Frequently Asked Questions

How long will it take you to accept my application after you receive my Participation Agreement and annual fee?

We generally accept applications within two days of receiving the signed Participation Agreement and annual fee.  However, if the EU Safe Harbor privacy policy you provide for our review does not meet our minimum requirements, we will require revisions before accepting your application.  To avoid delays, please follow the privacy policy guidelines found here.

What will you look for when you review our privacy policy?

We look for the following three elements in reviewing your privacy policy:

  1. The policy must include an affirmative commitment to adhere to the Safe Harbor privacy principles and the 15 FAQs that make up the Safe Harbor Framework
  2. The policy must identify BBB EU Safe Harbor as your independent recourse mechanism for Safe Harbor privacy complaints and include contact information for the program
  3. The policy must be posted on your Web site or be publicly available on request. 

Note: Do not make your Safe Harbor compliant policy live on the Web until after your self-certification with the DOC has been approved.  Additional details and suggested language can be found here.

Is your fee schedule based on my business’s worldwide gross revenue or on revenue from EU business alone?

Our fees are based on your business’s total gross revenue, not simply revenue from EU-related business.

My business is already BBB Accredited. Does accreditation include EU Safe Harbor dispute resolution?

No, accreditation does not cover EU Safe Harbor dispute resolution.  BBB EU Safe Harbor is a specialized program recognized by the Department of Commerce as a dispute resolution mechanism under the EU Safe Harbor Framework.  The BBB EU Safe Harbor Participation Agreement binds participating businesses to arbitrate disputes from European consumers concerning alleged violations of the EU Safe Harbor Principles and includes other necessary provisions that are not part of your BBB accreditation agreement.

Can our Participation Agreement be structured to cover our subsidiaries? When must a subsidiary create its own separate account?

Named subsidiaries may be covered under the parent ’s Agreement in some circumstances.  At a minimum, the parent and the subsidiary must be covered by a common privacy policy, they must share a privacy officer and point of contact for privacy complaints, and the parent must be able to designate a corporate officer to sign the Agreement who is authorized to bind both the parent and the subsidiary. Where several entities are covered under a single Agreement, the annual fee will be based on the aggregated gross annual revenues of the covered entities.  Where all of these conditions cannot be met, a separate application and Agreement must be submitted for each subsidiary.  In that case, annual fees will apply to each entity according to its gross annual revenue. 

If you would like your subsidiaries to be covered by the Program, please contact us to check on their eligibility.  If we determine that subsidiaries may be covered under your Agreement, you must add the names of all subsidiaries to be covered before signing the Agreement and returning it to us.

Will BBB EU Safe Harbor provide a program seal or mark for our Web site?

As a dispute resolution program, we do not offer a BBB EU Safe Harbor seal or mark for your site.  Unless your business is BBB Accredited (in which case it may use the Accredited Business Seal in accordance with its BBB accreditation agreement), it may not use the BBB name or any of its trademarks on its web site or marketing materials, except to identify BBB EU Safe Harbor as its dispute resolution provider in its published privacy policy. 

However, the Department of Commerce has developed its own EU Safe Harbor Self-Certification Mark that may be downloaded for use free of charge by certified companies.  More information about this mark can be found here.

Will BBB EU Safe Harbor assist us with the required annual verification that our privacy practices are consistent with the Principles?

BBB EU Safe Harbor operates solely as a dispute resolution mechanism and does not offer verification services.  However, an annual verification to ensure compliance with the Principles is an EU Safe Harbor certification requirement.  The vast majority of our participants choose to do an internal annual verification rather than using a third-party provider. When choosing this option, simply state “in-house” in the verification section of your Department of Commerce certification application.

Does BBB EU SAFE HARBOR publish information on the complaints it receives?

The Program Rules effective January 1, 2012, require that a Procedure Report be published online each year there is relevant data to report. Reports need not be published in any year in which the program has received no eligible Complaints. The Reports are to include a statistical summary showing: (1) the number and nature of contacts from the public and the actions taken by the CBBB and Panelist with respect to those contacts; and (2) the number and nature of Complaints deemed ineligible for processing during the period, including the specific reason for a determination of ineligibility.