BackOffice has self-certified to the Department of Commerce its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (collectively, the “Frameworks”) and by publishing this Notice, BackOffice hereby publicly commits to comply with each of the Framework’s requirements by adopting and implementing the Privacy Shield Principals (the “Principals”). For more information, please visit the International Trade Administration of the United States Department of Commerce Privacy Shield Framework website located here. You may view BackOffice’s certificate from the Department of Commerce here. By committing to comply with each of the Frameworks and the Principals, it is BackOffice’s intent to meet and exceed the adequacy requirement for data protection under EU and Swiss law. If there is any conflict between the terms in this Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern.
I. Confirm Eligibility. FTC Jurisdiction.
The United States Federal Trade Commission has jurisdiction over BackOffice’s compliance with the Principles.
II. Types of Personal Data We Collect.
BackOffice collects personal data from individuals who visit the Websites, and individual representatives of its corporate customers who use and access the BackOffice Services, as well as individual representatives of its suppliers and business partners.
From the Websites and the BackOffice Services, BackOffice may collect the following types of personal data:
- contact information, for example, name and email address;
Host Information; and
BackOffice also collects or has access to personal data from BackOffice Employees, including the following types:
- contact information, for example, name and personal email address and phone number;
- date of birth;
- government-issued identification information, visa or passport information;
- educational, employment or military service history
- work eligibility and/or authorization
- job performance and compensation information;
- bank account or other financial account information; and
- other information that an Employee may provide
III. Purposes of Collection and Use.
BackOffice uses this information in order to operate, improve, and optimize the Websites and the BackOffice Services, as well as generate leads for its sales and marketing teams. BackOffice also uses Host Information and Usage Information alone or in combination with users’ Personal Information to provide its users (“Users”) of the Websites and BackOffice Services with personalized information about BackOffice, to provide the BackOffice Services that a User requested, prevent or address technical issues, respond to support issues and to improve the BackOffice Services. BackOffice personnel and its authorized third-party agents may only access and use Personal Information if such individuals are authorized to do so and only for the purpose for which such individuals are authorized.
With regards to personal data from BackOffice Employees, BackOffice uses such personal data to carry out and support human resources functions and activities, which may include: (i) recruiting and hiring job applicants; (ii) managing BackOffice Employee communications and relations; (iii) providing compensation and benefits; (iv) administering payroll; (v) processing corporate expenses and reimbursements; (vi) managing BackOffice Employee participation in human resources plans and programs; (vii) carrying out obligations under employment agreements; (viii) managing BackOffice Employee performance; (ix) conducting training and talent development; (x) facilitating BackOffice Employee relocations and international assignments; (xi) managing BackOffice Employee headcount and office allocation; (xii) managing the BackOffice Employee termination process; (xiii) managing information technology and communications systems, such as the corporate email system and company directory; (xiv) conducting ethics and disciplinary investigations; (xv) administering BackOffice Employee grievances and claims; (xvi) managing audit and compliance matters; (xvii) complying with applicable legal obligations, including government reporting and specific local law requirements; and (xviii) other general human resources purposes. BackOffice also may obtain and process Personal Data about BackOffice Employees’ emergency contacts and other individuals (such as spouse, family members, dependents and beneficiaries) to the extent Employees provide such information to BackOffice. BackOffice processes this information to comply with its legal obligations and for benefits administration and other internal administrative purposes.
IV. Sensitive Personal Information
The Websites and BackOffice Services do not collect, store or use any Sensitive Personal Information.
V. Opting Out and Unsubscribing
Upon request BackOffice will provide you with information about whether we hold any of your Personal Information. If you provide us with your Personal Information, you have the following rights with respect to that information:
- To review the user information that you have supplied to us;
- To request that we correct any errors, outdated information, or omissions in user information that you have supplied to us;
- To request that your user information not be used to contact you;
- To request that your user information be removed from any solicitation list that we use;
- To request that your user information be deleted from our records; and
- To opt out of being solicited by BackOffice.
Each promotional email from BackOffice or from our third-party service providers includes instructions on how you can unsubscribe from future promotional emails from BackOffice. You may unsubscribe from our marketing communications by clicking on the “unsubscribe” link located on the bottom of our emails.
With respect to data that we collect when you use and access any BackOffice products or services, we retain your data (including your Personal Information) according to the timeframes set forth in the relevant agreements with our customers or for as long as needed to provide services to you and your employer. BackOffice will retain this Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
To exercise any of these rights or if you have any other question, please contact us at firstname.lastname@example.org or by mail to BackOffice Associates, LLC 75 Perseverance Way Hyannis, MA 02601, Attention: Privacy. We will respond to your request to change, correct, or delete your information within a reasonable timeframe (usually within sixty (60) days).
Our Acceptable Use Policy applies to us and to our customers and, among other things, requires the inclusion in every marketing email sent an “opt-out” mechanism and other required information.
VI. Commitment to Comply with the Principles.
BackOffice is committed to the Principles with respect to all European and Swiss personal data that it receives from individuals or companies in the EU or Switzerland in reliance on the Privacy Shield. BackOffice also receives some data in reliance on other compliance mechanisms, including data processing agreements based on the EU Standard Contractual Clauses. BackOffice is further committed to cooperating with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.
VII. Transfer of Personal Information
BackOffice is responsible for the processing of Personal Information it receives, under the Privacy Shield Framework, and any subsequent transfers to a third party acting as an agent on its behalf. BackOffice complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
VIII. Right to Access.
Each User has the right to access such User’s Personal Information covered by this Notice and to correct, amend, or delete such Personal Information if such User can demonstrate that such Personal Information is inaccurate or incomplete (except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to such User’s privacy, or where the rights of persons other than a User would be violated).
IX. Responding to Legal Process; Required Disclosures.
As required by law, BackOffice may respond to subpoenas, court orders, or similar legal process by disclosing a User’s Personal Information and other related information, if necessary. BackOffice also may choose to establish or exercise its legal rights or defend against legal claims. In certain situations, BackOffice may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
BackOffice may collect and possibly share Personal Information and any other additional information available to it in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of BackOffice’s terms of service, or as otherwise required by law.
X. Dispute Resolution
BackOffice is committed to resolving complaints about its collection or use of a User’s Personal Information. EU and Swiss individuals with concerns or complaints about the use of their Personal Information should contact BackOffice’s Privacy Officer at email@example.com. BackOffice will attempt to resolve any such concerns in accordance with the principles of this Notice. In the event of an unresolved privacy or data use concern that BackOffice has not addressed satisfactorily, please contact BackOffice’s U.S.-based third-party dispute resolution provider (free of charge) at https://www.jamsadr.com/eu-us-privacy-shield.
Under certain conditions, more fully described on the Privacy Shield website [https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint], a User may invoke binding arbitration when other dispute resolution procedures have been exhausted.
XI. Contact Us
Please refer and questions or comments related to this Privacy Shield Notice to:
BackOffice Associates, LLC
Attention: Privacy Officer
75 Perseverance Way
Hyannis, MA 02601
XII. Updates to this Privacy Shield Notice
BackOffice may amend this Notice from time to time, and at any time to remain consistent with the Principles, each of the Frameworks and other applicable laws.
Effective: May 16, 2018
Last Updated: August 28, 2018
XIII. Other BackOffice Entities also Adhering to Privacy Shield Principles
The following BackOffice entities also adhere to the Principles: BackOffice Associates, LLC; CranSoft LLC; and HiT Software, Inc.
XIV. Definitions applicable to this Privacy Shield Notice
“BackOffice Employee” means any current, former or prospective employee, temporary worker, intern or other non-permanent employee of any subsidiary or affiliate of BackOffice, who is a resident of the EU.
“BackOffice Services” means its products or services, including without limitation, its software, services, customer support services, software maintenance services, hosted services or cloud offerings. “Host Information” means certain information about a User’s computer, browser, and systems that BackOffice collects when a User accesses the Websites or the BackOffice Services, including IP address along with the network path, operating system type and version, and browser type, client version, the MAC address of a User’s internet connection, and geographical location.
“Personal Information” is any information about a visitor to BackOffice’s Websites or a user of the BackOffice Services (on behalf of its customers) that BackOffice collects or a User submits that could, alone or together with other information, personally identify such User. Information such as name, a user name and password, an email address, physical address, phone number, a company name, and a photograph are examples of “Personal Information.” Personal Information can also include information about any transactions, both free and paid, that a User enters into on the Websites, and information about a User that is available on the internet, such as from Facebook, LinkedIn, Twitter and Google, or publicly available information that BackOffice acquires from third party service providers.
“Sensitive Personal Information” means Personal Information that pertains to a person’s medical or health condition, race or ethnicity, political, religious or philosophical affiliations or opinions, sexuality or trade union membership.
“Usage Information” means the information BackOffice records about a User’s usage of, and interactions with, the Websites or the BackOffice Services, including actions taken, date and time, frequency, duration, quantity, quality, network connectivity, and performance information related to logins, clicks, and other feature usage information.
“Websites” means BackOffice’s public websites and their associated content.