DATA PRIVACY FRAMEWORK POLICY

As a global company, ALERON GROUP (including Acara Solutions, Inc., Broadleaf Results, Inc., LUME Strategies, Inc., LUME CAD Strategies, Inc., myviaduct.com, Inc. and Talentrise, Inc. and their affiliates) may receive and process both European non-HR Data and affiliated entity European employees’ HR Data at ALERON GROUP’s operations in the United States (“ALERON GROUP U.S.”). ALERON GROUP recognizes that European privacy law requires “adequate protection” for the transfer of such European non-HR and HR Data to ALERON GROUP U.S. To provide this adequate protection, ALERON GROUP U.S. adheres to the principles of the EU-U.S. Data Privacy Framework (“EU – U.S. DPF”), the UK Extension to the EU – U.S. DPF and Swiss-U.S. Data Privacy Framework (collectively, the “Frameworks”) as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information transferred from the European Union, the United Kingdom (and Gibraltar) and Switzerland to the United States. ALERON GROUP has certified to the Department of Commerce that it adheres to the Data Privacy Framework Principals. If there is any conflict between the terms in this privacy policy and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall govern.  For more information about the Data Privacy Framework Principles or to access ALERON GROUP’s certification statement, please go to https://www.dataprivacyframework.gov.

Scope

This Data Privacy Framework Policy (“Policy”) applies to all European non-HR and HR Data received by ALERON GROUP U.S., either directly from the Internet or from other sources, and in any format whatsoever. This Policy does not apply to information about individuals located outside of the EEA.

Definitions

For the purpose of this Policy, the following definitions shall apply:

  • “Personal Data” means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
  • “European HR Data” means Personal Data about EEA employees (past or present) collected in the context of the employment relationship.
  • “European non-HR Data” means Personal Data about EEA citizens collected or processed as a result of our business relationships with our customers, delivery of ALERON GROUP’s services, individuals accessing our websites, marketing, and the processing of prospective job candidates’ information.
  • “Sensitive Personal Data” means Personal Data specifying medical, biometric, genetic, or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, information specifying the sex life of the individual or regarding criminal convictions or offenses.
  • “Processing” of Personal Data means any operation or set of operations which is performed upon Personal Data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.

TYPES OF PERSONAL DATA ALERON GROUP COLLECTS

EUROPEAN HR DATA

ALERON GROUP processes Personal Data of its employees and its affiliates’ employees in the EEA in order to facilitate standard day-to-day business activities and employment relationship activities. The categories of Personal Data, the purpose and legal basis for processing, and other required disclosures are communicated and provided to ALERON GROUP EEA employees via internal policies and procedures.

EUROPEAN NON-HR DATA

ALERON GROUP collects the following categories of Personal Data about site visitors, clients, prospective employment candidates, suppliers, and other third parties. The company uses this information for the purposes indicated in ALERON GROUP’s Privacy Policy.

  • Contact Data: Names, addresses, telephone numbers, email addresses
  • Job Candidate Data: Candidate-provided work background including education, employment background, training related to employment opportunities with ALERON GROUP
  • Customer Data: Personal Data received from ALERON GROUP’s customers necessary to support ALERON GROUP’s services
  • Registration Data: Publication requests, training events, subscriptions, and downloads
  • Marketing Data: Participation in marketing campaigns, access and requests for content and information
  • System and Device Data: IP addresses, ALERON GROUP cookies, third party cookies, web beacons
  1. Notice

ALERON GROUP notifies all non-employee EEA Data Subjects about its data practices regarding European non-HR Data and their Personal Data processed by ALERON GROUP in the U.S. from the EEA in this policy.

ALERON GROUP notifies its employees in the EEA regarding its policies and practices for European HR Data regarding their Personal Data received by ALERON GROUP in the U.S. from the EEA, via internal policies and procedures. ALERON GROUP employees should contact their local Human Resources Department or the Privacy Office for these policies.

  1. Choice

ALERON GROUP U.S. may disclose European Personal Data to its third party service providers/agents for the exclusive purpose of enabling them to provide services and/or support to ALERON GROUP in connection with the above mentioned purposes and functions. ALERON GROUP U.S. will exercise appropriate due diligence in the selection of such third party service providers, and require that such third party service providers maintain reasonable precautions to protect European Personal Data and otherwise process European Personal Data only as instructed by ALERON GROUP U.S. and for no other purposes. In certain situations, ALERON GROUP may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If European Personal Data covered by this Policy is to be used for a new purpose that is materially different from that for which the Personal Data was originally collected or subsequently authorized or is to be disclosed to a non-agent third party, ALERON GROUP will provide EEA Data Subjects with an opportunity to choose whether to have their Personal Data so used or disclosed. Requests to opt out of such uses or disclosures of Personal Data should be sent to: privacyoffice@aleroninc.com

  1. Accountability for Onward Transfer

Regardless of any other provisions in this Policy, we may also disclose European Personal Data when required to do so under law or by legal process or as may be otherwise permitted by the Framework. ALERON GROUP U.S. remains liable in cases of onward transfers to third parties unless it is established that ALERON GROUP U.S. is not responsible for the event giving rise to the damage.

  1. Security

ALERON GROUP takes reasonable and appropriate measures to protect personal data from loss, unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the data.

  1. Access

Pursuant to the Data Privacy Framework Principles, and in accordance with applicable data protection laws, EEA Data Subjects may have the right to: (i) request access to their European Personal Data; (ii) request rectification of their European Personal Data; (iii) request deletion of their Personal Data; or (iv) lodge a complaint with the competent data protection supervisory authority. Please note that these aforementioned rights might be limited under the applicable national data protection law, where the legitimate rights of other persons would be infringed, or where the burden or expense of providing access would be disproportionate.

  1. Recourse, Enforcement, and Liability

ALERON GROUP will remain responsible for collection, use, and disclosure of European Personal Data in accordance with the Framework. ALERON GROUP U.S. will investigate and attempt to resolve complaints and disputes regarding use and disclosure of European Personal Data in accordance with the Data Privacy Framework Principles. ALERON GROUP encourages interested employees with questions or concerns relating to ALERON GROUP U.S.’s Data Privacy Framework participation to contact the Data Privacy Framework Contact via email at privacyoffice@aleroninc.com or via post at: Privacy Office, Aleron Group, 250 International Drive, Williamsville, NY  14221.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, ALERON GROUP U.S. commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.  ALERON GROUP has also agreed to participate in the dispute resolution procedures of the panel established by such DPAs, ICO  and FDPICs to resolve disputes pursuant to the Data Privacy Framework Principles. Such resolution process is available free of charge to the employee. ALERON GROUP U.S. is subject to the investigatory and enforcement powers of the Federal Trade Commission, which is the competent supervisory authority under the Frameworks.

Where a complaint cannot be resolved by any of the before mentioned recourse mechanisms, employees have a right to invoke binding arbitration under the Data Privacy Framework Principles.

  1. Changes to this Data Privacy Framework Policy

This Policy may be amended from time to time consistent with the requirements of the Data Privacy Framework. Appropriate notice regarding such amendments will be provided.

Scroll to Top
Scroll to Top