NETFORCE GLOBAL EU-US, SWISS-US, AND UK EXTENSION DPF DATA PRIVACY FRAMEWORK PRIVACY POLICY
NetForce Global, LLC (“NetForce Global,” “NetForce”, “we,” us,” or “our”) complies with the EU-U.S. Data Privacy Framework program (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework program (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. NetForce has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles), with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. NetForce has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework program Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
NetForce Global also complies, where applicable, with U.S. law. In the event of a conflict between this DPF Privacy Statement and other applicable laws, NetForce Global will comply with its obligations under the applicable law. NetForce Global’s DPF Privacy Statement is organized around the following principles:
1. NOTICE
At NetForce Global, we notify individuals about the purposes for which we collect and use information about them, choices they have regarding certain uses and disclosures of their personal data, and how to contact us with inquiries or complaints. We provide this notice either directly, such as through this privacy statement, or through our customers.
NetForce Global collects personal data for the purpose of providing a variety of information products and services to employers and other NetForce Global customers. For example, NetForce Global may collect identification information and information such as information about an individual’s employment history, educational qualifications, professional qualifications, credit history, driving history, or criminal history for the purpose of providing this information to our customers.
2. CHOICE
In many cases, the reports that we prepare are prepared with the express consent of the individual. For example, the subject of a consumer report issued for employment purposes must provide express authorization (“opt-in”), typically through the employer or prospective employer, before NetForce may furnish the report. In other cases, NetForce offers individuals the opportunity to choose (opt-out) whether their personal data is (i) to be disclosed to a third party (other than our service providers performing tasks on NetForce’s behalf pursuant to a contract or a customer on whose behalf we are processing it) or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individuals.
For sensitive information (defined at the end of this section), NetForce obtains (directly or through a third party, such as our customer) affirmative express consent (opt-in) from individuals, with certain exceptions permitted by the DPF program, if such information is to be (i) disclosed to a third party or (ii) used for a purpose other than those for which it was originally collected or subsequently authorized by the individuals through the exercise of opt-in choice.
We are committed to providing individuals with clear, conspicuous, and readily available mechanisms to exercise choice. Therefore, in addition to any other mechanisms that may be provided in particular cases, individuals may opt-out by contacting NetForce using the points of contact in the “Contact Us” section below.
Sensitive information for purposes of this policy means personal data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, information specifying the sex life of the individual or information designated by the transferring organization as sensitive. In the case of information transferred pursuant to the Swiss DPF, sensitive information also includes information on social security measures or administrative or criminal proceedings and sanctions, which are treated outside pending proceedings.
3. ACCOUNTABILITY FOR ONWARD TRANSFER
NetForce Global discloses personal data that it collects to the customer that requested it. NetForce Global may disclose personal data to its service providers. NetForce Global also may be required to disclose personal data in response to lawful requests by public authorities, including disclosures to meet national security or law enforcement requirements. NetForce Global’s disclosure of personal data to third parties is governed by the Notice and Choice Principles described above.
When transferring personal data to our customers or other third-party controllers (i.e., entities that will control how personal data is processed), we comply with the Notice and Choice Principles as described above. Consistent with DPF timing requirements for onward transfer compliance, NetForce Global will enter into a contract with our customer that provides that such data may only be processed for limited and specified purposes consistent with the consent provided by the individual, that the recipient will provide the same level of protection as the Principles, and the recipient will notify the NetForce Global if it makes a determination that it can no longer meet this obligation. The contract shall provide that when such a determination is made, the third-party controller ceases processing or takes other reasonable and appropriate steps to remediate.
As noted above, NetForce Global also may transfer personal data to service providers acting on its behalf. In such cases, consistent with DPF timing requirements for onward transfer compliance, NetForce Global will:
a transfer such data only for limited and specified purposes;
ascertain that the service provider is obligated to provide at least the same level of privacy protection as is required by the DPF Principles;
take reasonable and appropriate steps to ensure that the service provider effectively processes the personal data transferred in a manner consistent with NetForce Global’s obligations under the Principles;
require the service provider to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles;
upon notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing; and
provide a summary or a representative copy of the relevant privacy provisions of its contract with that service provider to the Department of Commerce upon.
4. SECURITY
NetForce Global takes reasonable and appropriate measures to protect personal data from loss, misuse, and unauthorized access, disclosure, alternation, and destruction, taking into account the risks involved in the processing and nature of the personal data.
5. DATA INTEGRITY AND PURPOSE LIMITATION
NetForce Global limits the personal data it collects to information that is relevant for the purposes of processing. NetForce Global does not process personal data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual. To the extent necessary for those purposes, NetForce Global takes reasonable steps to ensure that personal data is reliable for its intended use, accurate, complete, and current.
NetForce Global takes reasonable and appropriate measures to retain personal data only for as long as NetForce Global has a legitimate legal or business need to do so, such as customer service, compliance with legal or contractual retention obligations, retention for audit purposes, security and fraud prevention, preservation of legal rights or other reasonable purposes consistent with the purpose of the collection of the information. NetForce Global will adhere to the Principles for as long as it retains personal data transferred in reliance upon the DPF.
6. ACCESS
It is NetForce Global’s policy to provide individuals with access to personal data about them that NetForce Global holds about them and provides them with a means to request the correction, amendment, or deletion of that information where it is inaccurate, or has been processed in violation of the Principles, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated.
Pursuant to the DPF Frameworks, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, delete that information where it is inaccurate, or has been processed in violation of the Principles, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated.
An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under DPF, should direct their query to privacy@netforceglobal.com. If requested to remove data, we will respond within a reasonable timeframe.
NetForce Global requires that an individual provide reasonable verification of their identity before we provide access to personal data. To access your NetForce Global file and obtain any of the remedies discussed in this section please contact NetForce Global using the point of contact in the “Contact Us” section below.
7. RECOURSE, ENFORCEMENT AND LIABILITY
NetForce Global internally monitors and assesses our compliance with our DPF Privacy statement and our DPF obligations. Under the DPF Principles, NetForce Global may be liable in the event that a service provider to whom NetForce Global transfers personal data such personal data in a manner inconsistent with the Principles, unless the organization proves that it is not responsible for the event giving rise to the damage. An individual with an inquiry or complaint may contact us using the mailing or email address below.
In the case of human resources data from the EU, NetForce has agreed to cooperate with a panel of European Data Protection Authorities created for that purpose. In the case of human resources data transferred from Switzerland, NetForce has agreed to cooperate with the Swiss Federal Data Protection and Information Commissioner. In the case of human resources data transferred from the United Kingdom, NetForce has agreed to cooperate with the UK Information Commissioner’s Office (ICO).
If your complaint involves human resources data transferred to the United States from the European Union, [the United Kingdom, or Switzerland] in the context of the employment relationship, and NetForce Global does not address it satisfactorily, NetForce Global commits to cooperate with the panel established by the EU data protection authorities (DPA Panel), [the UK Information Commissioner’s Office, and the Swiss Federal Data Protection and Information Commissioner, as applicable] and to comply with the advice given by the DPA panel [ICO, or FDPIC, as applicable] with regard to such human resources data. To pursue an unresolved human resources complaint, you should contact the state or national data protection or labor authority in the appropriate jurisdiction. Complaints related to human resources data should not be addressed to the BBB EU DPF. Contact details for the EU data protection authorities can be found at https://edpb.europa.eu/about-edpb/board/members_en. Complaints related to human resources data should not be addressed to the BBB EU DPF.
In compliance with the EU-US Data Privacy Framework Principles, NetForce commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. European Union, Swiss and United Kingdom individuals with DPF inquiries or complaints should first contact NetForce Global LLC, 8707 Commerce Drive, Suite H, Easton, MD 21601.
NetForce has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2
With respect to personal data received or transferred pursuant to the DPF Frameworks, NetForce Global is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
8. PUBLIC RECORD AND PUBLICLY AVAILABLE INFORMATION
In accordance with DPF, in cases where NetForce Global discloses public records or publicly available information from the EU, UK, and Switzerland without combining that information with non-public information, our general policies on Notice, Choice, and Accountability for Onward Transfer may not apply.
9. CONTACT US
In compliance with the DPF Principles, NetForce Global commits to resolve complaints about our collection or use of your personal information. EU, UK and Swiss individuals with inquiries or complaints regarding our DPF policy should first contact NetForce Global by mail at: NetForce Global LLC, 8707 Commerce Drive, Suite H, Easton, MD 21601 Attention Chief Compliance Officer or by email at: privacy@netforceglobal.com.
10. POLICY CHANGES
NetForce Global reserves the right to change their policy from time to time, consistent with the DPF Principles.
Revised August 4, 2023