EU-U.S. Privacy Shield Policy
This Privacy Shield Policy sets forth Emmes’s practices with respect to personal data it receives in the United States from the European Union in reliance on the Privacy Shield Framework.
To view Emmes’ certification, you can view the Privacy Shield List at https://www.privacyshield.gov/list.
“Personal Data” means data about an identified or identifiable person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to one or more factors specific to the individual, such as an identification number or a person’s physical, physiological, mental, economic, cultural or social identity.
“Processing” of personal data means any operation or set of operations that is performed on personal data, whether or not by automated means. Processing includes, by way of example, collection, recording, organization, storage, adaption or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.
Collection and Use of EU Personal Data
Employee Personal Data
We collect personal data from and about contingent workers, employees, former employees, and prospective employees. This can include someone’s name, contact information, social security or government-issued identification number, financial information, education and employment history, information about one’s family (spouse and dependents, for example), and job performance and development.
Our primary purpose in collecting and processing such information is to carry out the employment relationship. This includes but is not limited to payment, compensation planning and related transactions, providing and managing benefits, performance management, career development, training, staffing considering candidates for open positions, personnel security issues, headcount reporting, and statistical analysis.
Customer and Other Personal Data
Emmes collects personal data in connection with Emmes’ business activities, including offering and managing our products, services, and programs. This information can include name and contact information as well as information on demographics, health and wellness, healthcare or medication, inquiries or feedback about our products and programs, and preferences. We collect and process this information in order to provide requested products, services or programs; to personalize product information or provide additional information about our products and programs; to optimize or improve our products, programs, and operations; to manage customer information across Emmes programs and platforms; to conduct market research; to support research and development, including clinical research; for safety and efficacy monitoring; and for purposes of conducting certain legal, audit and regulatory compliance activities.
Sharing of Personal Data
Emmes may share personal data with applicable customers, affiliates, agents, contractors, or business partners so that they may perform services for us or so Emmes may perform services for them. Emmes remains liable under the Privacy Shield Framework if the third-party handles personal data in a manner inconsistent with the Framework, unless Emmes proves that it is not responsible for the third-party’s activities.
In addition, we may disclose personal data (i) as required by law or in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, (ii) to protect and defend Emmes’s rights, (iii) as incident to a corporate sale, merger, reorganization, dissolution, bankruptcy, or similar event, (iv) under circumstances we believe reasonably necessary to protect the personal safety of users of Emmes’ products, services and programs, or the public, or (v) as is otherwise described in this policy.
Your Rights and Choices
Under the Privacy Shield Framework and this policy, you have the right to request access to personal data about yourself and to request limitations on how Emmes uses or discloses personal data about you.
With our Privacy Shield certification, Emmes has committed to respect these rights. To exercise these rights, please contact us as indicated in the “Contact Information” section of this Policy. Emmes will respond to such requests within a reasonable timeframe.
Privacy Shield Inquiries or Complaints
In compliance with the Privacy Shield Principles, Emmes commits to resolve complaints about our collection or use of your personal information. European Union individuals with inquiries or complaints regarding our Privacy Shield policy should please contact us free of charge as indicated in the “Contact Information” section of this Policy.
If you have a complaint as described above, you may also contact free of charge the Data Protection Authority (DPA) in your country. The list of DPAs in the European Union is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
Emmes commits to cooperate with the panel established by the EU DPA and comply with the advice given by the panel with regard to human resources data transferred from the EU in the context of the employment relationship.
As further explained in the Privacy Shield Framework, a binding arbitration option will also be made available to address complaints not resolved by any other means. Emmes is subject to the investigatory and enforcement powers of the United States Federal Trade Commission (FTC).
Debra Glickfeld Bang Chief Counsel
The Emmes Corporation 401 North Washington Street, Suite 700 Rockville, Maryland, U.S.A. 20850