Privacy Notice – HR Data

Elevate Services, Inc. (“Elevate”) and ElevateNext US, LLC comply with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Elevate and ElevateNext US LLC have certified to the U.S. Department of Commerce that they adhere to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Elevate and ElevateNext US LLC have certified to the U.S. Department of Commerce that they adhere to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Elevate commits to cooperate with Information Commissioner’s Office (“ICO”), EU data protection authorities (“DPAs”) and the Swiss Federal Data Protection and Information Commissioner (“FDPIC”) and comply with the advice given by such authorities with regard to human resources data transferred from the EU, Switzerland, and UK in the context of the employment relationship.

Policy

  1. Collection of Personal Data. This privacy policy allows Elevate to lawfully collect, use and retain human resources (“HR”) related data of European Union (“EU”), Swiss, and United Kingdom (“UK”) individuals transferred from the EU, Switzerland, and UK to the United States. Human resource data may be disclosed to third parties service providers to assist with background checks, payroll, and other human resources activities.
  2. Access. EU, Swiss, and UK individuals have the right to access personal information about them, rectify incorrect personal information, delete personal information, and the choice to limit the use and disclosure of their Personal Data. If you wish to request access to your Personal Data for such purposes, please contact our privacy team at dpo@elevate.law or send a written request to the contact information provided below in the “Recourse Mechanism” section.
    If your personal information changes or you change your preference for receiving information from us, send us a request specifying your updated information or your new choice. Send such requests to dpo@elevate.law or by mail with the contact information provided in the “Recourse Mechanism” section.
  3. Choice. If Personal Data covered by this Privacy Policy is to be used for a new purpose that is materially different for which the personal data was originally collected or subsequently authorized or is to be disclosed to a non-agent third party in a manner not specified in the Policy, Elevate will provide you with an opportunity to choose whether to have your personal data to be used or disclosed. Requests to opt-out of such uses or disclosures of personal data should be sent to us as specified in the “Recourse Mechanism” section or contact dpo@elevate.law.
    Certain Personal Data, such as information about medical health conditions, racial or ethnic origin, political opinions, religious, or philosophical beliefs, is considered “Sensitive Personal Information.” Elevate will not use Sensitive Personal Information for a purpose different from the purpose for which it was originally collected or subsequently authorized by the individual unless Elevate has received your affirmative and explicit consent (i.e., opt-in).
  4. Onward Transfer/Potential Liability for Act of Third-Party. Elevate’s accountability for data it receives pursuant to the EU-U.S. DPF, the UK Extension, and the Swiss-U.S. DPF and any subsequent transfer of that data to third parties, is detailed in the Data Privacy Framework Principles. In cases of onward transfer to third parties of data of EU, UK, or Swiss individuals received pursuant to the EU-U.S. DPF, the UK Extension, and Swiss-U.S. DPF, Elevate is potentially liable. In particular, Elevate remains responsible and liable under the Data Privacy Framework Principles if third-party agents that it engages to process Personal Data on its behalf do so in a manner inconsistent with the Principles, unless Elevate proves that it is not responsible for the event giving rise to the damage.
  5. Limitation on Scope of the DPF Principles. Elevate adheres to the Data Privacy Framework Principles except, as required or allowed by law, to meet legal, governmental, law enforcement, or national security obligations, or to protect the health or safety of an individual.
  6. Changes to this Policy. This policy may be amended consistent with the requirements of the Data Privacy Framework. If this policy is updated, Elevate will revise the effective date of this policy and will post the updated policy on the Elevate intranet site.
  7. Recourse Mechanism. In compliance with the EU – U.S. DPF Principles, the UK Extension, and the Swiss U.S.-DPF Principles, Elevate commits to resolving complaints about our collection or use of your personal information. EU, Swiss, and UK individuals with inquiries or complaints regarding our DPF policy should first contact Elevate at:

    Elevate Services, Inc.
    Attn: General Counsel
    2375 E. Camelback Rd, Suite 690 Phoenix, AZ, 85016
    E-mail: dpo@elevate.law

    Under certain circumstances, more completely described on the Data Privacy Framework website,  EU, Swiss, and UK residents may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

Privacy Notice – NonHR Data

I. DATA PRIVACY FRAMEWORK POLICY

Purpose

Elevate Services, Inc. (“Elevate”) and ElevateNext US, LLC comply with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. Elevate and ElevateNext US LLC have certified to the U.S. Department of Commerce that they adhere to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Elevate and ElevateNext US LLC have certified to the U.S. Department of Commerce that they adhere to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Policy

  1. Collection of Personal and Sensitive Data
    Elevate provides services to corporate legal departments and law firms globally. These services include, but are not limited to, litigation support services, including data processing, document review and production, medical bill review, legal process services, business administration services, information technology services, and consulting services. While providing services to its customers, Elevate may, directly or through an Elevate Affiliate, receive or collect Personal Data or Sensitive Information from its customers. This data may be disclosed to third-party service providers to assist Elevate in providing services to Elevate’s customers. Human resource data may be disclosed to third-party service providers to assist with background checks, payroll, and other human resources activities.
  2. Use of Personal and Sensitive Data
    Elevate will only access or use Personal Data or Sensitive Information while performing services requested by its customers under its contractual obligations.
  3. Onward Transfer/Potential Liability for Acts of Third-Party
    Elevate is a B2B company and does not disclose Personal Data or Sensitive Information to third parties unless done under the direction and consent of its customers. Elevate’s accountability for data received under the EU-U.S. DPF, the UK Extension, and the Swiss-U.S. DPF and subsequent transfer of that data to third parties is detailed in the DPF Principles. In cases of onward transfer to third parties of data of EU individuals received under the EU-U.S. DPF, UK individuals received under the UK Extension, and Swiss individuals received under the Swiss-U.S. DPF, Elevate is potentially liable. In particular, Elevate remains responsible and liable under the DPF Principles if third-party agents that it engages to process Personal Data or Sensitive Information on its behalf do so in a manner inconsistent with the DPF Principles unless Elevate proves that it is not responsible for the event giving rise to the damage.
  4. Access
    EU, UK, and Swiss individuals have the right to access Personal Information or Sensitive Information about them, rectify incorrect personal information, delete personal information, and the choice to limit the use and disclosure of their Personal or Sensitive Data. If you wish to request access to your Personal or Sensitive Data for such purposes, please contact our privacy team at dpo@elevate.law or send a written request to the contact information in the “Recourse Mechanism” section.
    If your Personal Information or Sensitive Information changes or you change your preference for receiving information from us, send us a request specifying your updated information or your new choice. Send such requests to dpo@elevate.law or mail with the contact information in the “Recourse Mechanism” section.
  5. Choice
    If Personal Data covered by this Privacy Policy is to be used for a new purpose that is materially different for which the personal data was originally collected or subsequently authorized, or is to be disclosed to a non-agent third party in a manner not specified in the Policy, Elevate will provide you with an opportunity to choose whether to have your personal data to be used or disclosed. Requests to opt-out of such uses or disclosures of personal data should be sent to us as specified in the “Recourse Mechanism” section.
    Certain Personal Data, such as information about medical health conditions, racial or ethnic origin, political opinions, religious, or philosophical beliefs, is considered “Sensitive Personal Information.” Elevate will not use Sensitive Personal Information for a purpose different from the purpose for which it was originally collected or subsequently authorized by the individual unless Elevate has received your affirmative and explicit consent (i.e. opt-in).
  6. Safeguards
    Elevate, its Affiliates, and its third-party contractors maintain physical, electronic, and procedural safeguards designed to secure Personal and Sensitive Data and to prevent against the unauthorized or unlawful destruction, loss, alteration, or disclosure of the same. Elevate, its Affiliates, and its third-party contractors perform their own assessments of their compliance with this Privacy Policy and all applicable laws and regulations.
  7. Recourse Mechanism
    In compliance with the DPF Principles, Elevate commits to resolving complaints about your privacy and our collection or use of your Personal Information or Sensitive Information. European Union, UK, and Swiss individuals with inquiries or complaints regarding this privacy policy should first contact Elevate using the following information:

    Elevate Services, Inc.
    Attn: General Counsel
    2375 E. Camelback Rd, Suite 690, Phoenix, AZ, 85016
    E-mail: dpo@elevate.lawElevate has further committed to refer unresolved Data Privacy Framework complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit JAMS for more information or to file a complaint. The services of JAMS are provided at no cost to you.

  8. Arbitration
    Under certain conditions, an individual can invoke binding arbitration regarding complaints of Elevate’s DPF compliance not resolved by any of the other recourse mechanisms provided. For more information visit the Data Privacy Framework website.
  9. Lawful Disclosure
    Elevate is required to disclose information in response to lawful requests by public authorities. This includes meeting national security or law enforcement requirements placed on Elevate. Elevate may voluntarily issue a periodic transparency report on the number of requests for Personal Information or Sensitive Information it has received by public authorities for law enforcement or national security purposes. Such reports will only be issued to the extent such disclosures are permissible under applicable law.
  10. Enforcement and Investigative Power
    Elevate is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

Changes to this Privacy Policy. Elevate reserves the right to change this Privacy Policy from time to time consistent with applicable privacy laws and principles. Unless such changes afford greater protections regarding Personal or Sensitive Data, such changes will apply only to Personal or Sensitive Data received after the effective date of such change.

Definitions of Terms Used in this Privacy Policy:

“Affiliates” means any corporation, partnership, limited liability company, or other entity directly or indirectly controlled by, or under the common control of, Elevate Services, Inc.

“Associates” means an employee or independent contractor of Elevate or an Elevate Affiliate.

“Data Subject” means the natural person who is the subject of, and identified in, Personal or Sensitive Data.

“Elevate” means Elevate Services, Inc., incorporated under the laws of the state of Delaware having its corporate headquarters in Phoenix, Arizona, USA.

“European Union” or “EU” means the European Union consisting of its Member States, covered by the European Union Data Protection Directive.

“Personal Data” or “Personal Information” means any information relating to an identified or identifiable natural person; an identifiable natural person can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural, or social identity. By way of example, data such as an individual’s name, address, phone number, email address, user ID and password, personal billing information or credit card information. Personal Data does not include data that is encoded or anonymized, or publicly available information that has not been combined with non-public Personal Data.

“Sensitive Information” or references to “Sensitive Data” means personal information specifying medical or health condition, race, or ethnicity, political, religious, or philosophical affiliations or opinions, sexual orientation, or trade union membership.

“EU-U.S. Data Privacy Framework (EU-U.S. DPF) or the UK Extension to the EU-U.S. DPF, or the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF)” means the adequacy decision that allows for legal collection, use or retention of transfers of personal data of EU, UK, and Swiss persons outside of the EU, UK, and Switzerland to the United States. Certified DPF members must abide by the DPF Principles which are available at the DPF website provided below. All certified members of the framework are also available for viewing via a list provided on the DPF website.

Contact Us

Bubble