Safe Harbor Policy

As a global provider of electronic discovery and related services, Encore Discovery Solutions, Inc. places the highest value on ensuring the security of all data entrusted to us by our law firm and corporate clients. We respect individual privacy rights and have established internal protocols to assure that our security and privacy practices and procedures comply with both US and international law. The following Safe Harbor Privacy Policy describes the principles we agree to follow with respect to the collection, preservation and transfer of personal data from the European Union (“EU”) and/or the European Economic Area (“EEA”) to the United States for electronic data discovery processing, Web hosting, and related services.

Safe Harbor

The European Parliament and the Council of the European Union adopted Directive 95/46/EC on Data Protection to set standards for the security and transfer of personal data. The Data Directive limits the transfer of personal data to countries outside of the EU and the EEA for processing to only those countries that can ensure an adequate level of protection for an individual’s personal data. The United States Department of Commerce and the European Union developed a set of Safe Harbor Principles regarding personal data privacy and security that, when followed, permit an organization to certify that it provides adequate protection for the transfer of EU personal data to the US for processing. Encore fully commits to follow the Safe Harbor Principles with respect to all personal data received from any individual or entity in the EU or the EEA.


Directive — The Directive is the European Union’s Directive on Data Protection which took effect in October 1998.

Safe Harbor Privacy Principles — These are the principles developed by the EU and the United States Department of Commerce to ensure that entities not covered by the Directive adhere to privacy principles after receiving personal data and personal information from the EU.

Personal data — Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.

Processor — A natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.

Controller — The natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by national or Community laws or regulations, the controller or the specific criteria for his nomination may be designated by national or Community law.

Notice and Choice

When acting as a data processor within the meaning of the Data Directive, Encore reserves the right to process personal information on behalf of and under the direction of our law firm and corporate clients without providing notice to individuals or Data Protection Authorities to the extent permitted by the Safe Harbor Agreement. When collecting data in the EU, Encore acts on behalf of and under the direction of our law firm and/or corporate clients, to collect only data relevant to the litigation or other matter at hand. Individuals and business entities from which we collect data are provided with information regarding the purpose for which data is being collected, how it will be used and the type of non-agent third parties, if any, to which we disclose personal information. These individuals or entities are also provided with information about the choices and means offered by Encore for limiting the use or disclosure of their personal data.

Disclosure and Transfer

Encore will not disclose an individual’s personal data to any third party without the consent of our law firm or corporate clients unless one or more of the following are true:

  • The individual has consented, in writing, to the disclosure;
  • The disclosure is required by law or other professional standards;
  • The personal data is publicly available;
  • The disclosure is reasonably necessary for the establishment or defense of legal claims;
  • The transferee provides an adequate level of protection for the personal data within the meaning of the Data Directive or has agreed in writing to provide an adequate level of protection for the personal data consistent with the options provided in the Data Directive for transfers pursuant to written agreements;
  • In the event of a sale or transfer of assets in connection with an acquisition, merger, reorganization, sale or bankruptcy, Encore reserves the right to make such disclosure upon providing notice to the law firm and/or corporate clients for whom such data is being held


Encore agrees to offer individual citizens of the EU or EEA with access to their personal data for purposes of correcting, amending or deleting inaccurate information unless the cost or burden of providing the access and changing or deleting the data proves unreasonable in view of the risk to the individual’s privacy. A reasonable fee compensating Encore for resource use related to accessing, changing or deleting the personal information may be imposed.


Encore takes reasonable precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction. Our security measures include physical, electronic, workflow and managerial protocols to safeguard and secure the personal data we process.

Data Integrity

Encore processes personal information only in ways that are compatible with the purpose for which the data was collected or subsequently authorized by the individual. Encore will take reasonable steps to ensure information is relevant to its intended use and remains accurate, complete and current.


Encore will follow any advice given by the Data Protection Authorities, including remedial or compensatory measures for individuals affected by non-compliance, and will provide the Data Protection Authorities with written confirmation that such corrective action has been taken, subject to the Company’s right to dispute the requested actions or remedial measures with the Federal Trade Commission.


Pursuant to the Safe Harbor recognized approach of self-assessment, Encore understands and agrees that individuals shall have the opportunity to directly submit written complaints regarding our handling of their personal data. We will review all complaints received in writing for purposes of determining whether our preservation and storage of the individual’s data has been consistent with our Safe Harbor Privacy Policy. If we determine that any actions we have taken are in fact inconsistent with our Policy, we will immediately take appropriate steps to remedy the issue we may have caused. If we are unable to resolve the issue to the satisfaction of the individual concerned, we agree to mediate the issue through either the Judicial Arbitration & Mediation Service (JAMS) or the American Arbitration Association (AAA).

Additionally, should we at any time find that an internal process causes us to be in breach of our Privacy Policy, Encore will take immediate action to alleviate the issue. Should we determine that any employee of Encore has failed to adhere to the terms of this Policy, such employee may be subject to disciplinary action up to and including termination.


Encore Discovery Solutions, Inc. is committed to full compliance with Safe Harbor Privacy Principles under this Privacy Policy. Questions or complaints should be directed to the Company’s president & Chief Executive Officer.

We self-certify compliance with:
Safe Harbor Logo