RETENSA, LLC (Retensa) has adopted this Privacy Shield Policy (“Policy”) to establish and maintain an adequate level of Personal Data privacy protection. This Policy applies to the processing of PERSONAL Data and HR Data that Retensa obtains from Customers located in the European Union.
For the purposes of this policy, Retensa defines the term “Subscriber” as an entity with which Retensa has an established relationship, the term “User” as an individual who represents Subscriber and has access to Retensa Platform, the term “Respondent” as any individual who responds to queries powered by “Retensa Software” or who is included as a contact in a Subscriber’s account.
Simply put, we are committed to supporting individual privacy. We do not sell or rent your PERSONAL information to others. When you give us information, we use systems that protect it. For those who want specifics, we have details below
The Federal Trade Commission (FTC) has jurisdiction over Retensa’s compliance with the Privacy Shield.
All Retensa employees who handle Personal Data from Europe are required to comply with the Principles stated in this Policy.
COLLECTION OF HR DATA
We get information about you a few ways.
Information You Give Us. We may collect the employee’s name, demographic, email addresses, phone number, Date of birth and other organizational aspects such as Date of hire, Separation Date, Title, Department.
Information Automatically Collected. The data is transferred by the employers through Secure File Transfer Protocol automatically and is uploaded in our system at the same time. They can also use manual import toll available at the websites mentioned above to upload employee data. Our website uses HTTPs authentication which means all communications between your browser and the website are encrypted.
Cookies. We may log information using “cookies.” Cookies are small data files stored on your computer or device by a website. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a personal and interactive experience on our Site. This type of information is collected to make the Site more useful and to tailor the experience to meet your needs.
During a Subscriber’s registration and later on Retensa’s platform, they provide information such as name, company name, email, address, telephone, and other relevant data of the Respondent. This information is used by Retensa to identify the Respondent and provide applicable queries defined by Subscriber
Retensa Users can at any time access and edit, update or delete the Respondents’ details by logging in with their username and password to Retensa’s platform. Retensa Users may create more Users with different privilege levels within their account. It is the responsibility of the User that creates other User accounts, to choose the level of access each User should have. Once these new Users log into Retensa, they meet the definition of User in this policy. Retensa will not retain User and Respondent data longer than is necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations.
USE OF HR DATA
Subscribers have granted Retensa, a non-exclusive, worldwide, royalty-free, right and license (including the right to authorize and grant sublicenses) to use, store, reproduce, distribute and display the Subscriber Data, solely in connection with the provision to Subscriber. Subscriber hereby grants to Provider(Retensa), a non-exclusive, worldwide, royalty-free, right, irrevocable and perpetual license to aggregate, segment, filter, combine, or manipulate Subscriber Data (“Metadata”), and use Metadata in any means possible, including but not limited to, analysis, reporting, or publication, so long as Subscriber identity is removed.
Retensa processes Personal Data as a Processor, as defined in the Directive and the GDPR:
The Retensa entity which you as a Subscriber entered an agreement with when using Retensa’s platform, will be the Controller for Respondent data, as outlined above in “Collection of Personal data” section.
For Respondent data, the Subscriber will be the Controller in accordance with Directive and GDPR, and Retensa will be the Processor.
Retensa adheres to the Directive of 1995 and the GDPR from May 25th, 2018.
All data collected by Retensa through queries will be stored exclusively in secure hosting facilities provided by ISO 27001, 27017, and 27018 and SOC 3 compliant web hosting Service Company. Retensa has a data processing agreement in place with its provider, ensuring compliance with the Directive. All hosting is performed in accordance with the highest security regulations. All transfers of data is done in accordance with this data processing agreement.
DISCLOSURE/ONWARD TRANSFERS OF HR DATA
We do not share your Personal or HR Data with any third party, except in the cases as follows:
- When we complete or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.
- For legal, protection, and safety purposes.
- We may share information to comply with laws.
- We may share information to respond to lawful requests and legal processes.
- We may share information in an emergency. This includes protecting the safety of our employees and agents, our customers, or any person.
- We may share information with those who need it to do work for us to provide services to our customers.
- We may also share aggregated and/or anonymized metadata with others, for their own uses, but unless stated for the reasons above, your name, email address, and phone number is not provided.
We will not transfer Personal Data originating in the EU to third parties unless such third parties have entered into an agreement in writing with us requiring them to provide at least the same level of privacy protection to your Personal Information as required by the Principles of the EU-US Privacy Shield Framework and GDPR.
Disclosure of Your Information
The Company does not disclose any nonpublic information about our customers or former customers to anyone, except as required by law. We disclose information only when it is necessary for the conduct of business, or under circumstances where disclosure is required by law. Information may also be disclosed for audit purposes, to regulatory agencies or for other general administrative services. We do not disclose information about you to other entities who may want to sell their products to you.
OPERATION OF OUR SERVICES IN THE UNITED STATES
Our Services are based in the United States. If you are located outside of the United States, please be aware that any information you provide to us will be transferred to the United States. By using our Services or providing us with personal information, you consent to this transfer
ACCESSING HR DATA
Retensa personnel may access and use Personal Data only if they are authorized to do so and only for the purpose for which they are authorized.
Retention and deletion
Retensa will not retain data longer than is necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations. For Respondent data, Retensa’s Users have control of the purpose for collecting data, and the duration for which the Personal Data may be kept. For Respondent data, Users with an active account will therefore have the responsibility to delete data when required. When a User’s account is terminated or expired, all Personal Data collected through the platform will be deleted at Subscriber’s request otherwise retained up to a period of seven (7) years as required to comply with legal, archival standards.
Respondent’s Rights to Erasure, withdraw consent to processing, complain to controller
Respondents can submit a request to their respective Subscriber or by email to email@example.com for EU data subjects. We will respond to your request, including any appropriate request to access, correct, update, restrict processing or object to processing, or delete your personal information within the time period specified by our contract with Subscriber or required by law (if applicable) or without excessive delay. As we are processing your personal data on behalf of a Subscriber, we will promptly refer your request to our Subscriber and support the Subscriber in responding to your request unless the request is not technically feasible or such data is required to be retained by law (in which case we will block access to such data, if required by law).
ENFORCEMENT AND DISPUTE RESOLUTION
In compliance with the US-EU Privacy Shield Principles, Retensa commits to resolve complaints about your privacy and our collection or use of your personal information. EU individuals with questions or concerns about the use of their Personal Data should contact us at: firstname.lastname@example.org.
If a Customer’s question or concern cannot be satisfied through this process Retensa has further committed to refer unresolved privacy complaints under US-EU Privacy Shield
Retensa commits to cooperate with EU data protection authorities (DPAs) and comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship.
Under Privacy Shield, an individual may be allowed to invoke binding arbitration to resolve disputes under certain limited conditions. For additional information, visit https://www.privacyshield.gov/article?id=ANNEX-I-introduction
1001 Sixth Avenue 12th Floor, New York, NY 10018
Telephone: +1 (212) 545-1280
Phew, your done! Hope you are okay with all that. We think it’s pretty fair, because we want to feel safe when we visit websites too. So make sure to see all the good insights and observations on our website, check it out.