Privacy Notices

I. DATA PRIVACY FRAMEWORK POLICY

Purpose

Elevate Services, Inc. (“Elevate”) and ElevateNext US, LLC comply with the EU-U.S. Data Privacy Framework (”-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. Elevate and ElevateNext US LLC have certified to the U.S. Department of Commerce that they adhere to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Elevate and ElevateNext US LLC has certified to the U.S. Department of Commerce that they adhere to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Policy

  1. Collection of Personal and Sensitive Data
    Elevate provides services to corporate legal departments and law firms globally. These services include, but are not limited to, litigation support services, including data processing, document review and production, medical bill review, legal process services, business administration services, information technology services, and consulting services. While providing services to its customers, Elevate may, directly or through an Elevate Affiliate, receive or collect Personal Data or Sensitive Information from its customers. This data may be disclosed to third-party service providers to assist Elevate in providing services to Elevate’s customers. Human resource data may be disclosed to third-party service providers to assist with background checks, payroll, and other human resources activities.
  2. Use of Personal and Sensitive Data
    Elevate will only access or use Personal Data or Sensitive Information while performing services requested by its customers under its contractual obligations.
  3. Onward Transfer/Potential Liability for Acts of Third-Party
    Elevate is a B2B company and does not disclose Personal Data or Sensitive Information to third parties unless done under the direction and consent of its customers. Elevate’s accountability for data received under the EU-U.S. DPF, the UK Extension, and the Swiss-U.S. DPF and subsequent transfer of that data to third parties is detailed in the DPF Principles. In cases of onward transfer to third parties of data of EU individuals received under the EU-U.S. DPF, UK individuals received under the UK Extension, and Swiss individuals received under the Swiss-U.S. DPF, Elevate is potentially liable. In particular, Elevate remains responsible and liable under the DPF Principles if third-party agents that it engages to process Personal Data or Sensitive Information on its behalf do so in a manner inconsistent with the DPF Principles unless Elevate proves that it is not responsible for the event giving rise to the damage.
  4. Access
    EU, UK, and Swiss individuals have the right to access Personal Information or Sensitive Information about them, and the choice to limit the use and disclosure of their Personal or Sensitive Data. If you wish to request access to your Personal or Sensitive Data for such purposes, please contact our privacy team at dpo@elevate.lawor send a written request to the contact information in the “Recourse Mechanism” section.
    If your Personal Information or Sensitive Information changes or you change your preference for receiving information from us, send us a request specifying your updated information or your new choice. Send such requests to dpo@elevate.law or mail with the contact information in the “Recourse Mechanism” section.
  5. Choice
    If Personal Data covered by this Privacy Policy is to be used for a new purpose that is materially different for which the personal data was originally collected or subsequently authorized, or is to be disclosed to a non-agent third party in a manner not specified in the Policy, Elevate will provide you with an opportunity to choose whether to have your personal data to be used or disclosed. Requests to opt-out of such uses or disclosures of personal data should be sent to us as specified in the “Recourse Mechanism” section.
    Certain Personal Data, such as information about medical health conditions, racial or ethnic origin, political opinions, religious, or philosophical beliefs, is considered “Sensitive Personal Information.” Elevate will not use Sensitive Personal Information for a purpose different from the purpose for which it was originally collected or subsequently authorized by the individual unless Elevate has received your affirmative and explicit consent (i.e. opt-in).
  6. Safeguards
    Elevate, its Affiliates, and its third-party contractors maintain physical, electronic, and procedural safeguards designed to secure Personal and Sensitive Data and to prevent against the unauthorized or unlawful destruction, loss, alteration, or disclosure of the same. Elevate, its Affiliates, and its third-party contractors perform their own assessments of their compliance with this Privacy Policy and all applicable laws and regulations.
  7. Recourse Mechanism
    In compliance with the DPF Principles, Elevate commits to resolving complaints about your privacy and our collection or use of your Personal Information or Sensitive Information. European Union, UK, and Swiss individuals with inquiries or complaints regarding this privacy policy should first contact Elevate using the following information:
    Elevate Services, Inc.
    Attn: General Counsel
    2375 E. Camelback Rd, Suite 690, Phoenix, AZ, 85016
    E-mail: dpo@elevate.law
    While Elevate commits to resolving complaints in the processing of personal data, if we have not resolved your complaints to your satisfaction, you can alternatively contact the responsible organization for more information or to file a complaint.
    Elevate has further committed to refer unresolved Data Privacy Framework complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit JAMS for more information or to file a complaint. The services of JAMS are provided at no cost to you.
  8. Arbitration
    Under certain conditions, an individual can invoke binding arbitration regarding complaints of Elevate’s DPF compliance not resolved by any of the other recourse mechanisms provided. For more information visit the Data Privacy Framework website.
  9. Lawful Disclosure
    Elevate is required to disclose information in response to lawful requests by public authorities. This includes meeting national security or law enforcement requirements placed on Elevate. Elevate may voluntarily issue a periodic transparency report on the number of requests for Personal Information or Sensitive Information it has received by public authorities for law enforcement or national security purposes. Such reports will only be issued to the extent such disclosures are permissible under applicable law.
  10. Enforcement and Investigative Power
    Elevate is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

Changes to this Privacy Policy. Elevate reserves the right to change this Privacy Policy from time to time consistent with applicable privacy laws and principles. Unless such changes afford greater protections regarding Personal or Sensitive Data, such changes will apply only to Personal or Sensitive Data received after the effective date of such change.

Definitions of Terms Used in this Privacy Policy:

“Affiliates” means any corporation, partnership, limited liability company, or other entity directly or indirectly controlled by, or under the common control of, Elevate Services, Inc.

“Associates” means an employee or independent contractor of Elevate or an Elevate Affiliate.

“Data Subject” means the natural person who is the subject of, and identified in, Personal or Sensitive Data.

“Elevate” means Elevate Services, Inc., incorporated under the laws of the state of Delaware having its corporate headquarters in Phoenix, Arizona, USA.

“European Union” or “EU” means the European Union consisting of its Member States, covered by the European Union Data Protection Directive.

“Personal Data” or “Personal Information” means any information relating to an identified or identifiable natural person; an identifiable natural person can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural, or social identity. By way of example, data such as an individual’s name, address, phone number, email address, user ID and password, personal billing information or credit card information. Personal Data does not include data that is encoded or anonymized, or publicly available information that has not been combined with non-public Personal Data.

“Sensitive Information” or references to “Sensitive Data” means personal information specifying medical or health condition, race, or ethnicity, political, religious, or philosophical affiliations or opinions, sexual orientation, or trade union membership.

“EU-U.S. Data Privacy Framework (EU-U.S. DPF) or the UK Extension to the EU-U.S. DPF, or the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF)” means the adequacy decision that allows for legal collection, use or retention of transfers of personal data of EU, UK, and Swiss persons outside of the EU, UK, and Switzerland to the United States. Certified DPF members must abide by the DPF Principles which are available at the DPF website provided below. All certified members of the framework are also available for viewing via a list provided on the DPF website.

II. STATE NOTICES
1. Notice to California Residents

A. Shine the Light Act and Disclosing Information to Third Parties

Elevate. is primarily a business-to-business company and does not market its services for personal, family, or household purposes.  Outside of providing services on behalf of our customers, Elevate does not process personal information of individuals except for visitors to our website. Elevate may disclose personal information to third parties for the following essential business reasons:

  1. Applicable personal data processing done under the instructions of our customers.
  2. Instructions given to our suppliers regarding HR and payroll data.

Elevate does not share personal information with third parties for their direct marketing purposes. Once a year, California residents with established business relationships with Elevate under California law may request information about the manner in which Elevate shared certain categories of information with others for their marketing purposes during the prior calendar year. To exercise this right, please see the “Contact” section below.

B. California Consumer Privacy Act (“CCPA”) Privacy Notice
Who is protected under the CCPA
The CCPA, as amended by the California Privacy Rights Acts, protects the rights of verified California residents regarding their personal information.

Collection of Personal Information
Elevate does not sell Personal Information to third parties for monetary consideration; however, Elevate may transfer information to a third-party service provider, which may fall under the definition of “other valuable consideration”  and could be considered a “sale.” “Personal information” means information that:  identifies; relates to; describes; is capable of being associated with; or could reasonably be linked, directly or indirectly, with a particular California resident. During the past 12 months Elevate has collected the following categories of information from our website visitors for the stated purpose. Any collected data is deleted after 12 months.

Collection and processing of Personal Information from business activities, such as HR recruitment and Personal Information processing under the instructions of our customers, are done to fulfill contractual obligations or by legitimate interest. Personal data retention follows Elevate’s internal retention policies, contractual obligation with our customers, and legal data retention requirements.

Category Examples of Personal Information Collected Source Purpose Categories of Third Parties Receiving Information
A. Identifiers. A real name (or company name for Business Entities or Suppliers/Vendors), alias, unique personal identifier, Internet Protocol address, email address, account name, or other similar identifiers. 1. Directly from you through our “Contact Us” page2. When you consent to the use of cookies As part of legitimate interest to respond to your queries and perform services for you Affiliated companies, Strategically aligned business
B. Personal records information. A name, signature, social security number, address, telephone number, passport number, driver’s license or state identification card number, education, employment, employment history, bank account number, or any other financial information, medical information, or health insurance information. Not collected by Elevate on its website. As part of a contractual obligation to fulfill a customer business requirement Service providers – HMO, payroll benefits, employee benefits administrators
C. Protected classification characteristics under California or federal law. Age, race, national origin, citizenship, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), information relating to same sex benefits, veteran or military status. Not collected by Elevate on its website. As part of a contractual obligation to fulfill a customer business requirement Service providers – HMO, payroll benefits, employee benefits administrators, Government agencies
D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. Not collected by Elevate on its website. As part of a contractual obligation to fulfill a customer business requirement Affiliated companies, Strategically aligned business
E. Biometric information. Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints. Not collected by Elevate on its website. As part of a contractual obligation to fulfill a customer business requirement None
F. Internet or similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. Information automatically collected from site visitors, Internal analytics As part of legitimate interest in performing services for you, security detection and protection, ad customization, internal research and development, and quality control Strategically aligned business
G. Sensory data. Audio and Visual information. Not collected by Elevate on its website. As part of a contractual obligation to fulfill a customer business requirement Affiliated companies, Strategically aligned business
H. Professional or employment-related information. Current or past job history or performance evaluations. Other data such as salary history, background checks, and other data submitted in your resume or CV. Directly from you through our Careers page As part of legitimate interest in performing HR services, processing of employment application Affiliated companies, Strategically aligned business
I. Education information, as defined by the Family Educational Rights and Privacy Act Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. Not collected by Elevate on its website. As part of legitimate interest in performing HR services, processing of employment application Affiliated companies, Strategically aligned business

 

Your Rights under the CCPA

The CCPA substantially limits the rights of Elevate and those third parties with whom we transact business regarding the information we collect. As of January 1, 2020, unless excluded by statute, verified California residents (“You” or “Your” in this section) have the following rights:

  1. Right to Notice– You have the right to receive full disclosure regarding (a) when Elevate collects Personal Information, the categories of data collected, the business purpose(s) for the collection, and the specific Personal Information collected; and (b) if Elevate “sells” or transfers Personal Information to third parties, or otherwise discloses Personal Information for a business purpose, the categories of Personal Information collected/sold, third parties sold to, and business purposes necessitating the sale or disclosure of Your Personal Information;
  2. Right to Access– You may make a verified request to access Your Personal Information collected by Elevate, as well as other related matters, such as the categories of collected Personal Information, specific Personal Information collected, and the categories of third parties with whom Your Personal Information is shared;
  3. Right to Opt-out– Should Elevate begin selling Personal Information about You to third parties, you have the right, at any time, to direct Elevate to not “sell” Your Personal Information;
  4. Right to Deletion– You have the right to request that Elevate delete the information it has collected about You; however, Elevate may retain Your information in certain instances, such as: completing the transaction for which it was collected, detecting security incidents, compliance with legal obligations or applicable laws, and/or other internal uses reasonably aligned with the consumer’s expectations;
  5. Right to Equal Services and Prices– You have the right to non-discrimination when exercising Your CCPA rights. Elevate is prohibited from denying goods or services, charging different prices or rates, providing a different level or quality, or suggesting You will receive a different price or rate or a different level or quality of goods or services if You choose to exercise Your rights under the CCPA; and
  6. Right to Correct Inaccurate Personal Data – You have the right to request that Elevate correct inaccuracies in your personal information that it holds.

For guidance on how to exercise these rights, please refer to the “Contact” section below.

Limit the Use or Disclosure of My Sensitive Personal Information
Under the CCPA, you can request that Elevate limits the use of your Sensitive Personal Information (SPI). Elevate does not collect SPI for marketing purposes.

Do Not Sell My Personal Information
Elevate does not sell personal information to third parties for monetary consideration but we may transfer information to a third party providing us with services, which may fall under the definition of “other valuable consideration,” which could be considered a ”sale” under the CCPA. If you are a California resident with concerns about such transfers we encourage you to contact us via the toll-free number or e-mail listed in the “Contact” section below.

2. Notice to Nevada Residents
Elevate does not disclose information for monetary consideration.

III. CHILD POLICY
Because of the nature of our business, Elevate does not market, collect information from or about, or provide services to minors, and therefore we do not knowingly attempt to solicit or receive any information from children under 18. If we have reason to believe information is provided by a person under the age of 18, we will not collect the information.

IV. COOKIES
Elevate does not share or sell personally identifiable information collected from our website. Information about our use of cookies:

  • Strictly necessary cookies – These are essential for the website’s functionality and your ability to use its features.
  • Preference cookies or “functionality cookies” – These are not enabled by default on Elevate’s website, but allow a website to remember your personal choices, such as language preference.
  • Statistics cookies or “performance cookies” – These are used to improve website functionality by collecting information about how a website is used, including pages visited and links clicked. All information collected through these cookiess are aggregated and cannot be used to identify you.

V. EMAIL COMMUNICATIONS
By providing your email address you agree to receive communications related to Elevate,  its services, and products. To unsubscribe from promotional emails, follow the instructions in the email.

VI. SECURITY CONTROLS
Privacy is a top priority for Elevate. We take all reasonable efforts to protect the information we have about you. Elevate follows the ISO/IEC 27001:2013 security management framework for protecting Elevate, customer, and personally indentifiable information. This includes physical and logical security controls and governance designed to secure confidential and sensitive information.

VII. IN-APPLICABILITY OF PRIVACY POLICIES OF ANY LINKED SITES OR OTHER PARTIES
This Privacy Notice only addresses Elevate’s use and disclosure of information collected on this site. Elevate is not responsible for the content or privacy practices of any third parties or linked sites. Visitors are encouraged to read any third parties or linked site’s applicable privacy policies and terms and conditions.

VIII. CONTACT
You may contact Elevate via telephone (+1 310 853 8448) or email  (dpo “at” elevate “dot” law) to exercise your rights under the CCPA or for inquires or concerns relating to such rights.

You may make a request for disclosure of our information collection processes, the information collected about you, or our sharing practices up to twice within a 12-month period. You may make a deletion request at any time. Elevate may require you to submit proof of your identity in order to verify the collected Personal Information pertains to you. We can neither respond to your request nor provide you with your Personal Information if we cannot verify your identity and confirm that the Personal Information relates to you. Your request will be completed within 45 days upon successful identity verification. If additional time is needed, we will notify you of our need for additional time.

Using an Authorized Agent. You may designate an authorized agent to make a request on your behalf subject to proof of identity and authorization. To do so, the agent must hold a formal Power of Attorney or you must (i) provide the agent with written permission to make a request and (ii) verify your own identity directly with us. We will require all authorized agents to submit proof to us that they have been authorized to make requests on your behalf.

IX. INFORMATION COLLECTED THROUGH OUR WEBSITES
Information provided to Elevate through our website, including the Contact Us form and by uploading  your resume or CV, are handled according to this Privacy Policy and subject to applicable privacy legislations. Please note that we do not engage in cross-context behavioral advertising. To exercise your rights afforded by GDPR and other global data privacy legislations, please contact us at dpo “at” elevate “dot” law.

Elevate retains the data collected through our websites based on applicable retention policies and legal requirements.

Personal Data collected from candidates’ CV is retained with consent for future employment opportunities, otherwise personal data is deleted after 1 year.

X. CHANGES TO PRIVACY NOTICE
Elevate may amend this Privacy Notice to reflect feedback or changes in legislation and reserves the right to make changes to this Privacy Notice at any time. The use of your information is subject to the Privacy Notice in effect at the time of use. The provisions contained in this Privacy Notice supersede all previous notices or policies regarding Elevate’s privacy practices with respect to this site. If we make material changes to the Privacy Notice, we will post the revised policy and the revised effective date on the site.

Updated Dec 11, 2023

Contact Us

Bubble