Privacy Shield Privacy Policy

Iridesco LLC, d/b/a Harvest (“we,” “us,” or “our”) has created this Privacy Shield Privacy Policy to explain how we receive and process personal information that is collected through our online applications and platform including Harvest (time-tracking application) and Forecast (time-management application) (“SaaS Services”) from our customers located in the European Economic Area (the “EEA”) under the Privacy Shield program (“Customer Personal Data”). This Privacy Shield Privacy Policy supplements the Harvest Privacy Policy (“Privacy Policy”). Unless specifically defined in this Policy, the terms in this Privacy Shield Privacy Policy have the same meaning as in the Privacy Policy.

Harvest has certified to the EU-U.S. and Swiss-U.S. Privacy Shield (“Privacy Shield”) and adheres to the Privacy Shield Principles, which include Supplemental Principles (collectively, the “Principles”) for Customer Personal Data covered by this Policy.

Harvest acts as a data processor on behalf of our customers. The following policies apply to our data processing operations concerning Customer Personal Data that has been transferred from the EEA to the United States.

  • Use of Customer Personal Data: Harvest will process the Customer Personal Data only for the purposes of providing our services to customers.
  • Access and Correction: Harvest will assist customers in responding to individuals exercising their rights under the Principles with respect to the Customer Personal Data.
  • Agents and Service Providers: Harvest will not transfer Customer Personal Data to third parties except where permitted or required by the customer and then in accordance with the Privacy Shield Principles.
  • Notice & Choice: Because the Customer Personal Data is under the control of Harvest’s customers, appropriate notice and choice to the individual are the responsibility of Harvest’s customers. As the data processor, Harvest typically does not have a direct relationship with the customers’ end users.

Disclosures to Agents and Service Providers

We sometimes contract with other companies and individuals to perform functions or services on our behalf such as website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, auditing and other services. They may have access to Customer Personal Data needed to perform their functions, but are restricted from using the Customer Personal Data for purposes other than providing services for us or to us. Harvest requires that its agents and service providers that have access to Customer Personal Data provide the same level of protection as required by the Privacy Shield Principles. We are responsible for ensuring that our agents process the Customer Personal Data in a manner consistent with our obligations under the Principles.

Data Security

We use reasonable physical, electronic, and administrative safeguards to protect Customer Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the nature of the personal data and the risks involved in the processing of that data.

Data Integrity and Purpose Limitation

We limit the collection and use of Customer Personal Data to the information that is relevant for the purposes of processing and will not process this information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you. We take reasonable steps to ensure that Customer Personal Data is reliable for its intended use, accurate, complete, and current to the extent necessary for the purposes for which we use the data.

Access to Personal Data

You can ask to review and correct Customer Personal Data that we maintain about you by sending a written request to privacy@getharvest.com.

Privacy Shield Enforcement and Dispute Resolution

If you have any questions or concerns, please write to us at the address listed below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Customer Personal Data in accordance with the Privacy Shield Principles.

In the event we are unable to resolve your complaints or disputes, you may contact JAMS and they will investigate and assist you free of charge in resolving your complaint.

As further explained in the Privacy Shield Principles, a binding arbitration option will also be made available to you in order to address residual complaints not resolved by any other means. Harvest is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Disclosures Required By Law

We may need to disclose Customer Personal Data in response to lawful requests by public authorities for law enforcement or national security reasons or when such action is necessary to comply with a judicial proceeding or court order, or when otherwise required by law.

Contact Information

If you have any questions regarding this Privacy Shield Privacy Policy, please contact us by email at privacy@getharvest.com, or please write to the following address:

Iridesco LLC, d/b/a Harvest
16 W 22nd St, Fl 8
New York, NY 10010
United States

Privacy Policy Changes

This Policy may be changed from time to time, consistent with the requirements of the Privacy Shield so please review it frequently. If we make material changes to this policy, we will notify you here and by email.


Last updated: August 22, 2019