Data Privacy Framework Policy Overview

Analytics8 complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce. Analytics8 has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit

In compliance with the EU-U.S. DPF, Analytics8 commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF.

Categories of Personal Information

This DPF Policy applies to personal information categories:

a. Personal Information regarding visitors to our website.

b. Personal Information regarding current, prospective and former employees, contractors or internal personnel.

c. Personal Information regarding current, potential or former clients

Certain categories of the personal information listed above which are addressed in Analytics8 DPF

Certification may be subject to further detail within their own privacy policies.  For example:

a. Information regarding current, prospective and former employees, contractors or internal personnel is addressed within the internal privacy policy.

b. Information regarding visitors to our website is addressed within the Analytics8 public facing Privacy Policy:

Personal information addressed in this DPF Policy is collected and processed only as permitted by the DPF Requirements. Notice to individuals regarding the personal information collected from them and how that information is used may be provided through this policy, various  Analytics8 privacy policies and notices, or other direct forms of communication with appropriate parties, such as contracts or agreements. Where necessary and appropriate, consent for personal information to be collected, used, and/or transferred may also be obtained through these same means (including opt-in consent for sensitive personal information).

Analytics8 collects, stores and processes personal information only to the extent that it is compatible with the purposes for which it was collected or subsequently authorized by the data subject. Analytics8 does not retain personal information after it no longer serves the purposes for which it was collected or subsequently authorized. Analytics8 takes reasonable steps to ensure that personal information is accurate, complete, current, and reliable for its intended use:

Rights of Individuals

a. Individuals have the right to access their personal data and any such requests made to Analytics8 shall be dealt with in a timely manner. In writing via, to the extent required by applicable law, an individual may review Analytics8’s Records regarding the individual, make a copy of Analytics8’s records related to that individual, or insert rebuttals to information contained in Analytics8’s records regarding the individual with which the individual disagrees. Except as applicable law otherwise requires, all requests to access Analytics8’s Records regarding an employee, must be made: (i) in writing, ii) via email at or iii) via phone at 312-878-6600.

b. Analytics8 may take reasonable steps to verify the identity of the individual data subject or his/her representative, to ensure Analytics8 only provides records to authorized individuals. Analytics8 may deny any request to review, copy, or insert a rebuttal into records not required by applicable law


Analytics8 maintains technical and organizational security measures to safeguard personal information in its possession to ensure an appropriate risk level of loss, misuse, unauthorized access, disclosure, alteration, and destruction. Analytics8 undertakes this activity considering the nature of the personal information and the risks involved in its processing, as well as best practices in the industry for security and data protection.

External Transfers of Personal Information

Analytics8 may transfer personal information to vendors which can include between geographic regions.  Analytics8 only discloses personal information to third party vendors under the following situations if one or more are met:

a. The disclosure is to a third-party providing services to Analytics8, or to the individual, in connection with the operation of our business, and as consistent with the purpose for which the personal information was collected. Analytics8 maintains documented contracts with vendors which would require that these vendors provide at least the same level of privacy protection and security as required by the DPF Principles. Analytics8 remains liable and responsible under the DPF Principles if a third party that it contracts with to process personal information on its behalf does so in a manner inconsistent with the DPF Principles, unless Analytics8 proves that it is not responsible for the matter giving rise to the damage

b. Analytics8 has the individual’s permission to make the disclosure;

c. Analytics8 is required to the extent necessary to meet a legal obligation to which Analytics8 is subject, including a lawful request by public authorities and national security or law enforcement obligations and applicable law, rule, order, or regulation;

Where reasonably necessary for Analytics8 regarding the compliance or regulatory purposes, or for the establishment of legal claims.


In accordance with the DPF Principles, Analytics8 pledges to address and resolve complaints about the collection or use of data subjects’ personal information. Individuals with inquiries or complaints regarding our DPF Policy should first contact Analytics8’s Privacy Consul. Analytics8 establishes a standard to address complaints of individuals within forty-five (45) days.

With regards to personal information collected around human resources or information collected in the context of an employment relationship, we will work with the respective EU data protection authorities and comply with their advice. In addition, a data subject may have the option to select binding arbitration under the EU-U.S. Data Privacy Framework Panel for the resolution of your complaint under certain circumstances. Analytics8 is also subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.