EU-U.S., the UK Extension to the EU-U.S., and Swiss-U.S. Data Privacy Framework Notice

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Red e App, Inc. (“RedeApp”, “we” or “our”) commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF in the context of the employment relationship.

 

RedeApp complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  RedeApp has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. RedeApp has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/

 

RedeApp has certified that it adheres to and will abide by the Data Privacy Framework Principles of Notice, Choice, Onward Transfer, Security, Data Integrity, Access and Enforcement for personal data submitted by our customers in participating European countries through the Services. We also receive some personal data in reliance on other compliance mechanisms, including data processing agreements based on the EU Standard Contractual Clauses.

Information regarding the Data Privacy Framework framework and our certification can be found at: https://www.dataprivacyframework.gov/.

Types of Data Processed

We provide a platform for our customers to communicate with their workforce and operate certain other aspects of their businesses. In order to provide these Services, we process the data users submit to the Services or instruct us to process on their behalf in connection with the Services. Our Privacy Policy provides descriptions of the categories of personal data we may receive in the U.S. and the purposes for which we use that personal data in providing our Services.

Purposes of Data Processing

We process and use personal data submitted by our users in order to provide the Services to our customers. In doing so, we may access data to provide the Services, to provide information about our Services, to personalize visitors’ experience, to prevent or address service or technical problems, to respond to customer support matters, to conduct related tasks for legitimate business purposes, to follow the instructions of our customer who submitted the data, in response to contractual requirements with our customers, to aggregate data and other purposes disclosed at the time of collection.

Third Parties With Whom We May Disclose Customer Data

We may share personal data with contractors or third party providers who process personal data on our behalf, to assist us, in providing the Services to our customers, as well as other business-related functions. These third party providers include: subsidiaries, affiliates and contractors, channel partners, service providers, and partners or sponsors we may work with. These third party providers assist us in providing the Services, performing technical operations, database monitoring, data storage, hosting services, customer support, software tools, backup and disaster recovery and email service providers. When we engage a third party to perform such functions, we provide them with information and instructions on how to access, process or store personal data in the course of performing such functions on our behalf.

If we receive personal data in the U.S. subject to our certification under the Data Privacy Framework and then subsequently transfer that information to a third party agent or service provider for processing, we remain responsible for ensuring that the third party agent or service provider processes your personal data to the standard required by our Data Privacy Framework commitments.

Requirement to Disclose

We may disclose personal data in special cases when we have a good faith belief that disclosure is necessary to: comply with legal requirements or to respond to lawful requests by public authorities or to meet national security or law enforcement requirements; enforce our Terms and Conditions; protect and defend our rights or property; protect the interests of our users or others; or to enforce our contractual obligations.

Security

We maintain reasonable and appropriate security measures to protect personal data from loss, unauthorized access, disclosure, alteration, misuse or destruction in accordance with the Data Privacy Framework.

Your Choices

If personal data covered by this Privacy Policy is to be used for a new purpose that is materially different from that for which the personal data was originally collected or subsequently authorized, or is to be disclosed to a non-agent third party in a manner not specified in this Policy, Red e App, Inc will provide you with an opportunity to choose whether to have your personal data so used or disclosed. Requests to opt out of such uses or disclosures of Personal Data should be sent to us as specified in the “How to Contact Us” section below.

Certain personal data, such as information about medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, is considered “Sensitive Information.” Red e App, Inc will not use Sensitive Personal for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual unless OIDF has received your affirmative and explicit consent (opt-in).

Right to Access

Some users may have the right to access personal data that we hold about them and request that we correct, amend, or delete such data, if it is inaccurate or processed in violation of the Data Privacy Framework. These access rights may not be applicable in some cases, including where providing access is unreasonably burdensome or expensive or where disclosure would violate the rights of a third person other than the requesting individual. If a user would like to request access to, or a correction, amendment, or deletion of its personal data, the user can submit a written request to the contact information provided below. For security, we may request information about a user to prove their identity and in some cases we may charge a reasonable fee for access to requested user information.

Dispute Resolution & Arbitration

In compliance with the Data Privacy Framework Principles, Red e App commits to resolve complaints about our collection or use of personal data. If a user is a resident of a European country participating in the Data Privacy Framework and has inquiries or complaints regarding this Notice, the user should first contact Red e App via the information provided below.

Under certain conditions, more fully described on the Data Privacy Framework website, users located in the UK, EU or Switzerland may invoke binding arbitration when other dispute resolution procedures have been exhausted.

Investigatory & Enforcement Powers of the U.S. Federal Trade Commission

RedeApp’s Data Privacy Framework compliance is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

Questions or Complaints

If you have any questions regarding this Notice or if you need to request access to, or update, change or remove personal data that we control, you can do so by contacting privacy@redeapp.com or by regular mail addressed to:

 

Red e App, Inc.

Attn: Privacy Concerns

828 E Market Street

Louisville, KY 40206

United States

 

Changes to this Notice

We reserve the right to amend this Notice from time to time consistent with the Data Privacy Framework’s requirements.

Effective Date: February 1, 2019