Last modified: May 2018
Hays Companies (“Company” or “We“) is committed to protecting your privacy.
This policy describes the types of information we may collect from you or that you may provide when you visit the website www.hayscompanies.com (our “Website”) and our practices for collecting, using, maintaining, protecting, and disclosing that information.
This policy applies to information we collect:
- On this Website.
- In email, text, and other electronic messages between you and this Website.
- Through mobile and desktop applications you download from this Website, which provide dedicated non-browser-based interaction between you and this Website.
- When you interact with applications on third-party websites and services, if those applications include links to this policy.
It does not apply to information collected by:
- us offline or through any other means, including on any other website operated by Company or any third party; or
- any third party, including through any application or content that may link to or be accessible from or on the Website.
When you provide information that enables us to respond to your request for products or services, you consent to our collection, use, and disclosure of this information to appropriate third parties for the purposes described in this policy.
Our Website is not intended for children and we do not knowingly collect personal information from children on our Website. No one under age 18 may provide any information to or on the Website.
Information We Collect About You and How We Collect It
We collect several types of information from and about users of our Website that identifies an entity or an individual personally and is not otherwise available to the public, including information:
- by which you may be personally identified, such as name, contact details, postal address, e-mail address, and telephone number. (“personal information”) ;
- about your internet connection, the equipment you use to access our Website and usage details.
We collect this information:
- Directly from you when you provide it to us in connection with, but not limited to, insurance quotes, insurance applications.
- Automatically as you navigate through the site. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies.
- From third parties, such as insurance companies, and others authorized to release such information to us.
Information You Provide to Us.
The information we collect on or through our Website may include:
- Information that you provide by filling in forms on our Website. We may also ask you for information when you report a problem with our Website.
- Records and copies of your correspondence (including email addresses), if you contact us.
- Your search queries on the Website.
Information We Collect Through Automatic Data Collection Technologies.
As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:
- Details of your visits to our Website, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Website.
- Information about your computer and internet connection, including your IP address, operating system, and browser type.
The information we collect automatically helps us to improve our Website and to deliver a better and more personalized service, by enabling us to:
- Estimate our audience size and usage patterns.
- Store information about your preferences, allowing us to customize our Website according to your individual interests.
- Speed up your searches.
- Recognize you when you return to our Website.
The technologies we use for this automatic data collection may include:
- Flash Cookies. Certain features of our Website may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Website. Flash cookies are not managed by the same browser settings as are used for browser cookies.
- Web Beacons. Pages of our Website may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
How We Use Your Information
We use information that we collect about you or that you provide to us, including any personal information:
- To present our Website and its contents to you.
- To provide you with information, products, or services that you request from us.
- To fulfill any other purpose for which you provide it.
- To notify about changes to our Website or any products or services we offer or provide through it.
- To allow you to participate in interactive features on our Website.
- In any other way we may describe when you provide the information.
- For any other purpose with your consent.
We may also use your information to contact you about our own and third-parties’ goods and services that may be of interest to you. If you do not want us to use your information in this way, please check the relevant box located on the form on which we collect your data.
Disclosure of Your Information
We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.
- To our subsidiaries and affiliates.
- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Hays Company’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Hays Company about our Website users is among the assets transferred.
- To fulfill the purpose for which you provide it.
- For any other purpose disclosed by us when you provide the information.
- With your consent.
We may also disclose your personal information:
- To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of HAYS, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
Choices About How We Use and Disclose Your Information
We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:
Your California Privacy Rights
California Civil Code Section § 1798.83 permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to email@example.com or write us at: Hays Companies, 80 South 8th Street, Minneapolis, MN 55402. Currently, our servers do not respond to browsers’ Do Not Track signals.
We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. We use physical, technological and administrative procedures to maintain the confidentiality and integrity of information in our possession and to guard against unauthorized access. Some techniques we apply to protect information include secure files, user authorization, encryption, firewall technology and the use of detection software.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.
Privacy Shield and Cross-Border Transfers
Please note that when you visit the Hays Companies website or use Hays Companies’ service, your data will be sent to and processed in the United States. Hays Companies has committed to adherence with the E.U.-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively.
Phone:612-333-3323 Toll Free: 800-700-3324
The Hays Group, Inc. Privacy Shield Notice
Hays Companies recognizes that the EEA and Switzerland have established strict protections regarding the processing of Personal Data, including requirements to provide adequate protection for Personal Data transferred outside of the EEA and Switzerland. To provide adequate protection for certain Personal Data about Data Subjects received in the U.S., Hays Companies has elected to self-certify to the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from Data Subjects in the EEA and Switzerland. (“Privacy Shield”).
Hays Companies adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability.
If there is any conflict between the policies in this Notice and the Privacy Shield Privacy Principles, the Privacy Shield Privacy Principles shall govern. To learn more about the Privacy Shield program, and to review our certification, please see the U.S. Department of Commerce’s Privacy Shield website located at: https://www.privacyshield.gov. The Federal Trade Commission (“FTC”) has jurisdiction over Hays Companies’ compliance with the Privacy Shield.
All Hays Companies employees who handle Personal Data from the EEA and Switzerland are required to comply with the Principles stated in this Notice.
Capitalized terms are defined in Section XII of this Notice.
This Notice applies to the processing of Personal Data that Hays Companies receives in the U.S. from a Data Controller concerning individuals who reside in the EEA and Switzerland. This Notice does not cover data from which individual persons cannot be identified or situations in which pseudonyms are used (the use of pseudonyms involves the replacement of names or other identifiers with substitutes so that identification of individual persons is not possible).
II. RESPONSIBILITIES AND MANAGEMENT
Hays Companies has designated the Information Technology Department with assistance from the Legal Department to oversee its information security program, including its compliance with the E.U. and Swiss Privacy Shield program. The Information Technology Department and Legal Department reviews and approves any material changes to this program as necessary. Any questions, concerns, or comments regarding this Notice may be directed to firstname.lastname@example.org or 612-373-7277.
III. COLLECTION AND USE OF PERSONAL DATA
The Personal Data that we collect may vary based on the Data Controller. As a general matter, Hays Companies collects the following types of Personal Data from individuals: contact information, including, but not limited to, a person’s name, email address or other electronic contact information, home mailing address, telephone number, date of birth, gender, and national origin.
The information that we collect from individuals is used for communicating with the Data Controller, including offering broker services to employers that sponsor employee benefit plans, managing transactions, reporting, invoicing, and other operations related to providing services for the benefit of the Data Subject. In such cases, we are acting as a data processor and will process the personal information on behalf of and under the direction of our partners and/or agents who act as the Data Controller.
Hays Companies uses Personal Data that it collects for the following business purposes, without limitation:
- maintaining and supporting its services, delivering and providing the requested services, and complying with its contractual obligations related thereto (including managing transactions, reporting, invoices, renewals, and other operations related to providing services to Data Controllers);
- satisfying governmental reporting, tax, and other requirements (e.g., import/export);
- storing and processing data, including Personal Data, in computer databases and servers located in the United States;
- interactions with Data Controller’s local brokers at the request of the Data Controllers and other activities as requested by the Data Controller;
- for other business-related purposes permitted or required under applicable local law and regulation; and
- as otherwise required by law.
Hays Companies does not disclose Personal Data to third parties for purposes that are materially different than what the Personal Data was originally collected for.
IV. DISCLOSURES / ONWARD TRANSFERS OF PERSONAL DATA
Except as otherwise provided herein, Hays Companies discloses Personal Data only to Third Parties who reasonably need to know such data only for the scope of the initial transaction and not for other purposes. Such recipients must agree to abide by confidentiality obligations.
Hays Companies may provide Personal Data to Third Parties that act as agents, consultants, and contractors to perform tasks on behalf of and under our instructions. For example, Hays Companies may store such Personal Data in the facilities operated by Third Parties. Such Third Parties must agree to use such Personal Data only for the purposes for which they have been engaged by Hays Companies and they must either:
- comply with the Privacy Shield Principles or another mechanism permitted by the applicable E.U. & Swiss data protection law(s) for transfers and processing of Personal Data; or
- agree to provide adequate protections for the Personal Data that are no less protective than those set out in this Notice;
Hays Companies also may disclose Personal Data for other purposes or to other Third Parties when a Data Subject has consented to or requested such disclosure. Hays Companies is potentially liable for onward transfers to third parties of personal data of EU or Swiss individuals received pursuant to Privacy Shield. Please be aware that Hays Companies may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
V. DATA INTEGRITY AND SECURITY
Hays Companies maintains reasonable and appropriate security measures to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with the Privacy Shield.
VI. ACCESSING PERSONAL DATA
Hays Companies personnel may access and use Personal Data only if they are authorized to do so and only for the purpose for which they are authorized.
VII. RIGHT TO ACCESS, CHANGE OR DELETE PERSONAL DATA
Right to Access. Individuals may have the right to access the Personal Data that Hays Companies holds about them and to request that we correct, amend, or delete it if it is inaccurate or processed in violation of the Privacy Shield. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. If individuals would like to request access to, correction, amendment, or deletion of Personal Data, they can submit a written request to the contact information provided below. We may request specific information from the requestor to confirm and authenticate identity. In some circumstances we may charge a reasonable fee for access to such information. We may need to contact the Data Controller to confirm the authorization to access, amend, or delete.
Satisfying Requests for Access, Modifications, and Corrections. Hays Companies will endeavor to respond in a timely manner to all reasonable written requests to view, modify, or inactivate Personal Data.
VIII. CHANGES TO THIS NOTICE
We reserve the right to amend this Notice from time to time consistent with the Privacy Shield’s requirements and applicable data protection and privacy laws and principles. We will make individuals aware of changes to this Notice either by posting to our website, through email, or other means.
Effective Date: May 15, 2018
Last modified: July 3, 2018
IX. QUESTIONS OR COMPLAINTS
E.U. and Swiss residents or Employees may contact Hays Companies with questions or complaints concerning this Notice at: email@example.com.
X. ENFORCEMENT AND DISPUTE RESOLUTION
In compliance with the E.U.-U.S. and Swiss-U.S. Privacy Shield Principles, Hays Companies commits to resolve complaints about your privacy and our collection or use of your personal information. EEA and Swiss individuals with questions or concerns about the use of their Personal Data should contact us at firstname.lastname@example.org.
We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of your Personal Data within 45 days of receiving your complaint.
Hays Companies has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, JAMS at https://www.jamsadr.com/eu-us-privacy-shield.
If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed by Hays Companies, please go to https://www.jamsadr.com/eu-us-privacy-shield for more information and to file a complaint. Finally, as a last resort and in limited situations, EEA and Swiss individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism. For more information on binding arbitration, see US Department of Commerce’s Privacy Shield Framework: Annex I (Binding Arbitration).
Hays Companies also commits to cooperate with E.U. and Swiss data protection authorities and comply with the advice given by such authorities with regard to human resources data transferred from the EEA and Switzerland in the context of the employment relationship.
XI. CONTACT US
If you have any questions about this Notice or would like to request access to your Personal Data, please contact us at email@example.com or (612) 373-7277.
XII. DEFINED TERMS
In addition to terms defined in the text, capitalized terms in this Privacy Notice have the following meanings:
“Affiliate” means any direct or indirect parent or subsidiary of Hays Companies or company under common ownership with Hays Companies.
“Data Controller” means a person or organization which alone or jointly with others determines the purposes and means of the processing of Personal Data.
“Data Subject” means an identified or identifiable natural living person who has a residence in the E.U. An identifiable person is one who can be identified, directly or indirectly, by reference to a name, or to one or more factors unique to his or her personal physical, psychological, mental, economic, cultural or social characteristics. For individuals residing in Switzerland, a Data Subject also may include a legal entity.
“Hays Companies’ Website” means any website authorized by Hays Companies to be operated in connection with the Hays Companies brand, whether operated by Hays Companies, or an Affiliate of Hays Companies.
“Employee” means an employee (whether temporary, permanent, part-time, or contract), former employee, independent contractor, or job applicant of Hays Companies or any of its affiliates or subsidiaries, who is also a resident of a country within the European Economic Area or Switzerland.
“Europe” or “European” refers to a country in the European Union.
“Personal Data” as defined under the European Union Directive 95/46/EC (and the successor regulation known as the General Data Protection Regulation) means data that personally identifies or may be used to personally identify a person, including an individual’s name in combination with country of birth, marital status, emergency contact, salary information, terms of employment, job qualifications (such as educational degrees earned), address, phone number, e-mail address, user ID, password, and identification numbers. Personal Data does not include data that is de-identified, anonymous, or publicly available. For Switzerland, the term “person” includes both a natural person and a legal entity, regardless of the form of the legal entity.
“Sensitive Data” means Personal Data that discloses a Data Subject’s medical or health condition, race or ethnicity, political, religious or philosophical affiliations or opinions, sexual orientation, or trade union membership.
“Third Party” means any individual or entity that is neither Hays Companies nor a Hays Companies employee, agent, contractor, or representative.