with the DPF.
Contact Information
For any questions related to this privacy policy or the DPF, please contact Aaron Gillies, Vice President, at ajgillies@lyric.email.