Evolution Health Group, LLC / EU-US and Swiss-US Privacy Shield Policy
Evolution Health Group is a trans-national business headquartered in the United States. Our management structure and business processes cross borders. Some of our technological systems and databases are shared between our US, European, and other international offices. This means that our customer and employee data is transferred across borders.
Evolution Health Group and each of its subsidiaries that may from time to time handle personal information collected from individuals located within European Union member countries and Switzerland complies with the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, onward transfer and retention of personal information from European Union member countries and Switzerland to the United States. Evolution Health Group has certified to the US Department of Commerce that it adheres to the EU-US Privacy Shield and Swiss-US Privacy Shield Principles of:
- Accountability for onward transfer
- Data integrity and purposes limitation
- Recourse, enforcement and liability
Evolution Health Group is under the jurisdiction as well as the investigatory and enforcement powers of the US Federal Trade Commission for the purposes of the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework.
The following Evolution Health Group entities comply with this Policy and the Privacy Shield Principles:
- Evolution Medical Communications, LLC
- BluLava, LLC
- Darwin Academy, LLC
- Maestro360, LLC
This Policy applies to all information collected by Evolution Health Group from which an individual can be identified (“Personal Information”). The Personal Information we collect includes the Employee Information described below as well as certain information including names, email addresses, mailing and billing addresses and telephone and fax numbers collected from customers, potential customers and end users of our products and services for sales, marketing, order fulfilment and order delivery purposes. Additionally, in our section on Online Information we also discuss how we gather and use all information gathered online even if it is not Personal Information. Evolution Health Group commits to the application of the Privacy Shield Principles for all Personal Information and will not deviate from this Policy even if applicable national laws are less stringent than this Policy.
Excluding our Employee Information which is discussed below, we collect, process and use your Personal Information only as a part of our business relationship with you and your company, including contract and billing administration; product and service delivery; fulfilling our business obligations to our customers and resellers; communicating with customers and potential customers about marketing and technical information concerning our products and services; notifying our customers and potential customers regarding product launches and important events related to Evolution Health Group; and other related business activities of which you are informed at the time your Personal Information is collected or as soon thereafter as practicable. Evolution Health Group only collects personally identifiable information about individuals when such individuals specifically provide such information to us on a voluntary basis or while requesting information on our products or services. We may disclose Personal Information to our agents, resellers and business partners or to protect and defend the rights or property of Evolution Health Group. Evolution Health Group must reply to lawful requests from public authorities, including to meet national security or law enforcement requirements, for disclosure of Personal Information.
Evolution Health Group does not sell, lease, or rent Personal Information to third parties.
In general, you may visit our Websites without providing any Personal Information. However, you may choose to provide us with Personal Information by completing online forms. At the point of collection we will inform you of how your Personal Information will be used; apart from these uses, Evolution Health Group will only use your Personal Information in accordance with the terms of this Policy.
Cookies are small files that a site transfers to your computer’s hard drive through your web browser (if you allow) that enables it to recognize your browser and capture and remember certain information. A cookie cannot read data off your hard drive or read cookie files created by other sites. Cookies may do things like allow you to navigate faster through the site, remember your preferences and passwords and generally improve the user experience. You can turn off the ability to receive cookies by adjusting your bowser settings – please note that if you do so, this may affect the functionality of the website and the information you can access through it.
We collect Employee Information from prospective and present Employees only for legitimate business purposes, including
- the management and operations of our company, its functions and activities,
- Employee communications, including Employee surveys,
- maintaining a global directory,
- carrying out obligations under employment contracts and employment, tax and benefits laws, and in connection with other working relationships or arrangements,
- development and training programs,
- recruiting and hiring job applicants,
- assessing qualifications and performance,
- performing background checks and verifying references where applicable,
- managing Employee performance,
- (10) determining Employee compensation or payment,
- (11) managing the Employee termination process, and
- (12) other general human resources purposes.
Our European Union and Switzerland Employees at the time of their employment are notified in detail how their Personal Information will be used. Employee information on health, performance evaluations and disciplinary actions and other sensitive Employee matters, whether it is stored manually or electronically, is accessible by other Evolution Health Group Employees only if necessary with respect to legitimate human resource functions or issues. Evolution Health Group will obtain affirmative consent from an Employee before using such Employee’s Personal Information for any purpose other than described above. Employees may decline to provide this consent, and Employees may withdraw their consent at any time.
For legitimate human resources purposes, Employees may choose to voluntarily disclose Personal Information about family members. If our Employees choose to do this, their family member’s Personal Information shall be treated, for the purposes of this Policy, the same as an Employee’s Personal Information. Employee Personal Information is never sold, leased or rented to any third party. Employee Personal Information will never be disclosed to third parties except as follows:
- to those retained by Evolution Health Group as agents for the purposes set forth in the paragraph above,
- where required pursuant to an applicable law, government or judicial order, law or regulation, or to protect the rights or property of Evolution Health Group,
- where authorised in writing by the Employee, and
- where the Employee voluntarily provides Personal Information and the context makes it clear such information will be provided to a third party.
Where personal data is transferred from the EU or Switzerland to the US in the context of the employment relationship, we will cooperate in investigations by and to comply with the advice of the competent EU and Swiss Authorities.
We will always give you an opportunity to choose opt-out before your Personal Information is (1) disclosed to a third party (other than an Evolution Health Group agent doing work at our direction), or (2) to be used for a purpose that is materially different than that for which it was originally collected or subsequently authorised by you. Although we do not ever anticipate providing sensitive Personal Information, such as Employee health information, to a non-agent third party or using it for a purpose other than that for which it was collected, we will never do so without first allowing the individual involved to affirmatively and expressly consent (opt-in) to such transfer or use. The only exception to this choice for both sensitive and non-sensitive Personal Information would be where we are required to disclose your Personal Information pursuant to government or judicial order, law or regulation to meet national security or law enforcement requirements.
At a minimum, you will always be able to opt-out from receiving marketing materials from Evolution Health Group. If we determine that applicable national law requires that more stringent requirements (opt-in) be applied before you receive marketing material or other communications from us, we will implement the same.
Accountability for Onward Transfer
We will not transfer Personal Information originating in the EU or Switzerland to third parties unless such third parties have entered into an agreement in writing with us requiring them to provide at least the same level of privacy protection to your Personal Information as required by the Principles of the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework. We will only transfer data to our agents, resellers or third party service providers (such as accountants, attorneys, consultants and other service providers) who need the information in order to provide services or to perform activities on behalf of Evolution Health Group, including in connection with the delivery of services or products, Evolution Health Group’s management, or legal responsibilities. We acknowledge our liability for such data transfers to third parties.
To protect Personal Information collected and stored by Evolution Health Group, we have in place reasonable and appropriate technical and operational security measures to prevent Personal Information from loss, misuse, unauthorised access, disclosure, alteration and destruction.
Data Integrity and Purpose Limitation
We will only collect and retain Personal Information which is relevant to the purposes for which the information is collected, and we will not use it in a way that is incompatible with such purposes except where permitted or required by law or unless such use has been subsequently authorised by you. We will take reasonable steps to ensure that Personal Information is reliable for its intended use, accurate, complete and current. We may occasionally contact you to determine that your data is still accurate and current.
You have the right to access personal data relating to you. If you wish to access, amend, or confirm that Evolution Health Group has personal data relating to you, or if you wish to correct or delete your Personal Information if it is inaccurate, please notify us at Info@evolutionhealthgroup.com or at 845-228-3500. We will respond to your request within a reasonable time.
Employees may review their personal files and any Personal Information concerning them upon by emailing the Director of Human Resources.
Recourse, Enforcement and Liability
Since we are committed to protecting your privacy as set forth in this Policy, if you think we are not in compliance with our Policy, or if you have any question or if you wish to take any other action concerning this Policy or your Personal Information, we encourage you to contact us at email@example.com or at 845-228-3500. We will investigate your complaint, take appropriate action and report back to you within 45 days.
If the Personal Information in question was transferred from the EU or Switzerland to the United States, and you are not satisfied with our response, Evolution Health Group has agreed to participate in the dispute resolution procedures of the panel established by the EU data protection authorities (DPAs) and Swiss FDPIC to resolve disputes pursuant to the EU-US and Swiss-US Privacy Shield Principles. A resident of the European Union (EU) or Switzerland whose enquiry has not been satisfactorily addressed may contact the either EU DPAs panel or individual EU DPAs using the information provided at http://ec.europa.eu/justice/data-protection/bodies/authorities/third-countries/index_en.htm or the Swiss FDPIC at https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/task.html to resolve disputes pursuant to the EU-US Privacy Shield and Swiss-US Privacy Shield Principles.
Evolution Health Group commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship.
Finally, as a last resort and in limited situations, EU and Swiss individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.
The services of the EU DPAs panel are provided at no cost to you.
Limitation on Application of Principles
Adherence by Evolution Health Group to these EU-US Privacy Shield and Swiss-US Privacy Shield Principles may be limited
- to the extent required to respond to a legal or ethical obligation;
- to the extent necessary to meet national security, public interest or law enforcement obligations;
- to the extent expressly permitted by an applicable law, rule or regulation; and
- to the extent that Evolution Health Group has limited or no control over the actions of the individuals who have provided information.
Questions or comments regarding this Policy should be submitted to Evolution Health Group, LLC by email to: firstname.lastname@example.org or by mail to:
Human Resources Department
Evolution Health Group, LLC
One Blue Hill Plaza, 8th Floor
Pearl River, NY 10965
Effective Date: November 8, 2018