(updated September 19, 2024)
Aperian Global Inc. and its Subsidiaries
1. Introduction.
This document sets forth Aperian Global, Inc.’s (Aperian) HR Privacy Policy (the “Policy”) governing the Company’s use of Personal Data (as defined below) in accordance with E.U.-U.S. Data Privacy Framework, it’s UK Extension, and the Swiss – U.S. Data Privacy Framework requirements. This Policy is applicable to all employees of Aperian and its subsidiaries listed below:
Aperian Global ApS (Denmark)
Aperian Global, Pte Ltd (Singapore)
Aperian Global, Inc. (US branch office in Japan)
Aperian Management Consulting Private Ltd (India)
This group of companies is referred to in this Policy document variously as Aperian or as the “Company”. For further information contact:
Torben Rasmussen
Chief Financial Officer
Bredgade 33. 2tv
6000 Kolding, Denmark
+45 4053 6911
2. Scope.
Aperian’s policy is to respect and protect Personal Data collected or maintained by or on behalf of the Company. In furtherance of our commitment to this Policy, Aperian Global, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Aperian Global, Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Aperian Global, Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the UK Extension to the EU-U.S. DPF and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Aperian Global, Inc. commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.
3. Definitions.
- Agent. “Agent” means any third party that processes Personal Data under the instructions of and solely for Aperian or to which Aperian discloses Personal Data for use on its behalf.
- Data Subject. “Data Subject” is a natural person resident in the EEA, UK or Switzerland who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity. For purposes of this Policy, Data Subject shall be restricted to applicants for employment or contract work, any current and former Aperian employees, as well as current and former contract personnel, including but not limited to, temporary and permanent employees, retirees, and other former employees as well as dependents of such employees.
- Personal Data (“Personally Identifiable Data”). “Personal Data” means any information or set of information in any form that relates to a Data Subject.
- Processing of “Personal Data”. Processing of “Personal Data” (“processing”) shall mean any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
- Sensitive Personal Data. “Sensitive Personal Data” means Personal Data that reveals race, ethnic origin, political opinion, religious or philosophical beliefs, trade union membership, any information that concerns health or sex life, or information relating to the commission of a criminal offense. As applicable to Swiss residents, sensitive personal data includes ideological views or activities, information on social security measures or administrative or criminal proceedings and sanctions, which are treated outside pending proceedings.
- Third-Party Agent. “Third Party Agent” shall mean any natural or legal person that is not a subsidiary, employee or director of Aperian Global Inc. or its subsidiaries.
4. Principles.
- Notice. Aperian shall inform Data Subjects that it participates and subjects itself to the Principles of the Data Privacy Frameworks, the purpose for which it collects and uses Personal Data and the types (or identity) of Third Party Agents to whom the Company discloses or may disclose that Personal Data. Aperian will provide notice in clear and conspicuous language when Data Subjects are first asked to provide Personal Data to the Company, or as soon as practicable thereafter, and in any event, before the Company uses or discloses the Personal Data for a purpose other than that for which it was originally collected. To view our cookie policy, please go to https://aperian.com/privacy-policy.
Aperian collects Personal Data including Sensitive Personal Data such as:
- Contact Information, such as name, email address, mailing address, or phone number;
- Demographic information, such as age, education, gender, interests and zip code;
- Billing Information, such as credit card number and billing address;
- Financial Information, such as bank or brokerage account numbers, and types of investments;
- Social Security Number or Driver’s License Number;
- Unique Identifiers, such as username, account number or password;
- Preference Information, such as product wish lists, order history, or marketing preferences;
- Health or Medical Information, such as dependents, medical conditions, prescription information;
- Emergency contact information;
- Resumes and CVs;
- Cultural and ethnic background;
- Work and education history;
- Trainings and certifications;
- Username and password, in order to import contacts from your email provider;
- Information about your business, such as company name, company size, business type.
We use this Personal Data about applicants, contractors and employees for human resources or compliance-related functions, including, without limitation for:
- Human resources management. This purpose includes human resource management activities carried out during recruitment or the performance of an employment contract, such as interviews, on boarding, termination of employment, attendance, performance management, compensation and benefits, training, employee services, health and occupational safety, and other activities for the purpose of human resource management or protecting the vital interests of employee.
- Other business operations. This purpose includes business activities such as managing travel and expenses, managing company assets, providing IT services, information security, conducting internal audits and investigations, fulfilling the obligations of business contracts, legal or business consulting, and preparing for legal litigation, etc.
- Compliance with the law. The Processing of employee Personal Data in order to comply with legal obligations, for example: the disclosure of employee Personal Data to a tax authority in order to comply with applicable tax laws.
We may share your information with third parties who provide services on our behalf to help with the human resources or compliance-related functions listed above. These companies are authorized to use your personal information only as necessary to provide these services to us.
- Choice. If Aperian intends to use Personal Data for purposes outside of the Company’s human resources-related functions (such as marketing communications) and (i) discloses Personal Data to a Third Party or (ii) uses the Personal Data for a purpose other than the purpose for which it was originally collected or subsequently authorized by the Data Subject, the Company will offer the Data Subject the opportunity to affirmatively or explicitly consent (opt-out) whether their Personal Data is (1) to be disclosed to a Third Party or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the Data Subject in accordance with the Choice Principle of the Data Privacy Framework. This includes giving the Data Subject an opportunity to opt-in before sharing any Sensitive information to any third party for any purpose other than those for which it was originally collected.
- Accountability For Onward Transfers. Prior to disclosing Personal Data to a Third Party, Aperian shall notify the Data Subject of such disclosure and allow the Data Subject the choice to opt-out of such disclosure unless the disclosure meets an employment requirement or is made to an Agent. Aperian shall enter into contracts to ensure that any Third Party to whom Personal Data may be disclosed is aware of and adheres to the Principles Frameworks or is subject to law providing the same level of privacy protection as is required by the Principles Frameworks and agrees to provide an adequate level of privacy protection. The Company shall also, upon notice, take reasonable and appropriate steps to stop and remediate unauthorized processing by third party agents and agrees to provide a summary or a representative copy of the relevant privacy provisions of its contracts with agents of the DOC upon request.
The storage by Company of Personal Data on servers and/or on software made available or hosted by Third Party vendors shall not be considered disclosures of Personal Data to a Third Party so long as the Third Party vendor does not have direct access to the Personal Data stored or hosted. In all events, Aperian shall ensure by contract that any such Third Party vendor (a) is aware of the Principles or (b) is subject to laws providing the same level of privacy protection as is required by the Principles or (c) has contractual safeguards in place to protect the Personal Data.
Aperian is responsible for the processing of personal data it receives, under the Data Privacy Framework, and subsequently transfers to a third party acting as an agent on its behalf. Aperian complies with the Data Privacy Framework Principles for all onward transfers of personal data from the EU, UK and/or Switzerland, including the onward transfer liability provisions.
- Security. Aperian takes reasonable and appropriate administrative, technical and physical measures to protect the confidentiality, integrity and availability of Personal Data, whether in electronic or tangible, hard copy form. Aperian shall take reasonable steps to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction.
- Data Integrity And Purpose Limitation. Aperian limits the collection, use and retention of Personal Data to that which is germane for the intended purposes for which it was collected or authorized by the Data Subject and takes reasonable steps to ensure that all Personal Data is reliable, accurate, complete and current. Aperian depends on its candidates, contractors and employees to keep Personal Data reliable, accurate, complete and current and will rely on them to maintain the integrity of all Personal Data they provide to the Company. Personal Data that has been collected during the candidate recruitment and selection process will be used strictly for recruitment purposes and will only be kept until the relevant role has been filled and the introductory period completed. The Company shall also adhere to the Principles for as long as it retains such Personal Data.
- Access. Aperian shall allow Data Subjects to access their Personal Data and to correct, amend or delete inaccurate information or information that is processed against the Principles, except (i) where the burden or expense of providing access would be disproportionate to the risks to the privacy of the Data Subject in the case in question, (ii) for requests which are manifestly abusive, based on unreasonable intervals or their number or repetitive or systematic nature, or (iii) where the rights of persons other than the Data Subject would be violated. Data subjects can utilize the Human Resources Portal available at BambooHR to update their personal information or they may email hrprivacy@aperian.com in order to do so.
Aperian is not required to identify the sources of Personal Data when such identification is not possible through reasonable efforts, or where the rights of persons other than the affected Data Subject would be violated. If there are compelling grounds to doubt the legitimacy of a Data Subject’s request for rectification, amendment or deletion of his or her Personal Data, Aperian may require further justifications before performing the Data Subject’s request. Aperian is not required to notify Third Parties to whom the Personal Data has been disclosed of any rectification, amendment or deletion when such notification involves a disproportionate effort or unreasonable burden.
- Recourse, Enforcement, and Liability. Aperian periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, is disseminated to its employees, is completely implemented and accessible and is in conformity with the Principles set forth in this Policy. Aperian encourages interested persons to raise any concerns using the contact information provided below and will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of Personal Data in accordance with the Principles.
- EU residents. For EU residents Aperian has agreed to cooperate with the European Data Protection Authorities [http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm] for the purpose of handling any unresolved complaints regarding Personal Data concerns. EU Data Subjects (employees) may engage their local Data Protection and/or Labor Authority concerning adherence to the Principles and the Company shall respond directly to such authorities with regard to investigations and resolution of complaints.
- Swiss residents. For Swiss residents, Aperian has agreed to cooperate with the Swiss Federal Data Protection and Information Commissioner (FDPIC) [https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html]. Swiss Data Subjects (employees) may engage the FDPIC concerning adherence to the Principles and the Company shall respond directly to such authorities with regard to investigations and resolution of complaints.
- EU, UK and Swiss residents. Under certain conditions, more fully described on the Data Privacy Framework website
[https://www.dataprivacyframework.gov/s/article/How-to-Submit-a-Complaint-Relating-to-a-Participating-Organization-s-Compliance-with-the-DPF-Principles-dpf], you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
5. Limitation of Scope and Principles.
Aperian adheres to the Principles Frameworks except, as required or allowed by law, to meet legal, governmental, law enforcement or national security obligations, or to protect the health or safety of an individual.
With respect to personal information received or transferred pursuant to the Data Privacy Frameworks, Aperian is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
6. Changes to this Policy.
This Policy may be amended consistent with the requirements of Data Privacy Frameworks. When Aperian updates the Policy, it will also revise the “Last Updated” date at the bottom of this document. Any material changes to this Policy will also be posted on Aperian’s intranet.
7. Contact Information.
Questions, comments or complaints regarding this Policy or Aperian Personal Data processing practices can be mailed or emailed to:
Aperian Global, Inc.
Attn: Privacy Department
414 Fayetteville St, 4th floor,
Raleigh, NC 27601
1.628 222.3773
hrprivacy@aperian.com
Effective Date: May 25, 2018
Last Updated: September 18, 2023