Privacy Notice – HR Data
Elevate Services, Inc. (“Elevate”) and ElevateNext US, LLC comply with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Elevate and ElevateNext US LLC have certified to the U.S. Department of Commerce that they adhere to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Elevate and ElevateNext US LLC have certified to the U.S. Department of Commerce that they adhere to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.
If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Elevate commits to cooperate with Information Commissioner’s Office (“ICO”), EU data protection authorities (“DPAs”) and the Swiss Federal Data Protection and Information Commissioner (“FDPIC”) and comply with the advice given by such authorities with regard to human resources data transferred from the EU, Switzerland, and UK in the context of the employment relationship.
Policy
- Collection of Personal Data. This privacy policy allows Elevate to lawfully collect, use and retain human resources (“HR”) related data of European Union (“EU”), Swiss, and United Kingdom (“UK”) individuals transferred from the EU, Switzerland, and UK to the United States. Human resource data may be disclosed to third parties service providers to assist with background checks, payroll, and other human resources activities.
- Access. EU, Swiss, and UK individuals have the right to access personal information about them, rectify incorrect personal information, delete personal information, and the choice to limit the use and disclosure of their Personal Data. If you wish to request access to your Personal Data for such purposes, please contact our privacy team at dpo@elevate.law or send a written request to the contact information provided below in the “Recourse Mechanism” section.
If your personal information changes or you change your preference for receiving information from us, send us a request specifying your updated information or your new choice. Send such requests to dpo@elevate.law or by mail with the contact information provided in the “Recourse Mechanism” section. - Choice. If Personal Data covered by this Privacy Policy is to be used for a new purpose that is materially different for which the personal data was originally collected or subsequently authorized or is to be disclosed to a non-agent third party in a manner not specified in the Policy, Elevate will provide you with an opportunity to choose whether to have your personal data to be used or disclosed. Requests to opt-out of such uses or disclosures of personal data should be sent to us as specified in the “Recourse Mechanism” section or contact dpo@elevate.law.
Certain Personal Data, such as information about medical health conditions, racial or ethnic origin, political opinions, religious, or philosophical beliefs, is considered “Sensitive Personal Information.” Elevate will not use Sensitive Personal Information for a purpose different from the purpose for which it was originally collected or subsequently authorized by the individual unless Elevate has received your affirmative and explicit consent (i.e., opt-in). - Onward Transfer/Potential Liability for Act of Third-Party. Elevate’s accountability for data it receives pursuant to the EU-U.S. DPF, the UK Extension, and the Swiss-U.S. DPF and any subsequent transfer of that data to third parties, is detailed in the Data Privacy Framework Principles. In cases of onward transfer to third parties of data of EU, UK, or Swiss individuals received pursuant to the EU-U.S. DPF, the UK Extension, and Swiss-U.S. DPF, Elevate is potentially liable. In particular, Elevate remains responsible and liable under the Data Privacy Framework Principles if third-party agents that it engages to process Personal Data on its behalf do so in a manner inconsistent with the Principles, unless Elevate proves that it is not responsible for the event giving rise to the damage.
- Limitation on Scope of the DPF Principles. Elevate adheres to the Data Privacy Framework Principles except, as required or allowed by law, to meet legal, governmental, law enforcement, or national security obligations, or to protect the health or safety of an individual.
- Changes to this Policy. This policy may be amended consistent with the requirements of the Data Privacy Framework. If this policy is updated, Elevate will revise the effective date of this policy and will post the updated policy on the Elevate intranet site.
- Recourse Mechanism. In compliance with the EU – U.S. DPF Principles, the UK Extension, and the Swiss U.S.-DPF Principles, Elevate commits to resolving complaints about our collection or use of your personal information. EU, Swiss, and UK individuals with inquiries or complaints regarding our DPF policy should first contact Elevate at:
Elevate Services, Inc.
Attn: General Counsel
2375 E. Camelback Rd, Suite 690 Phoenix, AZ, 85016
E-mail: dpo@elevate.law
Under certain circumstances, more completely described on the Data Privacy Framework website, EU, Swiss, and UK residents may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.