Bristol Global Mobility LLC and its affiliates (“Bristol Global Mobility,” “we”, “us”, “our”) knows that your privacy is important.
When does this Privacy Statement apply?
This Privacy Statement describes how we collect, use, store, share, transfer, or otherwise process your Personal Data. "Personal Data" has different meanings given to by the data protection and privacy laws applicable to you. It generally includes, for example, any information or opinion relating to you which allows us to identify you, such as your name, phone number, postal address, email address, your online identifiers, and information about your access to our Applications.
This Privacy Statement applies:
In this Privacy Statement, we refer to the Applications, the Professional Services, use of the Website, and our Sales and Marketing Activities collectively as the “Services”.
This Privacy Statement does not apply to your information collected by our corporate customers or partner suppliers who are independent controllers, or if you apply for a job at or are an employee of Bristol Global Mobility.
Who is responsible for your Personal Data?
In the context of this Privacy Statement, Bristol Global Mobility acts as a data controller. This means we decide why we collect your Personal Data and how we use it.
Why do we collect your Personal Data?
In our Applications we process your Personal Data:
With respect to our Professional Services, the Website, and our Sales and Marketing Activities, we process your Personal Data:
What Personal Data do we collect?
We collect the following types of Personal Data in our Applications:
With respect to our Professional Services and the Website, we collect the following types of Personal Data*:
*Under the California Consumer Privacy Act, as amended (the “CCPA”), the specific Personal Data points listed above must be organized into distinct categories under the CCPA as follows: Identifiers, Signature, physical characteristics or description, telephone number, state identification card number, insurance policy number, education, bank account number, bank account information, or any other financial information, medical information, or health insurance information; California Customer Records Personal Information Categories, Protected Classification Characteristics Under California or Federal Law, Professional or Employment Related Information, Non-public Education Information, Internet or Other Electronic Network Activity information, and Visual Information; Geographic Information.
How do we receive your Personal Data?
We receive your Personal Data when:
How long do we retain your Personal Data for?
If you are a relocating employee, we will retain your Personal Data as contained in our records for the period we agreed in contract with our corporate customer. In most cases, we are contractually obliged to keep this information for up to 7 years after the file (or employee) has been authorized for the relocation services. This period may, however, differ from customer to customer. If you want to know how long your Personal Data is retained by us, please contact us.
We also retain limited amounts of your Personal Data for reasonable periods of time as needed to comply with our legal obligations, resolve disputes, and enforce our agreements as guided by our internal retention policies. However, we will respect your request(s) that we delete your Personal Data, subject to the limitations described in this Privacy Statement.
Who do we share or disclose your Personal Data to?
When you use our Applications, we share your Personal Data with our business service providers including those providing the following services to us:
We may also provide limited amounts of your Personal Data to our corporate customers’ (only your employer) through the Application.
With respect to our Professional Services, the Website, and our Marketing and Sales Activities we share your Personal Data with our business service providers providing the following services to us:
We remain liable for the protection of your Personal Data that we transfer to our service providers, except to the extent that we are not responsible for the event giving rise to any unauthorized or improper processing.
If you are a relocating employee, we will also share your Personal Data with our partner suppliers who assist you with specific services related to your relocation. For example, if you need to find a new home to rent in your destination country, we will share your Personal Data with our partner real estate agents in the area to assist you to find a new home. Please note that many of our partner suppliers determine their own reasons and means for collecting and processing your Personal Data and their use of your data is governed by their own terms and privacy notices.
We require that these third parties maintain confidentiality and protections to your Personal Data in compliance with applicable laws.
As required by the CCPA, in the preceding twelve (12) months, we have disclosed the following categories of Personal Data for a business purpose:
We may also disclose your Personal Data:
We reserve the right to use, transfer, sell, and share aggregated, de-identified or fully anonymous data, which does not qualify as Personal Data, about our Services’ users as a group for any legal business purpose, such as analyzing usage trends and seeking compatible advertisers, sponsors, and customers.
No mobile information will be shared with third parties/affiliates for marketing or promotional purposes. All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
Where do we store and transfer your Personal Data to?
Bristol Global Mobility is headquartered in Arizona in the United States of America (“U.S.”) and its data centers are in the U.S. We also use many U.S.-based service providers and partner suppliers. This means that your Personal Data is primarily stored in the U.S. by us, our service providers, and our partner suppliers.
However, we operate globally through our subsidiaries, service providers, and partner suppliers. This means that we may store and transfer your data to our subsidiaries, service providers, and partner suppliers who are in different countries if it is relevant to the Services. If you are a relocating employee, the locations where we transfer your Personal Data to and from also depends where you are relocating to and from.
For individuals whose Personal Data is regulated by data protection laws in the United Kingdom (“UK”) or European Economic Area (“EEA”), when we transfer data from these regions to Canada, we do it in reliance on the adequacy decision for Canada. In cases where we transfer your Personal Data from these regions to third parties in countries which are not recognized as providing an adequate level of protection to Personal Data, we transfer Personal Data when there are appropriate safeguards in place. These safeguards include the EU 2021 Standard Contractual Clauses (“SCCs”), UK International Transfer Addendum, UK International Data Transfer Agreement, and any approved certification mechanisms such as the Data Privacy Framework. In addition, we review our compliance with the most up-to-date guidance and obligations concerning valid data transfer under applicable privacy and data protection regulations. If we find it necessary to update the data transfer mechanism used, we will update this Privacy Statement accordingly.
Basis of Processing
Within the scope of this Privacy Statement and where required by applicable privacy and data protection laws, we rely on the following legal grounds for processing your Personal Data:
If we stop having a legal basis for processing your Personal Data (for example, if you submit a valid request objecting to the processing of your Personal Data and no other basis for processing exists), we’ll stop processing your Personal Data except as strictly necessary to comply with your request.
Do we sell or share your Personal Data?
In the past 12 months, we have not sold your Personal Data for monetary value as that term is traditionally understood. However, we do use certain analytics tools on our Website, such as Google Analytics, and our use of this analytics tool may be considered a “sale” or “share” under applicable data protection laws.
No mobile information will be shared with third parties/affiliates for marketing or promotional purposes. All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
How do we protect your Personal Data?
We have implemented and will maintain technical, organizational, and physical security measures that are reasonably designed to help protect Personal Data from unauthorized processing, such as unauthorized access, disclosure, alteration, or destruction.
Your Privacy Rights
You have certain privacy rights related to our collection of your Personal Data. If you are a relocating employee or representative of our corporate customers, you can exercise your rights by contacting your Bristol Global Mobility Advisor. If you are a website visitor or want to submit requests or raise any other questions related to the way we process your Personal Data in another way, use the contact details provided in the Contact Us section of this Privacy Statement.
We have summarized your Privacy Rights below:
Right to Know What We Do With Your Personal Data:
This is the right to be informed. It means that you have the right to obtain from us all information regarding our Personal Data processing activities that concern you (or your child), such as how we collect and use your Personal Data, how long we will keep it, and with who we will share it, among other things.
We are informing you of how we process your Personal Data in this Privacy Statement.
We will always try to inform you about how we process your Personal Data. However, if we do not collect the Personal Data directly from you, certain data protection laws exempt us from the obligation to inform you (i) when providing the information is either impossible or unreasonably expensive; (ii) the gathering and/or transmission is required by law, or if (iii) the Personal Data must remain confidential due to professional secrecy or other statutory secrecy obligations.
Right to Know What Personal Data We Have About You:
This is the right of access. This right allows you to ask for full details of the Personal Data we hold about you.
If you use our Applications, you can review your Personal Data through your portal with your own log-in credentials.
You have the right to request a copy, or access to Personal Data and certain related information from us. You can also obtain confirmation of whether or not we process your Personal Data (or that of your child).
Once we receive and confirm that the request came from you or your authorized agent, we will disclose to you:
Under some circumstances, we may deny your access request. In that event, we will respond to you with the reason for the denial.
The CCPA does not allow us to disclose Social Security numbers, driver’s license numbers or other government-issued identification numbers, financial account numbers, any health insurance or medical identification numbers, account passwords, or security questions and answers. We can inform you that we have this information generally, but we may not provide the specific numbers, passwords etc. to you for security and legal reasons.
Right to Change Your Personal Data:
This is the right to rectification. It gives you the right to ask us to correct, without undue delay, anything that you think is wrong with the Personal Data we have on file about you (or your child), and to complete any incomplete Personal Data. In our Applications, you can edit much of your Personal Data by accessing your account with your own login credentials.
Right to Delete Your Personal Data:
This is the right to erasure, right to deletion, or the right to be forgotten. This right means you can ask us to delete your Personal Data. Sometimes we can delete your information, but other times it is not possible for either technical or legal reasons. If that is the case, we will consider if we can limit how we use it. We will also inform you of our reason for denying your deletion request.
If we have made your Personal Data public, we’ll take all reasonable steps, including technical measures, to inform third parties which are processing your Personal Data of your request to erase any copy or replication (and hyperlinks thereto) of your Personal Data.
Right to Ask Us to Limit How We Process Your Personal Data:
This is the right to restrict processing. It is the right to ask us to only use or store your Personal Data for certain purposes. You have this right in certain instances, such as where you believe the data is inaccurate or the processing activity is unlawful.
Right to Ask Us to Stop Using Your Personal Data:
This is the right to object. This is your right to tell us to stop using your Personal Data. You have this right where we rely on a legitimate interest of ours (or of a third party). You may also object at any time to the processing of your Personal Data for direct marketing purposes.
We will stop processing the relevant Personal Data unless: (i) we have compelling legitimate grounds for the processing that override your interests, rights, or freedoms; or (ii) we need to continue processing your Personal Data to establish, exercise, or defend a legal claim.
If we have received your Personal Data in reliance on the DPF, you may also have the right to opt out of having your Personal Data shared with third parties and to revoke your consent to our sharing your Personal Data with third parties. You may also have the right to opt out if your Personal Data is used for any purpose that is materially different from the purpose(s) for which it was originally collected or which you originally authorized.
Right to Port or Move Your Personal Data:
This is the right to data portability. It is the right to ask for and receive a portable copy of your Personal Data that you have given us or that you have generated by using our services, so that you can move it; copy it; keep it for yourself; or transfer it to another organization.
We will provide your Personal Data in a structured, commonly used, and machine-readable format. When you request this information electronically, we will provide you with a copy in electronic format.
Additionally, in relation to individuals that use the Applications, they have access to their own portal which has their Personal Data and they have full access to port the information as required.
Right Related to Automated Decision Making:
We sometimes use computers to study your Personal Data. We might use this Personal Data so we know how you use our services. For decisions that may seriously impact you, you have the right not to be subject to automatic decision-making, including profiling. But in those cases, we will always explain to you when we might do this, why it is happening and the effect.
Right to Revoke or Limit Consent and Opt-Out
You may also have the right to opt out of having your Personal Data shared with third parties, and you may revoke your consent that you have previously provided for us to share your Personal Data with third parties, except as required by law.
You also have the right to opt out if your Personal Data is used for any purpose that is materially different from, but nevertheless compatible with, the purpose(s) for which it was originally collected or subsequently authorized by you.
Right to Opt Out of Receiving Direct Marketing or Our Use of Non-essential Tracking Technologies
You can choose to opt out of receiving our newsletters or marketing emails by following the unsubscribe instructions in the email, or you can contact us.
You can manage your preferences related to our use of cookies and other online tracking technologies in a number of ways. Please read our Cookie Notice for instructions.
Right to Opt Out of the Sale or Sharing of Your Personal Data
Some laws give you the right to opt out of the sale or sharing of your Personal Data, which means you have the right to ask us to not sell or share your Personal Data at any time.
EEA and UK Supervisory Authority Oversight
If you are located in the EEA and subject to EEA data protection laws, you have the right to lodge a complaint with a data protection regulator in one or more European Union member states.
If you are located in the UK, you can lodge a complaint with the UK Information Commissioner’s Office.
Non-Discrimination
We will not discriminate against you for exercising any of your privacy rights. Unless permitted by applicable law, we will not:
Response Timing and Format of Our Responses:
We will confirm receipt of your request within 10 business days and in that communication, we will describe our identity verification process (if needed) and when you should expect a response, unless we have already granted or denied the request.
Please allow us up to a month to reply to your requests from the day we received your request. If we need more time (up to 90 days in total), we will inform you of the reason why and the extension period in writing.
If we cannot satisfy a request, we will explain why in our response. For data portability requests, we will choose a format to provide your Personal Data that is readily useable and should allow you to transmit the information from one entity to another entity without difficulty.
We will not charge a fee for processing or responding to your requests. However, we may charge a fee if we determine that your request is excessive, repetitive, or manifestly unfounded. In those cases, we will tell you why we made that determination and provide you with a cost estimate before completing your request.
Verification of Your Identity
To correctly respond to your privacy rights requests, we need to confirm that YOU made the request. Consequently, we may require additional information to confirm that you are who you say you are.
For requests submitted via password-protected accounts in our Applications, your identity is already verified. For requests sent by other means, we may verify your identity by contacting you by phone or by email and ask you to provide us with information that matches information we have about you.
Verification of Authority
If you are submitting a request on behalf of somebody else, we will need to verify your authority to act on behalf of that individual. When contacting us, please provide us with proof that the individual gave you signed permission to submit this request, a valid power of attorney on behalf of the individual, or proof of parental responsibility or legal guardianship. Alternatively, you may ask the individual to directly contact us by using the contact details above to verify their identity and confirm that they gave you permission to submit this request.
Alternatively, we’ll ask you to provide us with appropriate proof of authority.
Children’s Privacy
Our Services are not directed at, or intended for use by, children. We do not knowingly allow anyone under 18 to use our Services. Children should always get permission from a parent or guardian before sending their Personal Data over the Internet. If you believe your child may have provided us with their Personal Data, you can contact our Privacy Officer using the information in the Contact Us section of this Privacy Statement and we will delete the Personal Data.
Note that when we provide you with the Services and you are a relocating employee who is relocating with your family (including your children), we may collect some Personal Data related to your child directly from you to provide the Services.
Data Privacy Framework (“DPF”)
For Personal Data in the scope of this Privacy Statement that is processed in Bristol Elite and our Website, Bristol Global Mobility LLC complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. Bristol Global Mobility has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of Personal Data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Bristol Global Mobility has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of Personal Data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Statement and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/
Dispute Resolution
In compliance with the EU-U.S. DPF, and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Bristol Global Mobility commits to refer unresolved complaints concerning our handling of Personal Data received in reliance on the EU-U.S. DPF and the Swiss-U.S. DPF to the VeraSafe Data Privacy Framework Dispute Resolution Procedure. VeraSafe is an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/ for more information or to file a complaint. The services of VeraSafe are provided at no cost to you.
If your dispute or complaint cannot be resolved by us, nor through the dispute resolution program established by VeraSafe, you may have the right to require that we enter into binding arbitration with you in terms of Data Privacy Framework’s Recourse, Enforcement and Liability Principle and Annex I of the Data Privacy Framework.
U.S. Regulatory Oversight
Bristol Global Mobility is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
Changes to this Privacy Statement
If we make any material change to this Privacy Statement, we will post the revised Privacy Statement to this web page and update the “last updated” date above to reflect the date on which the new Privacy Statement became effective.
Contact Us
If you have any questions about this Privacy Statement or our processing of your Personal Data, please write to our Privacy Officer by email at privacy@Bristolglobal.com or by postal mail at:
Attn: Privacy Officer
Bristol Global Mobility LLC
2001 N. 3rd Street, Suite 200
Phoenix, AZ 85004
USA
You may also contact us via the following phone numbers:
Within the United States:
Outside the United States:
Data Protection Officer
We have appointed VeraSafe as our data protection officer (“DPO”). You may contact our DPO at:
VeraSafe, LLC
100 M Street S.E., Suite 600
Washington, D.C. 20003
USA
Phone: +1-617-398-7067
Email: experts@verasafe.com
European Union (EU) Representative
We have appointed VeraSafe as our representative in the EU for data protection matters. Please only contact VeraSafe for matters related to the processing of Personal Data.
To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative . Alternatively, you can contact VeraSafe at:
VeraSafe Ireland Ltd
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland
Phone: +420 228 881 031
United Kingdom (UK) Representative
We have appointed VeraSafe as our representative in the UK for data protection matters. Please only contact VeraSafe for matters related to the processing of Personal Data.
To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative. Alternatively, you can contact VeraSafe at:
VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL
United Kingdom
Phone: +44 (20) 4532 2003