Data Privacy Framework Policy (Formerly Privacy Shield)
This Data Privacy Framework Policy (“Policy“) (formerly Privacy Shield) describes how Accu-Time Systems, Inc. (“ATS,” “we,” “us” or “our”) collects, uses, and discloses certain personally identifiable information that we receive in the United States from the European Union (“EU Personal Data“), the United Kingdom (“UK Personal Data“), and Switzerland (“Swiss Personal Data” and combined with EU Personal Data and UK Personal Data, the “Personal Data”). This Policy applies to all of our United States legal entities, subsidiaries and/or affiliates that exist now or in the future. This Policy supplements our Website Privacy Policy and Terms of Use located at https://www.accu-time.com/privacy-notice.
- Commitment to Compliance
ATS complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. ATS has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (the “EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. ATS has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (the “Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.
In compliance with the UK Extension to the EU-U.S. DPF , ATS commits to cooperate and comply respectively with the advice of the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF in the context of the employment relationship.
If there is any conflict between the terms in this Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles (collectively, the “Principals”), the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program (the “DPF Program”), please visit https://www.dataprivacyframework.gov/.
ATS recognizes that the EU, UK, and Switzerland have established strict protections regarding the handling of Personal Data, including requirements to provide adequate protection for Personal Data transferred outside of their respective jurisdictions. To provide adequate protection for all Personal Data regarding consumers, clients, suppliers, business partners, job applicants and employees received in the US, ATS has elected to self-certify to the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF administered by the US Department of Commerce. ATS adheres to the EU-US Data Privacy Framework Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability.
The Federal Trade Commission has jurisdiction over ATS’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.
To review ATS’s representation on the Data Privacy Framework List, see the U.S. Department of Commerce’s Data Privacy Framework List located at https://www.dataprivacyframework.gov/s/participant-search.
2. Personal Data Collection and Use
We may receive the following categories of Personal Data in the U.S.: (i) employment and HR information; (ii) commercial information; (iii) demographic information; and (iv) consumer-specific information (including biometric information). Within these categories, we may collect information such as an individual’s name, location, , name of employer, professional role, , job qualifications (such as educational degrees earned), phone number, email address, user ID, , biometric template, and badge ID.
We process Personal Data for the following purposes: (i) to provide our services, including with respect to billing, identification, and authentication; (ii) to contact and communicate with our clients regarding our services, and (iii) for employment-related purposes including to process employment-related data in the U.S. and evaluate job candidates. Data subjects whose personally identifiable information we process include clients (and their respective employees or other users) and other legal persons, suppliers, business partners, job applicants, independent contractors, and employees.
We will only process Personal Data in ways that are compatible with the purpose of collection, or for purposes, the individual later authorizes. Before we use your Personal Data for a purpose that is materially different than the purpose we collected it for, or that you later authorized, we will provide you with the opportunity to opt out. We maintain reasonable procedures to help ensure that Personal Data is reliable for its intended use, accurate, complete, and current.
We may collect the following categories of sensitive Personal Data including but not limited to:, criminal history, and biometric template information as may be required by our customers, for identification of their employees, within the employment context. When we collect sensitive Personal Data, we will obtain your opt-in consent where the EU-U.S. DPF requires, including if we disclose your sensitive Personal Data to third parties, or before we use your sensitive Personal Data for a different purpose than we collected it for or than you later authorized. Certain exceptions to our obligation to obtain affirmative opt-in consent to process sensitive personal data are where the processing is: (i) in the vital interests of the individual or another person; (ii) necessary for the establishment of legal claims or defenses; (iii) required to provide medical care or diagnosis; (iv) carried out in the course of legitimate activities by certain foundations, associations, or other non-profit bodies; (v) necessary to carry out employment law-related obligations; (vi) related to data made public by the individual.
ATS commits to cooperate with the EU/EEA data protection authorities, the UK Information Commissioner’s Office and the Gibraltar Regulatory Authority, and the Swiss Data Protection and Information Commissioner and comply with the requirements of such authorities with regard to Personal Data transferred from the EU, the UK, and Switzerland.
3. Data Transfers to Third Parties
We may transfer Personal Data to our third-party agents or service providers who perform functions on our behalf. ATS will select third party agents or service providers who comply with the DPF Program, and are limiting their use of the data to the specified services provided on our behalf, in order to provide the same level of protection that the DPF Program requires, We take reasonable and appropriate steps to ensure that third-party agents and service providers process Personal Data in accordance with our DPF Program obligations and to stop and remediate any unauthorized processing. Under certain circumstances, we may remain liable for the acts of our third-party agents or service providers who perform services on our behalf for their handling of Personal Data that we transfer to them.
4. Disclosures for National Security or Law Enforcement
Under certain circumstances, we may be required to disclose your Personal Data in response to valid requests by public authorities, including to meet national security or law enforcement requirements, or as otherwise required by law. ATS is not liable for the use or re-disclosure of Personal Data by such recipients.
5. Security
We maintain reasonable and appropriate security measures to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with the DPF Program.
6. Access Rights
You may have the right to access the Personal Data that we hold about you and to request that we correct, amend, or delete it if it is inaccurate or processed in violation of the DPF Program. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances, or where it would violate the rights of someone other than the individual requesting access or where the data is controlled by your employer who acts as the Data Controller. If you would like to request access to, correction, amendment, or deletion of your Personal Data, you can contact ATS at: privacy@accu-time.commailto:privacy@epiqglobal.com. In some circumstances, we may charge a reasonable fee for access to your information.
7. Questions or Complaints
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, ATS commits to resolve complaints about our collection or use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our Policy should first contact ATS at: privacy@accu-time.com.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, ATS commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.
We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of your Personal Data within 45 days of receiving your complaint.
8. Binding Arbitration
You may have the option to select binding arbitration for the resolution of your complaint under certain circumstances, provided you have taken the following steps: (1) raised your complaint directly with us and provided us the opportunity to resolve the issue; (2) made use of the independent dispute resolution mechanism identified above; and (3) raised the issue through the relevant data protection authority and allowed the U.S. Department of Commerce an opportunity to resolve the complaint at no cost to you. For more information on binding arbitration, see U.S. Department of Commerce’s EU-U.S. DPF: Annex I of the DPF Principles.
9. Contact Us
If you have any questions about this Policy or would like to request access to your Personal Data, please contact us at privacy@accu-time.com.
10. Changes To This Policy
We reserve the right to amend this Policy from time to time to be consistent with the DPF Program’s requirements.
Effective Date: Oct, 10, 2023
Last modified: Oct, 10, 2023