Lecorpio EU-US Privacy Shield Policy

Enabling companies to unleash the power of innovation

EU-US Privacy Shield Policy


Protecting personal data is important to Lecorpio. Lecorpio (hereinafter collectively referred to as “Lecorpio,” “we,” “us,” or “our”) comply with the European Union-United States Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union (EU) member countries.

Accordingly, we certify our compliance with the EU-US Privacy Shield Principles (the “Principles”), including Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation; Access; and Recourse, Enforcement and Liability. To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov/. If there is any conflict between the policies in this privacy policy (the “Privacy Policy”) and the Principles, the Principles shall govern. This Privacy Policy outlines our general policy and practices for implementing the Principles, including the types of information we gather, how we use it, and the notice and choice affected individuals have regarding our use of and their ability to correct that information. This Privacy Policy applies to all personal information, whether in electronic, paper, or verbal format, received by Lecorpio directly from individuals in the EU.


“Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of personal data.

“Personal Information” or “Information” means information that (1) is transferred from the EU to the US; (2) is recorded in any form; (3) is about, or pertains to a specific individual; and (4) can be linked to that individual.

“Processing” of personal information means any operation or set of operations which is performed upon personal data, whether by automated means, such as collection, recording, organization, storage, adaption or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.

“Sensitive Personal Information” means personal information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership, or that concerns an individual’s health.


Lecorpio processes Personal Information that comes into our possession through electronic methods (website form, email, FTP sites), by accessing the Personal Information internally on source repositories such as our Enterprise Resource Planning (ERP), Customer Relationship Management (CRM), document databases, billing platforms, or via other technology.

Types of Data Collected
Lecorpio is a business to business (B2B) service provider with limited contact with consumers, therefore we will only collect and process a limited amount of personal data for the purposes stated in the ‘Purpose of Data Use’ section below. Where it concerns existing and prospective business customers, vendors and suppliers, typical categories of data relating to their employees that we will collect include; full names, postal addresses, email address, telephone number, and job title. With regards to employees, contractors and temporary workers, only personal data required to manage and administer their employment with us will be collected and processed.

Personal Data Collected Via Technology
To make web based software products and related services more useful to our clients, our servers (usually hosted by a third-party service provider) collect Personal Information, including browser type, Internet Protocol (IP) address (a number that is automatically assigned to a computer when it uses the Internet, which may vary from session to session), domain name, and/or a date/time stamp for use by those web based software products. We also use Cookies (as defined below) and navigational data like Uniform Resource Locators (URL) to gather information regarding the date and time of the visit, as well as the solutions and information for which our clients search and view. We automatically gather this Personal Information and store it in log files each time a person visits our website or accesses his or her account on our network. “Cookies” are small pieces of information that a website sends to a visitor’s computer’s hard drive while the visitor is viewing a web site. We may use both session Cookies (which expire once the visitor closes the web browser) and persistent Cookies (which stay on visitor’s computer until the visitor deletes them) to provide clients with a more personal and interactive experience on our website. Persistent Cookies can be removed by following Internet browser help file directions. If a visitor chooses to disable Cookies, some areas of our website may not work properly.

Purpose of Data Use
Lecorpio processes Personal Information for clients, employees, and vendors for various business related purposes that most frequently support clients’ use of our products and services, enable us to manage employees, or adhere to multinational regulations where we conduct business. Examples of the type of activities that support these objectives include client account management, sales support, software support, client issue resolution, compensation analysis, third party risk management and personnel management and administration.

If you provide us with feedback on any of our products or related, we may use such feedback for any purpose, however, we will not associate such feedback with your Personal Information (i.e. we will anonymize the data where possible). Lecorpio will collect any information contained in such communication and will treat the Personal Information therein in accordance with this Privacy Policy.


Lecorpio will offer individuals the opportunity to (opt out) whether their Personal Information is (1) to be disclosed to a third party or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. The Company will not disclose Personal or Sensitive Personal Information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.

For sensitive personal information, Lecorpio will obtain your affirmative express consent (opt in) if such information is to be disclosed to (i) a third party, or (ii) used for a purpose other than those for which it was originally collected or subsequently authorized by you through the opt-in choice. Lecorpio will treat as sensitive, any Personal Information received from a third party where the third party identifies and treats it as sensitive.

Accountability For Onward Transfers

In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, Lecorpio is potentially liable. Except as otherwise stated in this policy, we do not generally share the Personal Information collected from our services with other entities. However, we may be required to share Personal Information if we believe in good faith that such disclosure is necessary; (a)(i) to comply with relevant laws or to respond to subpoenas or warrants served on Lecorpio; (a)(ii) in response to a lawful request by public authorities, including to meet national security or law enforcement requirements (b) protect or defend the rights or property of Lecorpio or users of Lecorpio’s products or services; or (c) to support our business objectives described in the ‘Purpose of Data Use section’ above.

Lecorpio may transfer personal information to a third party acting as a controller in accordance with the Notice and Choice Principles above. Lecorpio will enter into a contract with the third-party controller that provides that; such data will only be processed for the limited and specified purposes consistent with the consent you have provided, that the third party will provide the same level of protection as the Principles and will notify Lecorpio it if makes a determination that it can no longer meet its obligations. Such contract will provide that if such a determination is made, the third-party controller will cease processing or take reasonable and appropriate steps to remediate.

When transferring personal data to third party contractors or service providers (i.e. ‘agents’) that may be selected to support the business objectives described in the Purpose of Data Use section of this policy, Lecorpio will (1) transfer such data only for limited and specified purposes; (2) obligate the agent to provide at least the same level of privacy protection as is required by the Principals; (3) take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with Lecorpio’s obligations under the Principles; (4) require the agent to notify us if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles; (5) upon notice; including under point (4), take reasonable and appropriate steps to stop and remediate unauthorized processing; and (6) provide a summary or a representative copy of the relevant privacy provisions of our contract with our agent to the Department of Commerce upon request.


Lecorpio is committed to protecting the security of our data subject’s Personal Information. Therefore, we have implemented reasonable and appropriate measures to protect it from loss, misuse and unauthorized access, disclosure, alteration, and destruction, taking into due account the risks involved in the processing and the nature of the personal data. Such measures include a variety of industry-standard security technologies and procedures, such as policies restricting access to Information to authorized personnel, mechanisms to protect Information from interception during transmission, physical safeguards to protect Information stored in electronic or hard copy form, and training, reviews and audits of our security and operational procedures.

Data Integrity And Purpose Limitation

Lecorpio shall only process Personal Information in a way that is compatible with and relevant to the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, Lecorpio shall take reasonable steps to ensure that Personal Information is reliable for its intended use, accurate, complete and current.

Lecorpio will take reasonable and appropriate measures to only retain personal information in a form identifying or making identifiable the individual only for as long as it serves a purpose of processing within the meaning of the previous paragraph.


Individuals have the right to access and change any of their Personal Information, and may do so by contacting their Lecorpio’s Privacy Officer, company contact or Human Resources (HR) representative. Individuals may correct, amend, or delete inaccurate Information or information processed in violation of these Principles, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated. Individuals may request deletion of their Personal Information by us, but please note that we may be required (by law or otherwise) to keep this Information and not delete it (or to keep this Information for a certain time, in which case we will comply with the deletion request only after we have fulfilled such requirements). When we delete any Information, it will be deleted from the active database, but may remain in our archives.

Recourse, Enforcement & Liability

Lecorpio uses a self-assessment approach to assure compliance with this Privacy Policy and periodically verifies that the Privacy Policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible, and in conformity with the Principles. Accordingly, Lecorpio is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

We encourage interested persons to raise any concerns using the contact information provided. We will investigate and attempt to resolve any complaints and disputes regarding collection, use, or disclosure of Personal Information in accordance with the Principles. European Union individuals with inquiries, comments, or complaints regarding this Privacy Policy or data collection and processing practices should first contact Lecorpio using the following details:

Attention: Data Privacy Officer
Subject: Privacy Shield [Query] OR [Complaint] (Select the relevant option)

Lecorpio is committed to cooperate with European Union data protection authorities (“DPAs”) in demonstrating the effectiveness of our recourse mechanism and our remediation plan when dealing with instances of failures to comply with the Principles. Lecorpio will cooperate with the DPAs in the investigation and resolution of complaints brought under the Privacy Shield and will comply with any advice given by the DPAs where the DPAs take the view that the organization needs to take specific remedial or compensatory measures for the benefit of individuals affected by any non-compliance with the Principles, and will provide the DPAs with written confirmation that such action has been taken. Complaints related to human resources data that cannot be resolved between Lecorpio and an EU-based employee or prospective employee regarding his or her Personal Information will be handled by the relevant EU Data Protection Authority or a panel established by the European Data Protection Authorities, consistent with the Principles.

Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.


This privacy policy may be amended from time to time consistent with the requirements of the EU-US Privacy Shield Framework. We will post any revisions to this policy on our website.

Information Subject to Other Policies

Lecorpio is committed to following the Principles for all Personal Information within the scope of the Privacy Shield Framework. However, certain information is subject to policies of Lecorpio that may differ from the general policies set forth in this privacy policy.