First Orion EU-US Privacy Shield Policy for Human Resource Data (effective April 28, 2020)

First Orion Corporation and its subsidiaries, First Orion, UK, Ltd. and First Orion HQ, LLC (collectively “First Orion”) provide technology and data to give individuals tools to recognize and manage calls they receive and to help businesses reach the right people.   First Orion has offices and employees located in the UK.

Commitment to Privacy Shield

First Orion commits to conducting their business according to the EU-US Privacy Shield and to applying the Principles to all personal HR data received from the EU.  First Orion and other companies who are registered with the U.S. Department of Commerce Privacy Shield program can be found at https://www.privacyshield.gov.

First Orion has appointed a Chief Privacy Officer (“CPO”) and a Chief Security Officer (“CSO”) who are collectively responsible for internal oversight of First Orion’s privacy and security policies and practices, including EU-US Privacy Shield.  First Orion’s CPO and CSO are available to employees who have questions concerning its compliance with Privacy Shield or security related matters.

Collection and Use of Personal Data

Personal information received by First Orion from the EU includes human resource data on employees in the UK. First Orion is a data controller when it collects and maintains human resources data, including applications for employment on EU individuals and personnel files on EU employees. Any personal data provided by First Onion employees in the EU during the course of their employment will be handled and transferred in compliance with the requirements of the law of the UK or member state. Such personal data, including sensitive data, will be collected, held, processed and disclosed by First Orion to third party subcontractors, or any other person as may be reasonably necessary, as required by law.

Disclosures and Onward Transfers

First Orion complies with all obligations in Privacy Shield regarding disclosure or transfer of personal information to a third party.  First Orion takes reasonable steps to ensure that the third party effectively processes the personal information in a manner consistent with First Orion’s obligations under the Principles.

When First Orion uses data processors to perform certain processing tasks on behalf and under the instruction of First Orion, it requires such processors to either certify under Privacy Shield or another adequacy finding, or enter into a written agreement requiring they process the data only for limited and specified purposes and to provide the same level of protection that First Orion provides.  In cases of onward transfer to third parties, First Orion is generally liable for the acts of the third party that are in violation of the Privacy Shield Principles.

First Orion may be required to disclose personal information in response to a lawful request by public authorities, including requests to meet national security or law enforcement requirements.

Education

First Orion commits to educating its employees in the U.S. and in the EU about the issues, guidelines and laws related to compliance with Privacy Shield.

Data Integrity and Security

First Orion takes reasonable steps to ensure the information transferred from the EU to the U.S. is reliable, accurate and complete based on the purposes for which the personal information is used.

First Orion has an information security policy in place to protect personal information from loss, misuse, unauthorized access, disclosure, alteration, and destruction.  First Orion’s CSO is responsible for conducting investigations into any alleged breach, incident or problem, and ensuring that proper disciplinary action is taken against those who violate First Orion’s information security policy.

Right to Know, Delete, or Opt-Out

Data subjects and employees may contact First Orion with inquiries or complaints about its compliance with Privacy Shield.  In addition to access and choice rights provided to data subjects in First Orion applications or through customized privately branded applications, and customized in-network solutions, a data subject or an employee has the right to learn whether First Orion has personal data about him or her, and to correct, amend or delete that personal information when it is inaccurate subject to other limitations as defined by law.

Verified Requests

Data subjects and employees have the right to submit a request to First Orion to exercise their right to know, their right to delete and in some cases their right to opt-out as described below. Before fulfilling the request, First Orion must verify that the person making the request is the one about whom it has collected personal information. Failure to satisfactorily verify their identity will prevent the request from being fulfilled in entirety.

Right to Know

Data subjects and employees have the right to know what personal information is collected, used, disclosed, or sold by First Orion and how the information will be used. Upon receipt of a verified request, First Orion will disclose to the data subject the specific pieces of personal information it has collected. The types of sources from which the personal information is collected, the business purpose for which the personal information is collected, and the categories of third parties with whom First Orion  shares the personal information can be found in First Orion’s privacy policy.

Right to Delete

Data subjects and employees have the right to request that First Orion delete their personal information in certain circumstances.  If they submit a verified request to delete, First Orion will delete all of their personal information from its records unless that personal information is necessary for First Orion to complete the transaction for which the information was collected, to protect against deceptive, fraudulent, or illegal activity, to enable solely internal uses that are aligned with the data subject’s relationship with First Orion or comply with a legal obligation.

Right to Opt-Out of the Sale of Personal Information

Data subjects have the right to direct First Orion to stop selling their personal information to a third party. If they submit a verified request to opt-out, First Orion will stop selling personal information about them to third parties. If, later, they want to allow First Orion to sell their personal information, they can send an opt-in request to First Orion.

First Orion provides a prominent link on its website (“Do Not Sell My Personal Data”) to a webpage to submit a request.

If First Orion collects personal information, but does not sell it, First Orion will so state in its privacy policy.

Additional Information about Rights

Personal Information

The rights listed above only apply to  personal information – meaning information that identifies, relates to, describes, or could reasonably be linked to a data subject  (such as name, phone number, online identifiers, records of services purchased, purchasing history,  browsing or search history, and inferences drawn from any other personal information).  Personal information does not include publicly available information that is made available from government records.

Service Providers

In those instances, where First Orion is a service provider to another business and the data subject sends First Orion a request, the request can only be acted on by the business, not First Orion.

 

To exercise the above rights, a data subject may contact First Orion by using the following link http://firstorion.com/contact/, by calling 1-877-640-4220 or by writing to:

First Orion Corp.
Attention: Privacy Officer
520 Main Street, Suite 400
North Little Rock AR 72114 USA

An employee may exercise these rights by emailing privacyrequests@firstorion.com  or by writing to the above address.

Enforcement and Disputes

First Orion commits to resolve complaints about your privacy and our collection or use of your personal information. Data subjects, including employees, with questions or concerns should write to the above address. First Orion will contact the individual and explain the process for filing a complaint.

First Orion is a participant in the U.S. DMA’s division of the ANA’s Privacy Shield dispute resolution program.  If a data subject cannot resolve a complaint after contacting First Orion, they may pursue recourse by contacting the DMA division of the ANA as follows, free of charge:

DMA division of the ANA (Association of National Advertisers)

Online information and complaint form:

https://thedma.org/resources/consumer-resources/privacyshield-consumers/

225 Reinekers Lane, Suite 325

Alexandria, VA 22314

Under certain conditions, a data subject may invoke binding arbitration to resolve residual claims.  In addition, First Orion agrees to cooperate with local EU Data Protection Authorities to resolve an EU First Orion employee’s dispute concerning human resources data or an alleged breach of Privacy Shield Principles.

First Orion is subject to the investigatory powers of the Federal Trade Commission (“FTC”).

© 2020 First Orion Corp. All rights reserved.
First Orion Corp., 520 Main St, Suite 400, North Little Rock, Arkansas 72114, USA.