Lecorpio EU-US Privacy Shield Policy
Enabling companies to unleash the power of innovation
EU-US Privacy Shield Policy
Protecting personal data is important to Lecorpio. Lecorpio (hereinafter collectively referred to as “Lecorpio,” “we,” “us,” or “our”) comply with the European Union-United States Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union (EU) member countries.
“Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Personal Information” or “Information” means information that (1) is transferred from the EU to the US; (2) is recorded in any form; (3) is about, or pertains to a specific individual; and (4) can be linked to that individual.
“Processing” of personal information means any operation or set of operations which is performed upon personal data, whether by automated means, such as collection, recording, organization, storage, adaption or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.
“Sensitive Personal Information” means personal information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership, or that concerns an individual’s health.
Lecorpio processes Personal Information that comes into our possession through electronic methods (website form, email, FTP sites), by accessing the Personal Information internally on source repositories such as our Enterprise Resource Planning (ERP), Customer Relationship Management (CRM), document databases, billing platforms, or via other technology.
Types of Data Collected
Lecorpio is a business to business (B2B) service provider with limited contact with consumers, therefore we will only collect and process a limited amount of personal data for the purposes stated in the ‘Purpose of Data Use’ section below. Where it concerns existing and prospective business customers, vendors and suppliers, typical categories of data relating to their employees that we will collect include; full names, postal addresses, email address, telephone number, and job title. With regards to employees, contractors and temporary workers, only personal data required to manage and administer their employment with us will be collected and processed.
Personal Data Collected Via Technology
Purpose of Data Use
Lecorpio processes Personal Information for clients, employees, and vendors for various business related purposes that most frequently support clients’ use of our products and services, enable us to manage employees, or adhere to multinational regulations where we conduct business. Examples of the type of activities that support these objectives include client account management, sales support, software support, client issue resolution, compensation analysis, third party risk management and personnel management and administration.
Lecorpio will offer individuals the opportunity to (opt out) whether their Personal Information is (1) to be disclosed to a third party or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. The Company will not disclose Personal or Sensitive Personal Information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.
For sensitive personal information, Lecorpio will obtain your affirmative express consent (opt in) if such information is to be disclosed to (i) a third party, or (ii) used for a purpose other than those for which it was originally collected or subsequently authorized by you through the opt-in choice. Lecorpio will treat as sensitive, any Personal Information received from a third party where the third party identifies and treats it as sensitive.
Accountability For Onward Transfers
In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, Lecorpio is potentially liable. Except as otherwise stated in this policy, we do not generally share the Personal Information collected from our services with other entities. However, we may be required to share Personal Information if we believe in good faith that such disclosure is necessary; (a)(i) to comply with relevant laws or to respond to subpoenas or warrants served on Lecorpio; (a)(ii) in response to a lawful request by public authorities, including to meet national security or law enforcement requirements (b) protect or defend the rights or property of Lecorpio or users of Lecorpio’s products or services; or (c) to support our business objectives described in the ‘Purpose of Data Use section’ above.
Lecorpio may transfer personal information to a third party acting as a controller in accordance with the Notice and Choice Principles above. Lecorpio will enter into a contract with the third-party controller that provides that; such data will only be processed for the limited and specified purposes consistent with the consent you have provided, that the third party will provide the same level of protection as the Principles and will notify Lecorpio it if makes a determination that it can no longer meet its obligations. Such contract will provide that if such a determination is made, the third-party controller will cease processing or take reasonable and appropriate steps to remediate.
When transferring personal data to third party contractors or service providers (i.e. ‘agents’) that may be selected to support the business objectives described in the Purpose of Data Use section of this policy, Lecorpio will (1) transfer such data only for limited and specified purposes; (2) obligate the agent to provide at least the same level of privacy protection as is required by the Principals; (3) take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with Lecorpio’s obligations under the Principles; (4) require the agent to notify us if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles; (5) upon notice; including under point (4), take reasonable and appropriate steps to stop and remediate unauthorized processing; and (6) provide a summary or a representative copy of the relevant privacy provisions of our contract with our agent to the Department of Commerce upon request.
Lecorpio is committed to protecting the security of our data subject’s Personal Information. Therefore, we have implemented reasonable and appropriate measures to protect it from loss, misuse and unauthorized access, disclosure, alteration, and destruction, taking into due account the risks involved in the processing and the nature of the personal data. Such measures include a variety of industry-standard security technologies and procedures, such as policies restricting access to Information to authorized personnel, mechanisms to protect Information from interception during transmission, physical safeguards to protect Information stored in electronic or hard copy form, and training, reviews and audits of our security and operational procedures.
Data Integrity And Purpose Limitation
Lecorpio shall only process Personal Information in a way that is compatible with and relevant to the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, Lecorpio shall take reasonable steps to ensure that Personal Information is reliable for its intended use, accurate, complete and current.
Lecorpio will take reasonable and appropriate measures to only retain personal information in a form identifying or making identifiable the individual only for as long as it serves a purpose of processing within the meaning of the previous paragraph.
Individuals have the right to access and change any of their Personal Information, and may do so by contacting their Lecorpio’s Privacy Officer, company contact or Human Resources (HR) representative. Individuals may correct, amend, or delete inaccurate Information or information processed in violation of these Principles, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated. Individuals may request deletion of their Personal Information by us, but please note that we may be required (by law or otherwise) to keep this Information and not delete it (or to keep this Information for a certain time, in which case we will comply with the deletion request only after we have fulfilled such requirements). When we delete any Information, it will be deleted from the active database, but may remain in our archives.
Recourse, Enforcement & Liability
Attention: Data Privacy Officer
Subject: Privacy Shield [Query] OR [Complaint] (Select the relevant option)
Lecorpio is committed to cooperate with European Union data protection authorities (“DPAs”) in demonstrating the effectiveness of our recourse mechanism and our remediation plan when dealing with instances of failures to comply with the Principles. Lecorpio will cooperate with the DPAs in the investigation and resolution of complaints brought under the Privacy Shield and will comply with any advice given by the DPAs where the DPAs take the view that the organization needs to take specific remedial or compensatory measures for the benefit of individuals affected by any non-compliance with the Principles, and will provide the DPAs with written confirmation that such action has been taken. Complaints related to human resources data that cannot be resolved between Lecorpio and an EU-based employee or prospective employee regarding his or her Personal Information will be handled by the relevant EU Data Protection Authority or a panel established by the European Data Protection Authorities, consistent with the Principles.
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
Information Subject to Other Policies