First Orion EU-US Privacy Shield Policy for Human Resource Data (effective February 1, 2017)
First Orion Corporation, doing business as PrivacyStarTM, and its subsidiaries (collectively “First Orion”) provide technology and data to give individuals tools to recognize and manage calls they receive and to help businesses reach the right people. First Orion has offices and employees located in the UK.
Commitment to Privacy Shield
First Orion commits to conducting their business according to the EU-US Privacy Shield and to applying the Principles to all personal HR data received from the EU. First Orion and other companies who are registered with the U.S. Department of Commerce Privacy Shield program can be found at https://www.privacyshield.gov.
First Orion has appointed a Chief Privacy Officer (“CPO”) and a Chief Security Officer (“CSO”) who are collectively responsible for internal oversight of First Orion’s privacy and security policies and practices, including EU-US Privacy Shield. First Orion’s CPO and CSO are available to employees who have questions concerning its compliance with Privacy Shield or security related matters.
Collection and Use of Personal Data
Personal information received by First Orion from the EU includes human resource data on employees in the UK. First Orion is a data controller when it collects and maintains human resources data, including applications for employment on EU individuals and personnel files on EU employees. Any personal data provided by First Onion employees in the EU during the course of their employment will be handled and transferred in compliance with the requirements of the law of the UK or member state. Such personal data, including sensitive data, will be collected, held, processed and disclosed by First Orion to third party subcontractors, or any other person as may be reasonably necessary, as required by law.
Disclosures and Onward Transfers
First Orion complies with all obligations in Privacy Shield regarding disclosure or transfer of personal information to a third party. First Orion takes reasonable steps to ensure that the third party effectively processes the personal information in a manner consistent with First Orion’s obligations under the Principles.
When First Orion uses data processors to perform certain processing tasks on behalf and under the instruction of First Orion, it requires such processors to either certify under Privacy Shield or another adequacy finding, or enter into a written agreement requiring they process the data only for limited and specified purposes and to provide the same level of protection that First Orion provides. In cases of onward transfer to third parties, First Orion is generally liable for the acts of the third party that are in violation of the Privacy Shield Principles.
First Orion may be required to disclose personal information in response to a lawful request by public authorities, including requests to meet national security or law enforcement requirements.
First Orion commits to educating its employees in the U.S. and in the EU about the issues, guidelines and laws related to compliance with Privacy Shield.
Data Integrity and Security
First Orion takes reasonable steps to ensure the information transferred from the EU to the U.S. is reliable, accurate and complete based on the purposes for which the personal information is used.
First Orion has an information security policy in place to protect personal information from loss, misuse, unauthorized access, disclosure, alteration, and destruction. First Orion’s CSO is responsible for conducting investigations into any alleged breach, incident or problem, and ensuring that proper disciplinary action is taken against those who violate First Orion’s information security policy.
Right to Access, Change or Delete Personal Data
Data subjects, including employees, may contact First Orion with inquiries or complaints about its compliance with Privacy Shield. In addition to access and choice rights provided to data subjects in First Orion applications or through customized privately branded applications, and customized in-network solutions, a data subject has the right to learn whether First Orion has personal data about him or her, and to correct, amend or delete that personal information when it is inaccurate, subject to other limitations as defined by law. To exercise these rights, a data subject may contact First Orion at firstname.lastname@example.org or by writing to:
First Orion Corp.
Attention: Privacy Officer
500 President Clinton Avenue, Suite 215
Little Rock AR 72201 USA
Enforcement and Disputes
First Orion commits to resolve complaints about your privacy and our collection or use of your personal information. Data subjects, including employees, with questions or concerns should write to the above address. First Orion will contact the individual and explain the process for filing a complaint.
First Orion is a participant in the U.S. DMA’s Privacy Shield dispute resolution program. If a data subject cannot resolve a complaint after contacting First Orion, they may pursue recourse by contacting the DMA as follows, free of charge:
Direct & Marketing Association (DMA)
Online complaint form: https://thedma.org/shield-complaint-form/
Mail: Privacy Shield Line
1615 L Street, NW, Suite 1100
Washington DC 20036
Under certain conditions, a data subject may invoke binding arbitration to resolve residual claims. In addition, First Orion agrees to cooperate with local EU Data Protection Authorities to resolve an EU First Orion employee’s dispute concerning human resources data or an alleged breach of Privacy Shield Principles.
First Orion is subject to the investigatory powers of the Federal Trade Commission (“FTC”).
© 2016 First Orion Corp. All rights reserved.
First Orion Corp., 500 President Clinton Avenue, Suite 215, Little Rock, Arkansas 72001, USA.