As a global company, ALERON GROUP (including Acara, Broadleaf, LUME, Viaduct and Talentrise companies and their affiliates) may receive and process both European non-HR Data and affiliated entity European employees’ HR Data at ALERON GROUP’s operations in the United States (“ALERON GROUP U.S.”). ALERON GROUP recognizes that European privacy law requires “adequate protection” for the transfer of such European non-HR and HR Data to ALERON GROUP U.S. To provide this adequate protection, ALERON GROUP U.S. adheres to the principles of the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework (the “Frameworks”) as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information transferred from the European Union and Switzerland to the United States. ALERON GROUP has certified to the Department of Commerce that it adheres to the Privacy Shield Principals. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  For more information about the Privacy Shield Principles or to access ALERON GROUP’s certification statement, please go to https://www.privacyshield.gov.

Scope

This Privacy Shield Policy (“Policy”) applies to all European non-HR and HR Data received by ALERON GROUP U.S., either directly from the Internet or from other sources, and in any format whatsoever. This Policy does not apply to information about individuals located outside of the EEA.

Definitions

For the purpose of this Policy, the following definitions shall apply:

  • “Personal Data” means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
  • “European HR Data” means Personal Data about EEA employees (past or present) collected in the context of the employment relationship.
  • “European non-HR Data” means Personal Data about EEA citizens collected or processed as a result of our business relationships with our customers, delivery of ALERON GROUP’s services, individuals accessing our websites, marketing, and the processing of prospective job candidates’ information.
  • “Sensitive Personal Data” means Personal Data specifying medical, biometric, genetic, or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, information specifying the sex life of the individual or regarding criminal convictions or offenses.
  • “Processing” of Personal Data means any operation or set of operations which is performed upon Personal Data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.

TYPES OF PERSONAL DATA ALERON GROUP COLLECTS

EUROPEAN HR DATA

ALERON GROUP processes Personal Data of its employees and its affiliates’ employees in the EEA in order to facilitate standard day-to-day business activities and employment relationship activities. The categories of Personal Data, the purpose and legal basis for processing, and other required disclosures are communicated and provided to ALERON GROUP EEA employees via internal policies and procedures.

EUROPEAN NON-HR DATA

ALERON GROUP collects the following categories of Personal Data about site visitors, clients, prospective employment candidates, suppliers, and other third parties. The company uses this information for the purposes indicated in ALERON GROUP’s Privacy Policy.

  • Contact Data: Names, addresses, telephone numbers, email addresses
  • Job Candidate Data: Candidate-provided work background including education, employment background, training related to employment opportunities with ALERON GROUP
  • Customer Data: Personal Data received from ALERON GROUP’s customers necessary to support ALERON GROUP’s services
  • Registration Data: Publication requests, training events, subscriptions, and downloads
  • Marketing Data: Participation in marketing campaigns, access and requests for content and information
  • System and Device Data: IP addresses, ALERON GROUP cookies, third party cookies, web beacons
  1. Notice

ALERON GROUP notifies all non-employee EEA Data Subjects about its data practices regarding European non-HR Data and their Personal Data processed by ALERON GROUP in the U.S. from the EEA in this policy

ALERON GROUP notifies its employees in the EEA regarding its policies and practices for European HR Data regarding their Personal Data received by ALERON GROUP in the U.S. from the EEA, via internal policies and procedures. ALERON GROUP employees should contact their local Human Resources Department or the Privacy Office for these policies.

  1. Choice

ALERON GROUP U.S. may disclose European Personal Data to its third party service providers/agents for the exclusive purpose of enabling them to provide services and/or support to ALERON GROUP in connection with the above mentioned purposes and functions. ALERON GROUP U.S. will exercise appropriate due diligence in the selection of such third party service providers, and require that such third party service providers maintain reasonable precautions to protect European Personal Data and otherwise process European Personal Data only as instructed by ALERON GROUP U.S. and for no other purposes. In certain situations, ALERON GROUP may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If European Personal Data covered by this Policy is to be used for a new purpose that is materially different from that for which the Personal Data was originally collected or subsequently authorized or is to be disclosed to a non-agent third party, ALERON GROUP will provide EEA Data Subjects with an opportunity to choose whether to have their Personal Data so used or disclosed. Requests to opt out of such uses or disclosures of Personal Data should be sent to: privacyoffice@aleroninc.com

  1. Accountability for Onward Transfer

Regardless of any other provisions in this Policy, we may also disclose European Personal Data when required to do so under law or by legal process or as may be otherwise permitted by the Framework. ALERON GROUP U.S. remains liable in cases of onward transfers to third parties unless it is established that ALERON GROUP U.S. is not responsible for the event giving rise to the damage.

  1. Security

ALERON GROUP takes reasonable and appropriate measures to protect personal data from loss, unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the data.

  1. Access

Pursuant to the Privacy Shield Principles, and in accordance with applicable data protection laws, EEA Data Subjects may have the right to: (i) request access to their European Personal Data; (ii) request rectification of their European Personal Data; (iii) request deletion of their Personal Data; or (iv) lodge a complaint with the competent data protection supervisory authority. Please note that these aforementioned rights might be limited under the applicable national data protection law, where the legitimate rights of other persons would be infringed, or where the burden or expense of providing access would be disproportionate.

  1. Recourse, Enforcement, and Liability

ALERON GROUP will remain responsible for collection, use, and disclosure of European Personal Data in accordance with the Framework. ALERON GROUP U.S. will investigate and attempt to resolve complaints and disputes regarding use and disclosure of European Personal Data in accordance with the Privacy Shield Principles. ALERON GROUP encourages interested employees with questions or concerns relating to ALERON GROUP U.S.’s Privacy Shield participation to contact the Privacy Shield Contact via email at privacyoffice@aleroninc.com or via post at: Privacy Office, Aleron Group, 250 International Drive, Williamsville, NY  14221.

With respect to any complaints relating to the Privacy Shield Principles that cannot be resolved through ALERON GROUP U.S.’s internal processes, ALERON GROUP U.S. has agreed to cooperate with the European data protection authorities (DPAs), and the Swiss Federal Data Protection and Information Commissioner (FDPIC), and comply with the advice given by such authorities with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland.  ALERON GROUP has also agreed to participate in the dispute resolution procedures of the panel established by such DPAs and FDPICs to resolve disputes pursuant to the Privacy Shield Principles. Such resolution process is available free of charge to the employee. ALERON GROUP U.S. is subject to the investigatory and enforcement powers of the Federal Trade Commission, which is the competent supervisory authority under the Frameworks.

Where a complaint cannot be resolved by any of the before mentioned recourse mechanisms, employees have a right to invoke binding arbitration under the Privacy Shield Principles.

  1. Changes to this Privacy Shield Policy

This Policy may be amended from time to time consistent with the requirements of the Privacy Shield. Appropriate notice regarding such amendments will be provided.