Privacy Statement of Bristol Global Mobility, LLC
Last updated August 20, 2021
Information We Collect
Categories of Personal Data
We may process the following types of Personal Data in our Applications:
- biographical data, such as your age, first or last name, or those of your children (if applicable);
- contact data, such as work, home, and temporary addresses, departure and destination address, contact phone numbers, business and personal e-mail addresses;
- employment data, such as your employment number;
- payment information, such as your credit card number;
- financial data, including financial account numbers;
- Social Security number;
- education background and related data;
- data contained on the biodata page of a passport; and
- personal relocation benefits.
Under the California Consumer Privacy Act (the “CCPA”), the specific Personal Data points listed above is organized into distinct categories. For clarity, we process Personal Data that falls under the following CCPA categories: Identifiers, California Customer Records Personal Information Categories, Protected Classification Characteristics Under California or Federal Law, Professional or Employment Related Information, and Nonpublic Education Information.
With respect to our Professional Services and the Website, we may also process:
- web analytics data; and
- any other type of data, as submitted in the data subject’s sole discretion via email.
Under the CCPA categories, the web analytics data may fall under Internet or Other Similar Network Activity. Personal Data submitted by the data subject via email could fall under any of the CCPA categories.
How We Receive Personal Data
We may receive your Personal Data when:
- you provide them to us – at the time of initiation of a call (conveyed verbally over the phone) or via our Services;
- your spouse/partner provides them to us;
- our clients (including their employees, contractors, and other representatives of the company) provide these data to us;
- our service providers provide them to us; or
- when a friend of yours or one of our partners, vendors, clients, or employees refers you to our Services by providing your Personal Data to us.
We may also receive your Personal Data from other third parties. If we receive your Personal Data from a third party, we will notify you, where required by applicable laws, without undue delay.
Cookies and Other Tracking Technologies
We may also use:
Local Storage. Local storage enables our Website to store information locally on your device. Local storage may be used to improve your experience with our Website, for example, by enabling features, remembering your preferences and speeding up our Website functionality.
GIFs (a.k.a. “web beacons”). Our website may also employ a software technology called clear GIFs that helps us better manage content on our Website by informing us what content is effective. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies, which are used to track the online movements of Website users.
Local shared objects (a.k.a. “flash cookies”). Flash cookies are pieces of data that websites which use Adobe Flash may store on your device.
All of the above-referenced tracking technologies are collectively referred to as “Tracking Technologies” in this Statement.
We may use Tracking Technologies to enable us to track devices authorized by you for use as part of our two-stage authentication functionality, to provide basic relevant ads, website functionality, authentication (session management), usage analytics (web analytics), to remember your settings, and to generally improve our Services.
We use session and persistent cookies. Session cookies are deleted when you close your browser. Persistent cookies may remain even after you close your browser, but always have an expiration date. Most of the cookies placed on your device through our Services are first-party cookies which are placed directly by us. Other parties, such as Google and Workable, may also set their own (third-party) cookies through our Services. Please refer to the policies of these third parties to learn more about the way in which they collect and process information about you.
Responding to Do Not Track (DNT) Signals
"Do Not Track" is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third-parties. Our Bristol ELITE web application is set to respond to “Do Not Track” signals received from various web browsers.
How We Use Tracking Technologies on our Website
Strictly Necessary Tracking Technologies: These Tracking Technologies are necessary for our Website to function and cannot be turned off in our systems. They are usually only set in response to actions you take which amount to a request for services, such as setting your privacy preferences, logging in, or filling out forms. You may be able to set your browser to block or alert you about some of these Tracking Technologies. However, if you block these Tracking Technologies some parts of our Website will not work.
Performance Tracking Technologies: These Tracking Technologies allow us, among other things, to count Website visits and traffic sources so we can measure and improve the performance of our Website. They help us to know which pages are the most – and least – popular, and see how you move around the Website. If you do not allow these Tracking Technologies, we will not know when you have visited our Website and will not be able to monitor our Website’s performance.
Targeting Tracking Technologies: These Tracking Technologies may be used on our Website by our advertising partners (or set directly by our advertising partners) to collect data about your online activity. They record your visits to our Website, the pages you have visited, and the links you have followed. They are used by our advertising partners to build a profile of your interests and show you relevant advertisements on our Website as well as other sites. For example, they are used to detect when you click on an ad and show you ads based on your social media interests and browsing history.
We and third parties use social media cookies to show you ads and content based on your social media profiles and activity on our Website. They’re used to connect your activity on our Website to your social media profiles so the ads and content you see on our Website and on social media will better reflect your interests.
If you do not allow these Tracking Technologies, you will experience less targeted advertising.
How We Use Your Information
In the context of this Privacy Statement, Bristol Global Mobility acts as a data controller for the Personal Data we process.
Basis of Processing:
Within the scope of this Privacy Statement, we may rely on one or more of the following legal grounds for processing your Personal Data:
- your consent;
- the need to perform our obligations under a contract or to perform related pre-contractual duties at your request;
- the legitimate interests pursued by us or a third party, such as to facilitate the relocation of employees and their families;
- the need to comply with a legal obligation to which we are subject; or
- any other ground, as required or permitted by law in the specific respective context.
When we rely on legitimate interests as a lawful basis of processing, you have the right to ask us more about how we decided to choose this legal basis. To do so, please use the contact details provided in the Contact Us section of this Privacy Statement.
Please note that where we process your Personal Data based on your consent, you may withdraw your consent at any time. This will not affect the lawfulness of processing that was conducted based on consent given before the withdrawal, however, nor will it affect processing performed on other lawful grounds.
If we stop having a legal basis for processing your Personal Data (for example, if you submit a valid request objecting to the processing of your Personal Data and no other basis for processing exists), we’ll stop processing your Personal Data except as strictly necessary to comply with your request.
Where we receive your Personal Data directly from you for the purpose of providing you with our Services, we require such Personal Data to be able to perform our contractual obligations to you. Without the necessary Personal Data, we will not be able to provide Services to you.
Purposes of Processing:
In our Applications, we process Personal Data for the purposes of:
- enabling the use of the Services;
- providing our Professional Services, including the facilitation of relocation authorized by an employee's employer (our client);
- responding to your inquiries, and/or other requests or questions; and
- sending you email marketing communications relating to our business which we think may be of interest to you.
With respect to our Professional Services and the Website, we may also process your Personal Data for the purposes of:
- measuring customer satisfaction;
- accounting and human resources management; and
- facilitating sales.
Data Retention Periods:
We are legally obliged to keep certain records for our clients for up to 7 years after the file (or employee) has been authorized for relocation services. Personal Data might be retained for longer periods for any audit or reporting purposes our clients may require.
We may also retain limited amounts of Personal Data for as long as we consider it potentially useful in contacting you about our Services, or as needed to comply with our legal obligations, resolve disputes, and enforce our agreements. However, we will always respect your request(s) that we delete your Personal Data, subject to the limitations described in this Privacy Statement.
Sharing Personal Data with Third Parties:
We may share your Personal Data with other entities. Such third parties may include those providing:
- web app development purposes;
- managed IT services; and
- managed IT support services.
With respect to our Professional Services and the Website, we may also share your Personal Data with third parties providing:
- customer relationship management software;
- online survey tool services;
- email marketing services;
- accounting software services;
- work management platform services;
- domain services;
- email services;
- software for responding to requests for proposals and security questionnaires;
- HR management;
- colocation and cloud services; and
- furniture rental services.
We will require that these third parties maintain at least the same level of confidentiality and data protection that we maintain for such Personal Data.
Some of these service providers may be located outside of the European Union or the European Economic Area (“EEA”), such as the United States of America. In some cases, the European Commission may have determined that in some countries, their data protection laws provide a level of protection equivalent to European Union law. You can see here the list of countries that the European Commission as recognized as providing an adequate level of protection to personal data. We will only transfer your Personal Data to third parties in countries not recognized as providing an adequate level of protection to personal data when there are appropriate safeguards in place. These safeguards may include the Standard Contractual Clauses (“SCCs”) as approved by the European Commission under Article 46.2 of the GDPR.
Bristol Global Mobility remains liable for the protection of Personal Data that we transfer or have transferred to our service providers through our designated data transfer mechanism, such as the SCCs, except to the extent that we are not responsible for the event giving rise to any unauthorized or improper processing.
Other Disclosures of Your Personal Data:
We may disclose your Personal Data:
- to the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to: in response to subpoenas, search warrants, or court orders;
- if we sell or transfer all or a portion of our company’s business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring, or other company change; or
- to our subsidiaries or affiliates only if necessary for business and operational purposes.
We reserve the right to use, transfer, sell, and share aggregated, anonymous data, which does not qualify as Personal Data, about our Services users as a group for any legal business purpose, such as analyzing usage trends and seeking compatible advertisers, sponsors, clients, and customers.
If we must disclose your Personal Data in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your Personal Data will maintain the privacy or security of your Personal Data.
Disclosure of Your Personal Data under the CCPA
In the preceding twelve (12) months, Bristol Global Mobility has disclosed the following categories of Personal Data for a business purpose:
- California Customer Records Personal Information Categories
- Protected Classification Characteristics Under California or Federal Law
- Professional or Employment Related Information
- Nonpublic Education Information
Sale of Your Personal Data under the CCPA:
In the preceding twelve (12) months, Bristol Global Mobility has not sold Personal Data.
Data Integrity & Security
Bristol Global Mobility has implemented and will maintain technical, organizational, and physical security measures that are reasonably designed to help protect Personal Data from unauthorized processing, such as unauthorized access, disclosure, alteration, or destruction.
Your Privacy Rights (Access & Review)
If you are a data subject about whom we process Personal Data, you may have the right to request access to, and the opportunity to update, correct, or have deleted, such Personal Data. You may also have the right:
- to ask that we limit our processing of your Personal Data,
- to object to our processing of your Personal Data, or
- to ask to have your Personal Data exported in a machine-readable format.
You may exercise such requests via your Bristol Global Mobility Advisor by e-mail. You may also submit such requests or raise any other questions related to the way we process your Personal Data by using the information provided in the Contact Us section of this Privacy Statement, or by contacting our European Union Representative or our Data Protection Officer, where applicable.
We have summarized some of these Privacy Rights below:
Right to Know What Happens to Your Personal Data:
This is called the right to be informed. It means that you have the right to obtain from us all information regarding our data processing activities that concern you (or your child), such as how we collect and use your Personal Data, how long we will keep it, and who it will be shared with, among other things.
We are informing you of how we process your Personal Data with this Notice.
We will always try to inform you about how we process your Personal Data. However, if we do not collect the Personal Data directly from you, the GDPR exempts us from the obligation to inform you (i) when providing the information is either impossible or unreasonably expensive; (ii) the gathering and/or transmission is required by law, or if (iii) the Personal Data must remain confidential due to professional secrecy or other statutory secrecy obligations.
Right to Know What Personal Data We Have About You:
This is called the right of access. This right allows you to ask for full details of the Personal Data we hold on you.
You have the right to obtain from us, including confirmation of whether or not we process Personal Data concerning you (or your child), and, where that is the case, a copy or access to the Personal Data and certain related information.
You will be able to access your portal containing your Personal Data with your own log-in credentials.
Once we receive and confirm that the request came from you or your authorized agent, we will disclose to you:
- The categories of your Personal Data that we process;
- The categories of sources for your Personal Data;
- Our purposes for processing your Personal Data;
- Where possible, the retention period for your Personal Data, or, if not possible, the criteria used to determine the retention period;
- The categories of third parties with whom we share your Personal Data;
- If we carry out automated decision-making, including profiling, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you;
- The specific pieces of Personal Data we process about you in an easily sharable format;
- If we sold or disclosed your Personal Data for a business purpose, the categories of Personal Data and categories of recipients of that Personal Data for both sale and disclosure;
- If we rely on legitimate interests as a lawful basis to process your Personal Data, the specific legitimate interests; and
- The appropriate safeguards used to transfer Personal Data from the EEA or the UK to a third country, if applicable.
Under some circumstances, we may deny your access request. In that event, we will respond to you with the reason for the denial.
The CCPA does not allow us to disclose Social Security numbers, driver’s license numbers or other government-issued identification numbers, financial account numbers, any health insurance or medical identification numbers, account passwords, or security questions and answers. We can inform you that we have this information generally, but we may not provide the specific numbers, passwords etc. to you for security and legal reasons.
Right to Change Your Personal Data:
This is called the right to rectification. It gives you the right to ask us to correct without undue delay anything that you think is wrong with the Personal Data we have on file about you (or your child), and to complete any incomplete Personal Data. In our Applications, you can edit much of your Personal Data by accessing your account with your own login credentials.
Right to Delete Your Personal Data:
This is called the right to erasure, right to deletion, or the right to be forgotten. This right means you can ask for your Personal Data to be deleted. Sometimes we can delete your information, but other times it is not possible for either technical or legal reasons. If that is the case, we will consider if we can limit how we use it. We will also inform you of our reason for denying your deletion request.
If we have made your Personal Data public, we’ll take all reasonable steps, including technical measures, to inform third parties which are Processing your Personal Data of your request to erase any copy or replication (and hyperlinks thereto) of your Personal Data.
Right to Ask Us to Limit How We Process Your Personal Data:
This is called the right to restrict processing. It is the right to ask us to only use or store your Personal Data for certain purposes. You have this right in certain instances, such as where you believe the data is inaccurate or the processing activity is unlawful.
Right to Ask Us to Stop Using Your Personal Data:
This is called the right to object. This is your right to tell us to stop using your Personal Data. You have this right where we rely on a legitimate interest of ours (or of a third party). You may also object at any time to the processing of your Personal Data for direct marketing purposes.
We will stop processing the relevant Personal Data unless: (i) we have compelling legitimate grounds for the processing that override your interests, rights, or freedoms; or (ii) we need to continue processing your Personal Data to establish, exercise, or defend a legal claim.
If we have received your Personal Data in reliance on the Privacy Shield, you may also have the right to opt out of having your Personal Data shared with third parties and to revoke your consent to our sharing your Personal Data with third parties. You may also have the right to opt out if your Personal Data is used for any purpose that is materially different from the purpose(s) for which it was originally collected or which you originally authorized.
Right to Port or Move Your Personal Data:
This is called the right to data portability. It is the right to ask for and receive a portable copy of your Personal Data that you have given us or that you have generated by using our services, so that you can:
- Move it;
- Copy it;
- Keep it for yourself; or
- Transfer it to another organization.
We will provide your Personal Data in a structured, commonly used, and machine-readable format. When you request this information electronically, we will provide you a copy in electronic format.
Additionally, in relation to employees who are moving, such employees have access to their own portal which has their Personal Data and they have full access to update the information as required.
Right Related to Automated Decision Making:
We sometimes use computers to study your Personal Data. We might use this Personal Data so we know how you use our services. For decisions that may seriously impact you, you have the right not to be subject to automatic decision-making, including profiling. But in those cases, we will always explain to you when we might do this, why it is happening and the effect.
Response Timing and Format of Our Responses:
We will confirm the receipt of your request within 10 business days, and, in that communication, we will also describe our identity verification process (if needed) and when you should expect a response, unless we have already granted or denied the request.
Please allow us up to a month to reply to your requests from the day we received your request. If we need more time (up to 90 days in total), we will inform you of the reason why and the extension period in writing.
If we cannot satisfy a request, we will explain why in our response. For data portability requests, we will choose a format to provide your Personal Data that is readily useable and should allow you to transmit the information from one entity to another entity without difficulty.
We will not charge a fee for processing or responding to your requests. However, we may charge a fee if we determine that your request is excessive, repetitive, or manifestly unfounded. In those cases, we will tell you why we made that determination and provide you with a cost estimate before completing your request.
Verification of Your Identity
In order to correctly respond to your privacy rights requests, we need to confirm that YOU made the request. Consequently, we may require additional information to confirm that you are who you say you are.
For requests submitted via password-protected accounts in our Applications, your identity is already verified. For requests sent by other means, we may verify your identity contacting you by phone or by email and ask you to provide us with information that matches information we have about you.
Verification of Authority
If you are submitting a request on behalf of somebody else, we will need to verify your authority to act on behalf of that individual. When contacting us, please provide us with proof that the individual gave you signed permission to submit this request, a valid power of attorney on behalf of the individual, or proof of parental responsibility or legal guardianship. Alternatively, you may ask the individual to directly contact us by using the contact details above to verify their identity with Bristol and confirm with us that they gave you permission to submit this request.
Alternatively, we’ll ask you to provide us with appropriate proof of authority.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits or imposing penalties
- Provide you a different level or quality of goods or services
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Revoking or Limiting Consent and Opting Out
You may also have the right to opt out of having your Personal Data shared with third parties, and you may revoke your consent that you have previously provided for us to share your Personal Data with third parties, except as required by law. You also have the right to opt out if your Personal Data is used for any purpose that is materially different from, but nevertheless compatible with, the purpose(s) for which it was originally collected or subsequently authorized by you. To do this, you may send your request to our Privacy Officer using the information in the Contact Us section of this Privacy Statement.
The Services are not directed at, or intended for use by, children under the age of 13. We do not knowingly allow anyone under 18 to provide any Personal Data when using our Services. Children should always get permission from a parent or guardian before sending their Personal Data over the Internet. If you believe your child may have provided us with their Personal Data, you can contact our Privacy Officer using the information in the Contact Us section of this Privacy Statement and we will delete these Personal Data.
Changes to this Privacy Statement
If we decide to make material changes in the way we use Personal Data, we will post those changes to this Privacy Statement, on our home page, or in other places we deem appropriate, prior to the change becoming effective so that you are aware of what Personal Data we collect, how we process it, and under what circumstances, if any, we disclose it.
By continuing to use our Services after we post any such changes, you accept the Privacy Statement as modified.
EU-U.S. and Swiss-U.S. Privacy Shield Frameworks
For Personal Data in the scope of this Privacy Statement that are processed in our Applications, Bristol Global Mobility complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (the "Privacy Shield"), as adopted and set forth by the U.S. Department of Commerce and the Swiss Administration regarding the processing of Personal Data transferred from Switzerland to the United States or otherwise received in reliance on the Privacy Shield.
Bristol Global Mobility commits to continue to adhere to and has certified to the Department of Commerce that it will continue to adhere to the Privacy Shield Principles with regard to Personal Data that was received in reliance on Privacy Shield. Bristol Global Mobility does not currently use the Privacy Shield as its data transfer mechanism from the EEA and uses the SCCs as its primary data transfer mechanism for EEA Personal Data.
To learn more about the Privacy Shield principles, and to view Bristol Global Mobility’s certification information, please visit https://www.privacyshield.gov and https://www.privacyshield.gov/list, respectively.
Data Transfer Mechanisms
Bristol Global Mobility uses the SCCs as its primary data transfer mechanism for transferring Personal Data from the EEA. The SCCs are formally integrated into our agreements with third parties from whom and on behalf of whom we receive EEA Personal Data.
In addition, Bristol Global Mobility regularly reviews and confirms its compliance with the most up-to-date guidance and obligations on valid data transfer under applicable privacy regulations. If we find it necessary to update the data transfer mechanism used, we will update this Privacy Statement accordingly.
VeraSafe Privacy Program
Bristol Global Mobility is a member of the VeraSafe Privacy Program, meaning that with respect to Personal Data in the scope of this Privacy Statement processed in our Applications, VeraSafe has assessed Bristol Global Mobility’s data governance and data security for compliance with the VeraSafe Privacy Program Certification Criteria. The certification criteria require that participants maintain a high standard for data privacy and implement specific best practices pertaining to notice, onward transfer, choice, access, data security, data quality, recourse, and enforcement.
Where a privacy complaint or dispute relating to Personal Data that was received by us in reliance on the Privacy Shield cannot be resolved through Bristol Global Mobility’s internal processes, Bristol Global Mobility has agreed to participate in the VeraSafe Privacy Shield Dispute Resolution Procedure. Subject to the terms of the VeraSafe Privacy Shield Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Privacy Shield Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/
If your dispute or complaint related to your Personal Data that we received in reliance on Privacy Shield can’t be resolved by us, nor through the dispute resolution program established by VeraSafe, you may have the right to require that we enter into binding arbitration with you pursuant to the Privacy Shield’s Recourse, Enforcement and Liability Principle and Annex I of the Privacy Shield.
U.S. Regulatory Oversight
Bristol Global Mobility is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
Data Protection Officer
VeraSafe has been appointed as Bristol Global Mobility’s data protection officer (DPO) in accordance with Article 37 of the General Data Protection Regulation of the EU (GDPR). VeraSafe can be contacted in addition to Bristol Global Mobility only on matters related to the processing of Personal Data and to exercise your rights under the GDPR. To make such an inquiry, please contact VeraSafe at:
100 M Street S.E., Suite 600
Washington, D.C. 20003 USA
Phone: +1 -617-398-7067 Email: firstname.lastname@example.org
European Union (EU) Representative
VeraSafe has been appointed as Bristol Global Mobility’s representative in the EU for data protection matters, pursuant to Article 27 of the GDPR. VeraSafe can be contacted in addition to Bristol Global Mobility only on matters related to the processing of Personal Data. To make such an inquiry, please contact VeraSafe using this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative/ . Alternatively, VeraSafe can be contacted at:
VeraSafe Czech Republic s.r.o.
Prague 1, 11002
VeraSafe Ireland Ltd
Unit 3D North Point House
North Point Business Park
New Mallow Road
EU Supervisory Authority Oversight
If you are a data subject whose Personal Data we process, you may also have the right to lodge a complaint with a data protection regulator in one or more European Union member states.
If you have any questions about this Privacy Statement or our processing of your Personal Data, please write to our Privacy Officer by email at privacy@Bristolglobal.com or by postal mail at:
Attn: Privacy Officer
Bristol Global Mobility LLC
2001 N. 3rd Street, Suite 200
Phoenix, AZ 85004
You may also contact us via the following phone numbers:
Within the United States: +1 888 371 4297; Fax: +1 602 952 1557; Text: +1 972 839 7285
Outside the United States: + 1 602 952 0355;
EMEA (United Kingdom): + 44 020 7952 1050;
APAC (Singapore): + 65 66533421
Please allow up to ten (10) days for us to reply.