Legal notices | Privacy Shield

Privacy Shield Statement

HRMS Consulting complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union and Switzerland to the United States.

HRMS Consulting has certified to the Department of Commerce that it adheres to the Privacy Shield Privacy Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement, and liability. If there is any conflict between the policies in this Privacy Shield Statement (the “Policy”) and the Privacy Shield Privacy Principles, the Privacy Shield Privacy Principles shall govern. To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov.

All HRMS Consulting employees who handle Personal Data from Europe and Switzerland are required to comply with the Principles stated in this Policy. For purposes of this Policy, “Personal Data” and “personal information” means data about an identified or identifiable individual that are within the scope of the Directive, received by an organization in the United States from the European Union or Switzerland, and recorded in any form.

In the course of performing services to clients, HRMS Consulting may receive access to Personal Data that contains names, addresses, phone numbers, email addresses, etc. of EU or Swiss Persons, or such other categories of Personal Data, as authorized by our clients. Such clients typically have a closer employment or business relationship with the EU or Swiss Person (and therefore, can provide additional information on categories of Personal Data shared with us).

HRMS Consulting is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

Privacy Shield Principles

HRMS Consulting handles client Personal Data in accordance with our Policy, which is based upon the seven principles identified in the Privacy Shield Framework.

When HRMS Consulting receives client Personal Data for processing pursuant to instructions of our clients, we are acting as an agent for our client and do not provide notice to individuals regarding the collection and use of their personal data. Our clients remain responsible for providing notice, if and to the extent they believe such notice is necessary under applicable EU or Swiss law.

HRMS Consulting understands the importance of securing the Personal Data of our clients and has instituted several methods to ensure its confidentiality and integrity.

HRMS Consulting protection methods are based upon the Privacy Shield Framework published by the US Department of Commerce with respect to personal data about individuals in the EU or Switzerland that we receive from our clients. Client Personal Data processed by HRMS Consulting may be subject to contractual agreements with our clients that require more stringent privacy and security safeguards than the requirements in the Privacy Shield Framework.

HRMS Consulting ensures compliance with the Privacy Shield Program through its information security program which is maintained by the Information Security Department and approved by the Legal Department. We will monitor, test, and upgrade our policies, practices, and systems to aid in the protection of our clients’ Personal Data.

The HRMS Consulting safeguards protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, and destruction.

Only authorized HRMS Consulting personnel may access or transfer Personal Data solely for permitted business purposes. The transfer of Personal Data is protected by secure encryption technology. Please note that data safeguards do not guarantee data security.

Personal Data Collection and Use

HRMS Consulting is a full service HR consultancy. The services that we provide may require the collection and transmission of the client’s Personal Data.

The Personal Data we collect and transmit is provided to us by the client as per the contractual agreement that must be signed by both parties. HRMS Consulting will not use client Personal Data for any other purposes than for the purposes that HRMS Consulting clients provide such information.

HRMS Consulting collects and transmits Personal Data under the direction and in accordance to the requirements of our clients.

Onward Transfer of Personal Data

HRMS Consulting recognizes the potential liability in cases of onward transfer to third parties/partners. We will not transfer any Personal Data to our partners without first ensuring that they adhere to the Privacy Shield Principles. We will not transfer any Personal Data to our partners without the express consent of our clients. We do not transfer Personal Data to unrelated third-parties, unless lawfully directed by a client, or in certain limited or exceptional circumstances in accordance with the Privacy Shield Framework.

Should HRMS Consulting learn that an unrelated third party to which Personal Data has been transferred by HRMS Consulting is using or disclosing Personal Data in a manner contrary to this Policy, HRMS Consulting will take reasonable steps to prevent or stop the use or disclosure.

Client Personal Data is accessible only by those HRMS Consulting’s employees and authorized partners who have a reasonable need to access such information in order to fulfill contractual, legal and professional obligations. All of our employees and consultants have entered into strict confidentiality agreements, and/or have been subjected to thorough criminal background checks requiring that they maintain the confidentiality of such Personal Data.

HRMS Consulting may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Annual Assessment

HRMS Consulting will renew its EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield certification annually, unless it subsequently determines that it no longer needs such certifications. HRMS Consulting will complete a self-assessment to ensure that we maintain compliance with the Privacy Shield Policy. As with all HRMS Consulting policies, any employee found in violation will be subject to discipline, up to and including termination of employment and/or criminal prosecution.

Notification

HRMS Consulting notifies its clients about its adherence to the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield principles through its publicly posted website privacy policy, available at: https://www.hrmsconsulting.com/legal-notices/

Access, Change, or Delete Personal Data

HRMS Consulting receives Personal Data from our clients. If an EU or Swiss Person requires access to their Personal Data or needs to update, correct, or delete such Personal Data, such requests must be submitted directly to the client that provided such Personal Data to HRMS Consulting.

Policy Changes

This Policy may occasionally be updated in order to stay consistent with the Privacy Shield Principles and applicable data protection and privacy laws.

Privacy Shield Contact

In compliance with the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield, HRMS Consulting commits to resolve complaints about your privacy and our collection or use of Personal Data. European Union and Swiss individuals with inquiries or complaints regarding this Policy should contact us at USPrivacyShield@hrmsconsulting.com.

We will promptly investigate and attempt to resolve complaints and disputes in a manner that complies with the principles described in this Policy. If you are not satisfied with our response, or if contacting us does not resolve your complaint, you can contact JAMS: https://www.jamsadr.com/eu-us-privacy-shield – an independent dispute resolution mechanism, pursuant to the EU-U.S. and Swiss-U.S. Privacy Shield Framework.

EU or Swiss Persons (“Data Subjects”) may complain to their home data protection authority and can invoke binding arbitration for some residual claims not resolved by other redress mechanisms.

If you have a comment or concern that cannot be resolved with us directly, you may contact the competent local data protection authority.