Privacy Statement

Last updated on June 19, 2024

Bristol Global Mobility LLC and its affiliates (“Bristol Global Mobility,” “we”, “us”, “our”) knows that your privacy is important.

When does this Privacy Statement apply?

This Privacy Statement describes how we collect, use, store, share, transfer, or otherwise process your Personal Data. "Personal Data" has different meanings given to by the data protection and privacy laws applicable to you. It generally includes, for example, any information or opinion relating to you which allows us to identify you, such as your name, phone number, postal address, email address, your online identifiers, and information about your access to our Applications.

This Privacy Statement applies:

  1. When you use our Bristol Elite web application and our partner mobile app Mobile Employee Experience (collectively, the “Applications”).
  2. When we provide you with professional services facilitating employee relocation (the “Professional Services”).
  3. When you visit or interact with us via our website located at bristolglobal.com (the “Website”).
  4. When we sell or offer to sell our Professional Services to you, and when we conduct our marketing activities (“Sales and Marketing Activities”).

In this Privacy Statement, we refer to the Applications, the Professional Services, use of the Website, and our Sales and Marketing Activities collectively as the “Services”.

This Privacy Statement does not apply to your information collected by our corporate customers or partner suppliers who are independent controllers, or if you apply for a job at or are an employee of Bristol Global Mobility.

Who is responsible for your Personal Data?

In the context of this Privacy Statement, Bristol Global Mobility acts as a data controller. This means we decide why we collect your Personal Data and how we use it.

Why do we collect your Personal Data?

In our Applications we process your Personal Data:

  • To give you access and enable you to use the Applications.
  • To facilitate your relocation as authorized by your employer (our corporate customer).
  • To send you push and milestone notifications regarding updates to your relocation or profile in the Applications.
  • When you rate the performance of our Services.
  • To allow you to monitor the status of your employees’ relocations.
  • To respond to your inquiries, and/or other requests or questions related to the Applications or our Professional Services.
  • To comply with our legal obligations and to exercise and enforce our legal rights, or defend legal actions.

With respect to our Professional Services, the Website, and our Sales and Marketing Activities, we process your Personal Data:

  • To process and respond to your inquiries and other requests sent via our Website or in relation to our Professional Services.
  • To measure customer satisfaction.
  • For accounting and human resources management.
  • To facilitate the sales and marketing of our Professional Services.
  • To analyze and understand how you have used our Website.

What Personal Data do we collect?

We collect the following types of Personal Data in our Applications:

  • Username and sign-in credentials to the Applications.
  • Biographical data, such as your first and last name, or those of your relatives and children (if applicable), your age.
  • Contact data, such as work, home, and temporary addresses, contact phone numbers, business and personal e-mail addresses.
  • Relocation data, such as your departure and destination location, address, dates.
  • Professional and employment data, such as your employer company, employment number.
  • Education data, including your formal qualifications.
  • Compensation data, including what package your employer company has offered you to relocate and your relocation benefits.
  • Financial data, such as your bank account information, and financial account numbers.
  • National identifiers, such as your national ID number, social security number, passport number.
  • Citizenship and residency status.
  • Data contained in the biodata pages of your passport or national identifying documents.
  • Technical and log data when you use the Applications which includes login date or time.
  • Metadata such as IP addresses and device identifiers.
  • The photographs of yourself and your family members and of documents.
  • Data contained in files located in your device’s storage space.

With respect to our Professional Services and the Website, we collect the following types of Personal Data*:

  • Biographical data /Identifiers, such as your first and last name.
  • Contact data/Identifiers, such as your professional email address and phone number.
  • Professional data/ Professional or Employment Related Information, such as the name of the company you work for and your title at the company.
  • Internet or Other Similar Network Activity, such as web analytics data.
  • Any other type of data, as submitted in your sole discretion via email.

*Under the California Consumer Privacy Act, as amended (the “CCPA”), the specific Personal Data points listed above must be organized into distinct categories under the CCPA as followsIdentifiers, Signature, physical characteristics or description, telephone number, state identification card number, insurance policy number, education, bank account number, bank account information, or any other financial information, medical information, or health insurance information; California Customer Records Personal Information Categories, Protected Classification Characteristics Under California or Federal Law, Professional or Employment Related Information, Non-public Education Information, Internet or Other Electronic Network Activity information, and Visual Information; Geographic Information.

How do we receive your Personal Data?

We receive your Personal Data when:

  • You provide it directly to us – on calls (conveyed verbally over the phone), email, or via our Website.
  • You provide it to us when you use our Applications.
  • Your spouse/partner provides it to us.
  • Our corporate customers’ representatives (including employees, contractors, and other representatives of the company) provide your Personal Data to us.
  • Our service providers provide it to us, including from business-to-business sales and marketing platforms such as ZoomInfo and analytics services such as Google Analytics.
  • When a friend of yours or one of our partner suppliers, business service providers, corporate customers, or employees refers you to our Services by providing your Personal Data to us.
  • Through our use of cookies and other similar tracking technologies (e.g., web beacon, JavaScript, pixels) on our Website. For more information about how we use these technologies and how you can manage your preferences, read our Cookie Notice.

How long do we retain your Personal Data for?

If you are a relocating employee, we will retain your Personal Data as contained in our records for the period we agreed in contract with our corporate customer. In most cases, we are contractually obliged to keep this information for up to 7 years after the file (or employee) has been authorized for the relocation services. This period may, however, differ from customer to customer. If you want to know how long your Personal Data is retained by us, please contact us.

We also retain limited amounts of your Personal Data for reasonable periods of time as needed to comply with our legal obligations, resolve disputes, and enforce our agreements as guided by our internal retention policies. However, we will respect your request(s) that we delete your Personal Data, subject to the limitations described in this Privacy Statement.

Who do we share or disclose your Personal Data to?

When you use our Applications, we share your Personal Data with our business service providers including those providing the following services to us:

  • Web and mobile app development support services;
  • Managed IT services;
  • Managed IT support services;
  • Online survey tool services;
  • Accounting software services; and
  • Chatbot.

We may also provide limited amounts of your Personal Data to our corporate customers’ (only your employer) through the Application.

With respect to our Professional Services, the Website, and our Marketing and Sales Activities we share your Personal Data with our business service providers providing the following services to us:

  • Customer relationship management software;
  • Online survey tool services;
  • Email marketing services;
  • Web analytics services;
  • Accounting software services;
  • Work management platform services;
  • Domain services;
  • IT and security services;
  • Email services;
  • Software for responding to requests for proposals and security questionnaires;
  • Sales and marketing management services;
  • Colocation and cloud services; and
  • Video conferencing services.

We remain liable for the protection of your Personal Data that we transfer to our service providers, except to the extent that we are not responsible for the event giving rise to any unauthorized or improper processing.

If you are a relocating employee, we will also share your Personal Data with our partner suppliers who assist you with specific services related to your relocation. For example, if you need to find a new home to rent in your destination country, we will share your Personal Data with our partner real estate agents in the area to assist you to find a new home. Please note that many of our partner suppliers determine their own reasons and means for collecting and processing your Personal Data and their use of your data is governed by their own terms and privacy notices.

We require that these third parties maintain confidentiality and protections to your Personal Data in compliance with applicable laws.

As required by the CCPA, in the preceding twelve (12) months, we have disclosed the following categories of Personal Data for a business purpose:

  • Identifiers;
  • California Customer Records Personal Information Categories;
  • Protected Classification Characteristics Under California or Federal Law;
  • Professional or Employment Related Information;
  • Internet or Other Electronic Network Activity information;
  • Visual Information;
  • Geographic Information; and
  • Non-public Education Information.

We may also disclose your Personal Data:

  • To the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to: in response to subpoenas, search warrants, or court orders. If we must disclose your Personal Data to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your Personal Data will maintain the privacy or security of your Personal Data.
  • If we sell or transfer all or a portion of our company’s business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring, or other company change.
  • To our subsidiaries or affiliates in the UK, Canada, and Singapore only if it is necessary for business and operational purposes.

We reserve the right to use, transfer, sell, and share aggregated, de-identified or fully anonymous data, which does not qualify as Personal Data, about our Services’ users as a group for any legal business purpose, such as analyzing usage trends and seeking compatible advertisers, sponsors, and customers.

Where do we store and transfer your Personal Data to?

Bristol Global Mobility is headquartered in Arizona in the United States of America (“U.S.”) and its data centers are in the U.S. We also use many U.S.-based service providers and partner suppliers. This means that your Personal Data is primarily stored in the U.S. by us, our service providers, and our partner suppliers.

However, we operate globally through our subsidiaries, service providers, and partner suppliers. This means that we may store and transfer your data to our subsidiaries, service providers, and partner suppliers who are in different countries if it is relevant to the Services. If you are a relocating employee, the locations where we transfer your Personal Data to and from also depends where you are relocating to and from.

For individuals whose Personal Data is regulated by data protection laws in the United Kingdom (“UK”) or European Economic Area (“EEA”), when we transfer data from these regions to Canada, we do it in reliance on the adequacy decision for Canada. In cases where we transfer your Personal Data from these regions to third parties in countries which are not recognized as providing an adequate level of protection to Personal Data, we transfer Personal Data when there are appropriate safeguards in place. These safeguards include the EU 2021 Standard Contractual Clauses (“SCCs”), UK International Transfer Addendum, UK International Data Transfer Agreement, and any approved certification mechanisms such as the Data Privacy Framework. In addition, we review our compliance with the most up-to-date guidance and obligations concerning valid data transfer under applicable privacy and data protection regulations. If we find it necessary to update the data transfer mechanism used, we will update this Privacy Statement accordingly.

Basis of Processing

Within the scope of this Privacy Statement and where required by applicable privacy and data protection laws, we rely on the following legal grounds for processing your Personal Data:

  • Your consent. Where we process your Personal Data based on your consent, you may withdraw your consent at any time. This will not affect the lawfulness of processing based on consent given before the withdrawal, nor will it affect processing performed on other lawful grounds.
  • The need to perform our obligations under a contract or to perform related pre-contractual duties at your request. Where we receive your Personal Data directly from you for the purpose of providing you with our Services, we require such Personal Data to be able to perform our contractual obligations to you. Without the necessary Personal Data, we will not be able to provide Services to you.
  • Our legitimate interests or a third party’s legitimate interests, such as to facilitate the relocation of employees and their families. When we rely on legitimate interests as a lawful basis of processing, you have the right to ask us more about how we decided to choose this legal basis. To do so, please use the contact details provided in the Contact Us section of this Privacy Statement.
  • The need to comply with a legal obligation to which we are subject.
  • Any other ground, as required or permitted by law in the specific respective context.

If we stop having a legal basis for processing your Personal Data (for example, if you submit a valid request objecting to the processing of your Personal Data and no other basis for processing exists), we’ll stop processing your Personal Data except as strictly necessary to comply with your request.

Do we sell or share your Personal Data?

In the past 12 months, we have not sold your Personal Datafor monetary value as that term is traditionally understood. However, we do use certain analytics tools on our Website, such as Google Analytics, and our use of this analytics tool may be considered a “sale” or “share” under applicable data protection laws.

How do we protect your Personal Data?

We have implemented and will maintain technical, organizational, and physical security measures that are reasonably designed to help protect Personal Data from unauthorized processing, such as unauthorized access, disclosure, alteration, or destruction.

Your Privacy Rights

You have certain privacy rights related to our collection of your Personal Data. If you are a relocating employee or representative of our corporate customers, you can exercise your rights by contacting your Bristol Global Mobility Advisor. If you are a website visitor or want to submit requests or raise any other questions related to the way we process your Personal Data in another way, use the contact details provided in the Contact Us section of this Privacy Statement.

We have summarized your Privacy Rights below:

Right to Know What We Do With Your Personal Data:

This is the right to be informed. It means that you have the right to obtain from us all information regarding our Personal Data processing activities that concern you (or your child), such as how we collect and use your Personal Data, how long we will keep it, and with who we will share it, among other things.

We are informing you of how we process your Personal Data in this Privacy Statement.

We will always try to inform you about how we process your Personal Data. However, if we do not collect the Personal Data directly from you, certain data protection laws exempt us from the obligation to inform you (i) when providing the information is either impossible or unreasonably expensive; (ii) the gathering and/or transmission is required by law, or if (iii) the Personal Data must remain confidential due to professional secrecy or other statutory secrecy obligations.

Right to Know What Personal Data We Have About You:

This is the right of access. This right allows you to ask for full details of the Personal Data we hold about you.

If you use our Applications, you can review your Personal Data through your portal with your own log-in credentials.

You have the right to request a copy, or access to Personal Data and certain related information from us. You can also obtain confirmation of whether or not we process your Personal Data (or that of your child). 

Once we receive and confirm that the request came from you or your authorized agent, we will disclose to you:

  • The categories of your Personal Data that we process;
  • The categories of sources for your Personal Data;
  • Our purposes for processing your Personal Data;
  • Where possible, the retention period for your Personal Data, or, if not possible, the criteria used to determine the retention period;
  • The categories of third parties with whom we share your Personal Data;
  • If we carry out automated decision-making, including profiling, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you;
  • The specific pieces of Personal Data we process about you in an easily sharable format;
  • If we sold or disclosed your Personal Data for a business purpose, the categories of Personal Data and categories of recipients of that Personal Data for both sale and disclosure;
  • If we rely on legitimate interests as a lawful basis to process your Personal Data, the specific legitimate interests; and
  • The appropriate safeguards used to transfer Personal Data from the EEA or the UK to a third country, if applicable.

Under some circumstances, we may deny your access request. In that event, we will respond to you with the reason for the denial. 

The CCPA does not allow us to disclose Social Security numbers, driver’s license numbers or other government-issued identification numbers, financial account numbers, any health insurance or medical identification numbers, account passwords, or security questions and answers. We can inform you that we have this information generally, but we may not provide the specific numbers, passwords etc. to you for security and legal reasons.

Right to Change Your Personal Data:

This is the right to rectification. It gives you the right to ask us to correct, without undue delay, anything that you think is wrong with the Personal Data we have on file about you (or your child), and to complete any incomplete Personal Data. In our Applications, you can edit much of your Personal Data by accessing your account with your own login credentials.

Right to Delete Your Personal Data:

This is the right to erasure, right to deletion, or the right to be forgotten. This right means you can ask us to delete your Personal Data. Sometimes we can delete your information, but other times it is not possible for either technical or legal reasons. If that is the case, we will consider if we can limit how we use it. We will also inform you of our reason for denying your deletion request.

If we have made your Personal Data public, we’ll take all reasonable steps, including technical measures, to inform third parties which are processing your Personal Data of your request to erase any copy or replication (and hyperlinks thereto) of your Personal Data.

Right to Ask Us to Limit How We Process Your Personal Data:

This is the right to restrict processing. It is the right to ask us to only use or store your Personal Data for certain purposes. You have this right in certain instances, such as where you believe the data is inaccurate or the processing activity is unlawful.

Right to Ask Us to Stop Using Your Personal Data:

This is the right to object. This is your right to tell us to stop using your Personal Data. You have this right where we rely on a legitimate interest of ours (or of a third party). You may also object at any time to the processing of your Personal Data for direct marketing purposes.

We will stop processing the relevant Personal Data unless: (i) we have compelling legitimate grounds for the processing that override your interests, rights, or freedoms; or (ii) we need to continue processing your Personal Data to establish, exercise, or defend a legal claim.

If we have received your Personal Data in reliance on the DPF, you may also have the right to opt out of having your Personal Data shared with third parties and to revoke your consent to our sharing your Personal Data with third parties. You may also have the right to opt out if your Personal Data is used for any purpose that is materially different from the purpose(s) for which it was originally collected or which you originally authorized. 

Right to Port or Move Your Personal Data:

This is the right to data portability. It is the right to ask for and receive a portable copy of your Personal Data that you have given us or that you have generated by using our services, so that you can move it; copy it; keep it for yourself; or transfer it to another organization.

We will provide your Personal Data in a structured, commonly used, and machine-readable format. When you request this information electronically, we will provide you with a copy in electronic format.

Additionally, in relation to individuals that use the Applications, they have access to their own portal which has their Personal Data and they have full access to port the information as required.

Right Related to Automated Decision Making:

We sometimes use computers to study your Personal Data. We might use this Personal Data so we know how you use our services. For decisions that may seriously impact you, you have the right not to be subject to automatic decision-making, including profiling. But in those cases, we will always explain to you when we might do this, why it is happening and the effect.

Right to Revoke or Limit Consent and Opt-Out

You may also have the right to opt out of having your Personal Data shared with third parties, and you may revoke your consent that you have previously provided for us to share your Personal Data with third parties, except as required by law.

You also have the right to opt out if your Personal Data is used for any purpose that is materially different from, but nevertheless compatible with, the purpose(s) for which it was originally collected or subsequently authorized by you.

Right to Opt Out of Receiving Direct Marketing or Our Use of Non-essential Tracking Technologies

You can choose to opt out of receiving our newsletters or marketing emails by following the unsubscribe instructions in the email, or you can contact us.

You can manage your preferences related to our use of cookies and other online tracking technologies in a number of ways. Please read our Cookie Notice for instructions.

Right to Opt Out of the Sale or Sharing of Your Personal Data

Some laws give you the right to opt out of the sale or sharing of your Personal Data, which means you have the right to ask us to not sell or share your Personal Data at any time.

EEA and UK Supervisory Authority Oversight

If you are located in the EEA and subject to EEA data protection laws, you have the right to lodge a complaint with a data protection regulator in one or more European Union member states.

If you are located in the UK, you can lodge a complaint with the UK Information Commissioner’s Office.

Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. Unless permitted by applicable law, we will not:

  • Deny you goods or services;
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits or imposing penalties;
  • Provide you a different level or quality of goods or services; or
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Response Timing and Format of Our Responses:

We will confirm receipt of your request within 10 business days and in that communication, we will describe our identity verification process (if needed) and when you should expect a response, unless we have already granted or denied the request.

Please allow us up to a month to reply to your requests from the day we received your request. If we need more time (up to 90 days in total), we will inform you of the reason why and the extension period in writing. 

If we cannot satisfy a request, we will explain why in our response. For data portability requests, we will choose a format to provide your Personal Data that is readily useable and should allow you to transmit the information from one entity to another entity without difficulty.

We will not charge a fee for processing or responding to your requests. However, we may charge a fee if we determine that your request is excessive, repetitive, or manifestly unfounded. In those cases, we will tell you why we made that determination and provide you with a cost estimate before completing your request.

Verification of Your Identity

To correctly respond to your privacy rights requests, we need to confirm that YOU made the request. Consequently, we may require additional information to confirm that you are who you say you are.

For requests submitted via password-protected accounts in our Applications, your identity is already verified. For requests sent by other means, we may verify your identity by contacting you by phone or by email and ask you to provide us with information that matches information we have about you.

Verification of Authority

If you are submitting a request on behalf of somebody else, we will need to verify your authority to act on behalf of that individual. When contacting us, please provide us with proof that the individual gave you signed permission to submit this request, a valid power of attorney on behalf of the individual, or proof of parental responsibility or legal guardianship. Alternatively, you may ask the individual to directly contact us by using the contact details above to verify their identity and confirm that they gave you permission to submit this request.

Alternatively, we’ll ask you to provide us with appropriate proof of authority.

Children’s Privacy

Our Services are not directed at, or intended for use by, children. We do not knowingly allow anyone under 18 to use our Services. Children should always get permission from a parent or guardian before sending their Personal Data over the Internet. If you believe your child may have provided us with their Personal Data, you can contact our Privacy Officer using the information in the Contact Us section of this Privacy Statement and we will delete the Personal Data.

Note that when we provide you with the Services and you are a relocating employee who is relocating with your family (including your children), we may collect some Personal Data related to your child directly from you to provide the Services.

Data Privacy Framework (“DPF”)

For Personal Data in the scope of this Privacy Statement that is processed in Bristol Elite and our Website, Bristol Global Mobility LLC complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce.  Bristol Global Mobility has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of Personal Data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Bristol Global Mobility has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of Personal Data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this Privacy Statement and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/

Dispute Resolution

In compliance with the EU-U.S. DPF, and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Bristol Global Mobility commits to refer unresolved complaints concerning our handling of Personal Data received in reliance on the EU-U.S. DPF and the Swiss-U.S. DPF to the VeraSafe Data Privacy Framework Dispute Resolution Procedure. VeraSafe is an alternative dispute resolution provider based in the United States.  If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/ for more information or to file a complaint.  The services of VeraSafe are provided at no cost to you.

If your dispute or complaint cannot be resolved by us, nor through the dispute resolution program established by VeraSafe, you may have the right to require that we enter into binding arbitration with you in terms of Data Privacy Framework’s Recourse, Enforcement and Liability Principle and Annex I of the Data Privacy Framework.

U.S. Regulatory Oversight

Bristol Global Mobility is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

Changes to this Privacy Statement

If we make any material change to this Privacy Statement, we will post the revised Privacy Statement to this web page and update the “last updated” date above to reflect the date on which the new Privacy Statement became effective. 

Contact Us

If you have any questions about this Privacy Statement or our processing of your Personal Data, please write to our Privacy Officer by email at privacy@Bristolglobal.com or by postal mail at:

Attn: Privacy Officer

Bristol Global Mobility LLC

2001 N. 3rd Street, Suite 200

Phoenix, AZ 85004

USA

You may also contact us via the following phone numbers:

Within the United States:

Toll Free: +1 888 926 0997

Main line (within the U.S.): +1 602 952 0355

 

Outside the United States:

Toll free: +1-888-926-0997

Canada:  +1-437-887-0100

EMEA (United Kingdom): + 44 020 7952 1050

 

APAC (Singapore): + 65 6909 9042

Data Protection Officer

We have appointed VeraSafe as our data protection officer (“DPO”). You may contact our DPO at:

VeraSafe, LLC

100 M Street S.E., Suite 600

Washington, D.C. 20003    USA

Phone: +1-617-398-7067

Email:  experts@verasafe.com

European Union (EU) Representative

We have appointed VeraSafe as our representative in the EU for data protection matters. Please only contact VeraSafe for matters related to the processing of Personal Data.

To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative . Alternatively, you can contact VeraSafe at:

VeraSafe Ireland Ltd

Unit 3D North Point House

North Point Business Park

New Mallow Road

Cork T23AT2P

Ireland

Phone: +420 228 881 031

United Kingdom (UK) Representative

We have appointed VeraSafe as our representative in the UK for data protection matters. Please only contact VeraSafe for matters related to the processing of Personal Data.

 

To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative. Alternatively, you can contact VeraSafe at:

 

VeraSafe United Kingdom Ltd.

37 Albert Embankment

London SE1 7TL

United Kingdom

Phone: +44 (20) 4532 2003

Stay in touch with Bristol