Collabera LLC henceforth referred to as (‘Collabera’) strives to comply with applicable laws and regulations related to personal data protection in countries where the company operates. This policy sets forth the basic principles by which the company processes the personal data of customers/clients, candidates, contractors, employees and other individuals, and indicates the responsibilities of its business departments and employees while processing personal data. The policy reflects Collabera’s commitment to protect the personal information and handle it responsibly to meet business, legal and regulatory requirements related to personal data.
Collabera shall notify individuals about the purposes for which it collects, processes, stores and/or discloses information about them. Notice should be communicated in a clear and easy-to- understand manner before it uses such information for a purpose other than that for which it was originally collected or processed by transferring organization or discloses it for the first time to the third party
a) At a minimum, the Notice statement should contain (unless it is evident from the context):
Collabera shall obtain consent from individuals when required or appropriate. Collabera should also clearly communicate any choices available when personal data is collected or used by a third party, or disclosed by Collabera to such parties.
Specifically, when consent is required or appropriate, Collabera shall:
Consent should be obtained in accordance with EU-U.S Privacy Shield and Swiss-U.S privacy shield laws and regulations (e.g., explicit and/or implicit consent). Additional safeguards that may be required, along with the definition of sensitive or special category of personal data, may vary.
For sensitive information (i.e personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union member-ship or information specifying the sex life of the individual), Collabera shall obtain affirmative express consent (opt in) from individuals of such information is to be (i) disclosed to the third party or (ii) used for the purpose other than those for which it was originally collected or subsequently authorized by the individuals through the exercise of opt-in choice. In addition, Collabera shall treat as sensitive any personal information received from a third party where the third party identifies and treats it as sensitive.
Collabera should collect or obtain personal data only in a fair and lawful manner
Specifically, Collabera shall
Collabera shall use, process, store, and/or retain personal data only for legitimate business purposes or as authorized by the individual.
Specifically, Collabera will use, store, and/or process personal data consistent with:
Collabera shall retain Personal data in a form identifying or making identifiable the individual only for as long as it serves a purpose of processing within the meaning of 5a. This obligation does not prevent organizations from processing personal information for longer periods for the time and to extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific and historical research, and statistical analysis. In these cases such processing shall be subject to the other principles and provisions of the Framework and the personal information shall be destroyed according to applicable Collabera data retention policies and procedures.
Collabera shall provide access to individuals about whom it processes personal data an opportunity to access and correct their information. Specifically, Collabera shall provide a:
Collabera shall authenticate individuals before allowing access to or providing personal data. Access to personal data may be denied if an unreasonable request is made (e.g., requests that do not follow the procedure outlined in the privacy notice or requests which would provide personal data about others besides the requesting individual). However, in cases in which access is denied, Collabera shall provide a reason to the individual and a point of contact for further inquiry
Collabera may share an individual’s personal data, acting as a controller, with Third Parties as required for normal business operations, including providing services to employees, customers/clients etc; complying with the notice and choice Principles. When disclosing information Collabera shall:
Collabera director, officer, employee, or contractor is responsible for each Third Party relationship to ensure compliance with this Policy by such Third Party.
Collabera shall take reasonable precautions, including administrative, technical and organizational, personnel, and physical measures, to safeguard personal data against loss, misuse and unauthorized access, disclosure, alteration, destruction, and theft, taking into account the risks involved in the processing and the nature of the personal data.
Collabera shall employ reasonable processes to keep personal data accurate, complete, and up-to-date and in the event that personal data changes must update the change immediately. Shall limit the purposes for which it was collected Collabera shall not process personal information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual. Collabera undertakes to protect Personal Data using commercially reasonable organizational, technical and administrative procedures to protect against unauthorized or unlawful access, processing, disclosure, alteration, destruction or accidental loss of your personal data. These precautions include password protections for online information systems and restricted access to Personal Data..
Collabera shall :
Collabera is committed to monitoring and enforcing ongoing compliance with this policy and with applicable privacy laws, regulations and obligations.
Collabera and their selected independent recourse mechanisms shall respond promptly to inquiries and requests by the Department for information relating to the Privacy Shield.
Where required by applicable law, Collabera shall follow applicable procedures to notify individuals, in a timely manner, when a data security incident has occurred, and has resulted or could result in unauthorized access or acquisition of personal information. Colleagues who suspect such an incident should immediately contact the privacy office.
All employees must inform their immediate supervisor, functional head or the Privacy Team (firstname.lastname@example.org) immediately about potential or actual instances of violation of the terms of this policy. The Privacy Team will work with the functional head to minimize the impact of data loss, and jointly work out a communication plan. Depending on the classification of the data breach, e.g. whether sensitive data was lost or not, incident information will be shared with the data subject, customers and business partners as appropriate.
Any reported privacy incident must be managed in the following manner
All Collabera businesses, functions, and regions not only internally by employees, but also by all Collabera temporary staff, contractors, service providers and consultants are expected to fully comply with this policy.
Under certain limited or exceptional circumstances, Collabera may, as permitted or required by applicable laws and obligations, process personal data without providing notice or seeking consent.
Examples of such circumstances include investigation of specific allegations of wrong doing or criminal activity; protecting employees, the public or Collabera from harm or wrongdoing; cooperating with law enforcement agencies; auditing financial results or compliance activities; responding to legal requirements or process; meeting legal or insurance requirements or defending legal claims or interests; satisfying labor laws or agreements or other legal obligations; in emergency situations, when vital interests of the individual, such as life or health, are at stake etc.
In addition, Collabera may, as permitted or required by applicable law and obligations, process personal data without providing access, such as in the circumstances described above; when the privacy interests of others would be jeopardized; or where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy.
Collabera is not required to obtain affirmative express consent (opt in) with respect to sensitive data where the processing is:
An organization may set reasonable limits on the number of times within a given period that access requests from a particular individual will be met. In setting such limitations, an organization should consider such factors as the frequency with which information is updated, the purpose for which the data are used, and the nature of the information.
The Privacy Shield Principles are relevant only when individually identified or identifiable records are transferred or accessed. Statistical reporting relying on aggregate employment data and containing no personal data or the use of anonymized data does not raise privacy concerns.
The Data Protection Officer shall approve exemptions from adherence to particular provisions of this policy. Exemptions to this policy will only be considered if special circumstances do not allow for the practical implementation of a requirement, if a local or regional law or regulation supports a requested exemption, and if there are compensating controls in place to mitigate the risk.
Coverage by the Privacy Shield
Where Collabera HR/ Ops / Delivery team members in the EU transfers personal information about its employees (past or present) collected in the context of the employment relationship, to a parent, affiliate, or unaffiliated service provider in the United States participating in the Privacy Shield, the transfer enjoys the benefits of the Privacy Shield. In such cases, the collection of the information and its processing prior to transfer shall be subjected to the national laws of the EU country where it was collected, and any conditions for or restrictions on its transfer according to those laws shall be respected.
Application of the Notice and Choice Principles
Collabera US receives employee information from the EU under the Privacy Shield may disclose it to third parties or use it for different purposes only in accordance with the Notice and Choice Principles. For example, where Collabera intends to use personal information collected through the employment relationship for non-employment-related purposes, such as marketing communications, Collabera shall provide the affected individuals with the requisite choice before doing so, unless they have already authorized the use of the information for such purposes. Such use must not be incompatible with the purposes for which the personal information has been collected or subsequently authorised by the individual. Moreover, such choices shall not be used to restrict employment opportunities or take any punitive action against such employees.
Application of the Access Principle
In compliance with the Privacy Shield Principles, Collabera commits to resolve complaints about our collection or use of your personal information. European Union and Swiss, individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Collabera at: email@example.com
Collabera has further committed to refer unresolved Privacy Shield complaints to EU Data Protection Authorities (DPA’s), an alternative dispute resolution provider located in the EU, or Switzerland, as applicable. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact The International Centre for Dispute Resolution (ICDR) by
International Centre for Dispute Resolution Case Filing Services
1101 Laurel Oak Road, Suite 100
Voorhees, NJ 08043
Or sending by email box: firstname.lastname@example.org
Collabera commits to cooperate with the panel established by the EU data protection authorities (DPAs) and/or the Swiss Federal Data Protection and Information Commissioner, as applicable and comply with the advice given by the panel and/or Commissioner, as applicable with regard to human resources data transferred from the EU and/or Switzerland, as applicable in the context of the employment relationship.