Privacy Statement Effective as on September 28th, 2023
EMP Trust Solutions, LLC (“EMP Trust” or the “Company”) is committed to protecting the privacy of your information. This Privacy Statement describes EMP Trust’s data privacy information practice while on company websites or on the company’s application service website for customers.
If you have any questions about this Privacy Statement, please contact EMP Trust Solutions by mail.
Attention: Sr. Director – Privacy & Compliance Office
101 Lakeforest Blvd, Suite 230
Gaithersburg, MD 20877, USA
Scope
This Privacy Policy applies to all Personally Identifiable Information (PII) received by EMP Trust from its customers, employees, website visitors and job applicants (each which may be individually referred to herein as “you” or “your”) in any format including electronic, paper, or verbal. For purposes of this Policy, “PII” or “Personal Identifiable Information” means any information collected by EMP Trust that identifies or could be used by EMP Trust to identify an individual. As a subset of the larger group listed herein above, EMP Trust processes information of employees of its customers under the direction of its customers and has no direct relationship with such customers’ employees whose personal data it may process on the customer’s behalf.
Privacy Policy
EMP Trust respects the privacy of our customers, employees, website visitors, and job applicants. We believe it is important for you to understand the type of information we collect about you and how that information is used. We recognize the need for appropriate safeguards and management of Personally Identifiable Information (PII) you provide to us. This Privacy Policy sets forth the privacy principles EMP Trust follows with respect to your Personal Information.
1.Web Sites Covered
This Privacy Statement covers the information practices of Web sites that link to this Privacy Statement: company website https://www.emptrust.com and our application service website www.empforce.com(collectively referred to as “EMPTrust’s Web sites” or “the Company’s Web sites”).
Applications may be posted by EMP Trust and third parties on company website www.emptrust.com When applications are posted by EMP Trust, this Privacy Statement applies. When applications are posted by third parties and visitors wish to avail of services from 3rd party partners, the privacy statement of the third party applies, and this Privacy Statement does not apply.
When sites are posted by EMP Trust, the site will link to this Privacy Statement, and this Privacy Statement applies. When sites are posted by third parties, the privacy statement of the third party applies, and this Privacy Statement does not apply.
EMP Trust’s Web sites may contain links to other Web sites on company website www.emptrust.com EMPTrust is not responsible for the information practices or the content of such other Web sites. The Company encourages you to review the privacy statements of other Web sites to understand their information practices.
2. Personal Information Collected
EMP Trust offers a variety of services that are collectively referred to as the “Service.” EMP Trust collects information from individuals who visit the Company’s Web sites (“Visitors”), individuals acting on behalf of an organization who register to use the Service (“Customers”), Job applicants and employees.
Job Applicants and Employees:
EMP Trust collects PII from job applicants and employees of EMP Trust for, among other things, legitimate human resource business reasons such as Human Resource administration, filling employment positions, maintaining accurate employee records, meeting governmental reporting requirements, security, health and safety management, performance management, company network access, and authentication.
Customers:
EMP Trust collects PII from customers of EMP Trust who use our solution. The information may be collected through our SaaS solution, or by members of our customer service and support teams who provide support to customers. The type of PII collected is similarto the information collected under the “Job Applicants and Employees” paragraph, above.
EMP Trust collects information under the direction of its customers and has no direct relationship with the individuals whose personal data it processes. If you are an individual of one of our customers and would no longer like to be contacted by one of our customers that use our service, please contact the customer that you interact with directly. We may transfer personal information to companies that help us provide our services under specific requests from our customers. Transfers to subsequent third parties are covered by the service agreements with our customers. The use of information collected through our SaaS solution shall be limited to the purpose of providing the service for which the customer has engaged EMP Trust.
Visitors on Company Web Sites:
When expressing an interest in obtaining additional information about the Service or registering to use the Service, EMP Trust requires you to provide the Company with contact information, such as name, company name, address, phone number, and email address (“Required Contact Information”).
As you navigate the Company’s Web sites, EMP Trust may also collect information using commonly-used information-gathering tools, such as cookies and Web beacons (“Web Site Navigational Information”). Web Site Navigational Information includes standard information from your Web browser (such as browser type and browser language), your Internet Protocol (“IP”) address, and the actions you take on the Company’s Web sites (such as the Web pages viewed, and the links clicked).
When purchasing the Service, EMP Trust requires you to provide the Company with financial qualification and billing information, such as billing name and address, credit card number, and the number of employees within the organization that will be using the Service (“Billing Information”). EMP Trust may also ask you to provide additional information, such as company annual revenues, work locations, number of employees, or industry (“Optional Information”). Required Contact Information, Billing Information, and Optional Information are referred to collectively as “data About EMP Trust Customers.” Financial data about customers are not stored in the company website, application or service.
3. Use of Information Collected
The Company uses data about EMP Trust visitors and customers to perform the services requested. For example, if you fill out a “Contact Me” Web form, the Company will use the information provided to contact you about your interest in the Service.
The Company may also use data about EMP Trust visitors for marketing purposes. For example, the Company may use information you provide to contact you to further discuss your interest in EMP Trust, the Service, and to send you information regarding the Company and its partners, such as information about promotions or events.
EMP Trust uses credit card information solely to check the financial qualifications of prospective Customers and to collect payment for the Service. EMP Trust does not store credit card information within its application or service or websites.
EMP Trust uses Web Site Navigational Information to operate and improve the Company’s Web sites. The Company may also use Web Site Navigational Information in combination with data about EMP Trust visitors to provide personalized information about the Company.
4. Web Site Navigational Information
EMP Trust uses commonly-used information-gathering tools, such as cookies and Web beacons, to collect information as you navigate the Company’s Web sites (“Web Site Navigational Information”). This section describes the types of Web Site Navigational Information the Company may collect and how the Company may use this information.
Cookies
EMP Trust uses cookies to make interactions with the Company’s Web sites easy and meaningful. When you visit one of the Company’s Web sites, EMP Trust’s servers send a cookie to your computer. Standing alone, cookies do not personally identify you. They merely recognize your Web browser. Unless you choose to identify yourself to EMP Trust, either by responding to a promotional offer, opening an account, or filling out a Web form (such as a “Contact Me” or a “30 Day Free Trial” Web form), you remain anonymous to the Company.There are two types of cookies: session-based and persistent-based. Session cookies exist only during one session. They disappear from your computer when you close your browser software or turn off your computer. Persistent cookies remain on your computer after you close your browser or turn off your computer.
If you have chosen to identify yourself to EMP Trust, the Company uses session cookies containing encrypted information to allow the Company to uniquely identify you. Each time you log into the Service, a session cookie containing an encrypted, unique identifier that is tied to your account is placed in your browser. These session cookies allow the Company to uniquely identify you when you are logged into the Service and to process your online transactions and requests. Session cookies are required to use the Service.
EMP Trust uses persistent cookies that only the Company can read and use to identify browsers that have previously visited the Company’s Web sites. When you purchase the Service, or provide the Company with personal information, a unique identifier is assigned you. This unique identifier is associated with a persistent cookie that the Company places on your Web browser. The Company is especially careful about the security and confidentiality of the information stored in persistent cookies. For example, the Company does not store account numbers or passwords in persistent cookies. If you disable your Web browser’s ability to accept cookies, you will be able to navigate the Company’s Web sites, but you will not be able to successfully use the Service.
EMP Trust may use information from session and persistent cookies in combination with data about EMP Trust Customers to provide you with information about the Company and the Service.
Web Beacons
EMP Trust uses Web beacons alone or in conjunction with cookies to compile information about Visitors’ usage of the Company’s Web sites and interaction with emails from the Company. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you viewed a particular Web site tied to the Web beacon, and a description of a Web site tied to the Web beacon. For example, EMP Trust may place Web beacons in marketing emails that notify the Company when you click on a link in the email that directs you to one of the Company’s Web sites. EMP Trust uses Web beacons to operate and improve the Company’s Web sites and email communications. EMP Trust may use information from Web beacons in combination with data about EMP Trust visitors to provide you with information about the Company and the Service.
IP Addresses
When you visit EMP Trust’s Web sites, the Company collects your Internet Protocol (“IP”) addresses to track and aggregate non-personally identifiable information. For example, EMP Trust uses IP addresses to monitor the regions from which Customers and Visitors navigate the Company’s Web sites or to block undesirable regions or locations.
EMP Trust also collects IP addresses from Customers whey they log into the Service as part of the Company’s “Identity Confirmation” and “IP Range Restrictions” security features.
Third Party Cookies
From time-to-time, EMP Trust may engage third parties to track and analyze non-personally identifiable usage and volume statistical information from individuals who visit the Company’s Web sites. EMP Trust may also use other third-party cookies to track the performance of Company advertisements. The information provided to third parties does not include personal information, but this information may be re-associated with personal information after the Company receives it. This Privacy Statement does not cover the use of third party cookies.
5. Public Forums, Refer a Friend, and Customer Testimonials
EMP Trust may provide bulletin boards, blogs, or chat rooms on the Company’s Web sites. Any personally identifiable information you choose to submit in such a forum may be read, collected, or used by others who visit these forums, and may be used to send you unsolicited messages. EMP Trust is not responsible for the personally identifiable information you choose to submit in these forums.
Customers and Visitors may elect to use the Company’s referral service to inform friends about the Company’s Web sites. When using the referral service, the Company requests the friend’s name and email address. EMP Trust will automatically send the friend a one-time email inviting him or her to visit the Company’s Web sites. EMP Trust does not store this information.
EMP Trust may post a list of Customers and testimonials on the Company’s Web sites that contain information such as Customer names and titles. EMP Trust obtains the consent of each Customer prior to posting any information on such a list or posting testimonials.
6. Sharing of Information Collected
EMP Trust may share data about EMP Trust Customers within EMP Trust customer service department so that customer service agents can contact Customers and Visitors who have provided contact information on our behalf. EMP Trust may also share data about EMPTrust Customers with the Company’s agents to ensure the quality of information provided, measure service level agreements and monitor agent’s performance.
EMP Trust does not share, sell, rent, or trade personally identifiable information with third parties for their promotional purposes.
EMP Trust uses a third-party intermediary to manage credit card processing. This intermediary is not permitted to store, retain, or use Billing Information except for the sole purpose of credit card processing on the Company’s behalf.
EMP Trust does not store or collect credit cards information in internal databases for future use or require that credit information be entered into EMP Trust web sites.
EMP Trust reserves the right to disclose personally identifiable information of the Company’s Customers or Visitors if required by law or if the Company reasonably believes that disclosure is necessary to protect the Company’s rights and/or to comply with a judicial proceeding, court order, or legal process.
7. Communications Preferences
EMP Trust offers visitors who provide contact information a means to choose how the Company uses the information provided. You may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of the Company’s marketing emails.
Customers cannot opt out of receiving transactional emails related to their account with EMP Trust or the Service. The company does not send marketing or promotional emails to customers unless users sign up specifically for newsletters and promotional events. Customers who signed up for marketing and promotional emails may manage receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of the Company’s marketing emails.
8. Correcting and Updating Your Information
Customers may update or change their registration information by editing their user or organization record. To update a user profile, please login to your account with your EMP Trust username and password or Active Directory login and click “User profile.”
To update an organization’s information, please contact your organization’s assigned Application Administrator with your EMP Trust username and password and select “Accounts.”
9. Customer Data
EMP Trust Customers use the Service to host data and information (“Customer Data”). EMP Trust will not review, share, distribute, or reference any such Customer Data except as provided under the customer software license agreement or EMP Trust Master Subscription Agreement whichever applies, or as may be required by law.
Individual records of Customer Data may be viewed or accessed only with specific permissions from customer by EMP Trust customer service agents for the purpose of resolving a problem or support a reported issue, or as may be required by law. Customers are responsible for maintaining the security and confidentiality of their EMP Trust usernames and passwords.
10. Security
EMP Trust uses robust security measures to protect Customer Data from unauthorized access or disclosure, maintain data accuracy, and to allow only the appropriate use of your PII, we utilize physical, technical, and administrative controls and procedures to safeguard the information we collect.
We limit access to your PII and data to those persons who have a specific business purpose for maintaining and processing such information. EMP Trust’semployees who have been granted physical access to your PII are made aware of their responsibilities to protect the confidentiality, integrity, and availability of that information and have been provided training and instruction on how to do so.
To protect the confidentiality, integrity, and availability of your PII, EMP Trust utilizes a variety of physical and logical access controls, firewalls, intrusion detection/prevention systems, network and database monitoring, anti-virus, and backup systems. We use encrypted sessions when collecting or transferring sensitive data through our websites.
When the Service is accessed using any internet browser such as Google Chrome, Firefox, Safari, Microsoft Edgeor Internet Explorer Version 11.0 or later, Secure Socket Layer (“SSL”) technology protects customer data using both server authentication and data encryption. These technologies help ensure that customer data is safe, secure, and only available to the Customer to whom the information belongs and those to whom the Customer has granted access. EMP Trust also implements an advanced security method based on dynamic data and encoded session identifications, and the Company hosts its Web sites in a secure server environment that uses firewalls, intrusion detection, log monitoring and other advanced technology to prevent interference or access from outside intruders. All Personally Identifiable Information (PII) used in customer application or service are encrypted at rest and within the database. EMP Trust also offers enhanced security features within the Service that permit Customers who have private cloud or dedicated servers to configure security settings to the level they deem necessary.
Because the Company uses the Service to maintain data About EMP Trust Customers, this information is secured in the same manner as described above for Customer Data.
11. Data Integrity
As to its own employees and its own job applicants, EMP Trust will take reasonable steps to provide that PII is accurate, complete, and current, to its intended use. EMP Trust will only use PII in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual.
12. Enforcement & Verification
EMP Trust will conduct periodic assessments to validate its continued adherence to this Privacy Policy.
Where EMP Trust has knowledge that one of EMP Trust’s employees or third parties is using or disclosing PII in a manner contrary to this Policy, EMP Trust will take reasonable steps to prevent or stop the use or disclosure. EMP Trust holds its employees and agents accountable for maintaining the trust that our customers place in our company.
13. Data Privacy Frameworks for Data Transferred to the United States from the EU/Switzerland
EMP Trust Solutions, LLC complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information from European Union member countries (and Iceland, Liechtenstein, and Norway) and Switzerland transferred to the United States pursuant to Privacy Shield. EMP Trust has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.dataprivacyframework.gov/
With respect to Personal Information received or transferred pursuant to the Privacy Shield Frameworks, EMP Trust is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.
Pursuant to the Privacy Shield Frameworks, EU and Swiss individuals have the right to obtain our confirmation of whether we maintain Personal Information relating to you in the United States. Upon request, we will provide you with access to the Personal Information that we hold about you. You also may correct, amend, or delete the Personal Information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to privacy@emptrust.com. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to privacy@emptrust.com.
In certain situations, we may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
EMP Trust’s accountability for Personal Information that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, EMP Trust remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process Personal Information on its behalf do so in a manner inconsistent with the Principles, unless EMP Trust proves that it is not responsible for the event giving rise to the damage.
Our organization commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities about human resources data transferred from the EU and Switzerland in the context of the employment relationship.
In compliance with the Privacy Shield Principles, EMP Trust commits to resolve complaints about your privacy and our collection or use of your Personal Information transferred to the United States pursuant to Privacy Shield.European Union and Swiss individuals with Privacy Shield inquiries or complaints should first contactthe EMP Trust Privacy Officer by email at privacy@emptrust.com., or via post at
EMP Trust Solutions
Attention: Sr. Director – Privacy & Compliance Office
101 Lakeforest Blvd, Suite 230
Gaithersburg, MD 20877, USA
In compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), [EMP Trust Solutions, LLC] commits to resolve complaints about our collection or use of your personal information transferred to the U.S. pursuant to the EU-U.S. DPF and the Swiss-U.S. DPF. EU and Swiss individuals with inquiries or complaints should first contact EMP Trust Solutions Attention: Sr. Director – Privacy & Compliance Office101 Lakeforest Blvd, Suite 230Gaithersburg, MD 20877, USA.
[EMP Trust Solutions] has further committed to refer unresolved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf
If your complaint involves human resources data transferred to the United States from the European Union, [the United Kingdom, or Switzerland] in the context of the employment relationship, and [EMP Trust Solutions] does not address it satisfactorily, [EMP Trust Solutions] commits to cooperate with the panel established by the EU data protection authorities (DPA Panel), [the UK Information Commissioner’s Office, and the Swiss Federal Data Protection and Information Commissioner, as applicable] and to comply with the advice given by the DPA panel [ICO, or FDPIC, as applicable] with regard to such human resources data. To pursue an unresolved human resources complaint, you should contact the state or national data protection or labor authority in the appropriate jurisdiction. Contact details for the EU data protection authorities can be found at https://edpb.europa.eu/about-edpb/board/members_en. Complaints related to human resources data should not be addressed to the BBB NATIONAL PROGRAMS.
14. Onward Transfers
EMP Trust uses a limited number of third-party providers in the U.S. and in Europe to provide data hosting services and to help to perform customer support and technical operations.
EMP Trust shall remain responsible in case of onward transfers to third parties. EMP Trust shares the Personal Information with these third-party providers to support EMP Trust’s Services only. Any other use of the Personal Informationby third-party providers is prohibited.
All third-party providers receiving Personal Informationfrom the European Union and/or Switzerland agree to (i) process the Personal Data only to the extent required by EMP Trust’s Services and in accordance with EMP Trust’s instructions and (ii) comply with the data protection laws for transfer and processing of personal data and (iii) provide adequate technical and organization measures to protect the Personal Information.
To this end, we use the European Standard Contract clauses(https://ec.europa.eu/info/law/law-topic/data-protection_en) with our sub processors in order to guarantee the privacy and the security of your Personal Information.
How can you access your Personal Information?
EMP Trust acknowledges that individuals have a right to access, correct, amend and delete their Personal Information. Because EMP Trust is the data processor of the Personal Information and collects Personal Information under the instructions of its Customers, EMP Trust shall follow its Customers’ instructions. Therefore, EMP Trust encourages the individuals to contact these Customers. This can be done by replying to the last email that was sent via the EMP Trust system. For instructions on contacting EMP Trust directly with your relevant privacy concern, please see our Privacy Shield statement, section 13 above.
15. Changes to this Privacy Statement
The practices described in this Policy are the current PII protection policies approved on January26,2018. EMP Trust reserves the right to change this Privacy Statement at any time consistent with the Privacy Shield principles. EMP Trust will provide notification of the material changes to this Privacy Statement through the Company’s Web sites at least thirty (30) business days prior to the change taking effect. We encourage you to periodically review this page for the latest information on our privacy practices.
16. Independent Recourse Mechanism: –
If you have not received a timely or satisfactory response from [EMP Trust Solutions, LLC] to your question or complaint, please contact the independent recourse mechanism listed below:
HR RECOURSE MECHANISM
Swiss Federal Data Protection and Information Commissioner (FDPIC)
EU Data Protection Authorities (DPAs)
NON-HR RECOURSE MECHANISM
BBB EU Data Privacy Program
17. Contacting Us
Questions regarding this Privacy Statement or the information practices of the Company’s Web sites should be directed to EMP Trust Privacy Officer by email at privacy@emptrust.com or by mail at our offices below:
EMP Trust Solutions
Attention: Sr. Director – Privacy& Compliance Office
101 Lakeforest Blvd, Suite 230
Gaithersburg, MD 20877, USA
Note: This policy was last reviewed and updated on Sep 2023 Ver 7.0