Privacy Statement of Bristol Global Mobility, LLC
Effective September 2020
Information We Collect
Categories of Personal Data
We may process the following types of Personal Data in our Applications:
- biographical data, such as your age, first or last name, or those of your children (if applicable);
- contact data, such as work, home, and temporary addresses, departure and destination address, contact phone numbers, business and personal e-mail addresses;
- employment data, such as your employment number;
- payment information, such as your credit card number;
- financial data, including financial account numbers;
- social security number;
- education background and related data;
- data contained on the biodata page of a passport; and
- personal relocation benefits.
Under the California Consumer Privacy Act (the “CCPA”), the specific Personal Data points listed above is organized into distinct categories. For clarity, we process Personal Data that falls under the following CCPA categories: Identifiers, California Customer Records Personal Information Categories, Protected Classification Characteristics Under California or Federal Law, Professional or Employment Related Information, and Nonpublic Education Information.
With respect to our Professional Services and the Website, we may also process:
- web analytics data; and
- any other type of data, as submitted in the data subject’s sole discretion via email.
Under the CCPA categories, the web analytics data may fall under Internet or Other Similar Network Activity. Personal Data submitted by the data subject via email could fall under any of the CCPA categories.
How We Receive Personal Data
We may receive your Personal Data when:
- you provide them to us – at the time of initiation of a call (conveyed verbally over the phone) or via our Services;
- your spouse/partner provides them to us;
- our clients (including their employees, contractors, and other representatives of the company) provide these data to us;
- our service providers provide them to us; or
- when a friend of yours or one of our partners, vendors, clients, or employees refers you to our Services by providing your Personal Data to us.
We may also receive your Personal Data from other third parties. If we receive your Personal Data from a third party, we will notify you, where required by applicable laws, without undue delay.
Responding to Do Not Track Signals
Our Bristol ELITE web application is set to respond to “Do Not Track” signals received from various web browsers.
How We Use Your Information
Basis of Processing:
- your consent;
- the need to perform our obligations under a contract or to perform related pre-contractual duties at your request;
- the legitimate interests pursued by us or a third party, such as to facilitate the relocation of employees and their families;
- the need to comply with a legal obligation to which we are subject; or
- any other ground, as required or permitted by law in the specific respective context.
Please note that where we process your Personal Data based on your consent, you may withdraw your consent at any time. This will not affect the lawfulness of processing that was conducted based on consent given before the withdrawal, however, nor will it affect processing performed on other lawful grounds.
Where we receive your Personal Data directly from you for the purpose of providing you with our Services, we require such Personal Data to be able to perform our contractual obligations to you. Without the necessary Personal Data, we will not be able to provide Services to you.
Purposes of Processing:
In our Applications, we process Personal Data for the purposes of:
- enabling the use of the Services;
- providing our Professional Services, including the facilitation of relocation authorized by an employee's employer (our client);
- responding to your inquiries, and/or other requests or questions; and
- sending you email marketing communications relating to our business which we think may be of interest to you.
With respect to our Professional Services and the Website, we may also process your Personal Data for the purposes of:
- measuring customer satisfaction;
- accounting and human resources management; and
- facilitating sales.
Data Retention Periods:
We are legally obliged to keep certain records for our clients for up to 7 years after the file (or employee) has been authorized for relocation services. Personal Data might be retained for longer periods for any audit or reporting purposes our clients may require.
Sharing Personal Data with Third Parties:
We may share your Personal Data with other entities. Such third parties may include those providing:
- mobile and web app development purposes;
- managed IT services; and
- managed IT support services.
With respect to our Professional Services and the Website, we may also share your Personal Data with third parties providing:
- customer relationship management software;
- online survey tool services;
- email marketing services;
- accounting software services;
- work management platform services;
- domain services;
- email services;
- software for responding to requests for proposals and security questionnaires;
- HR management;
- colocation and cloud services; and
- furniture rental services.
We will require that these third parties maintain at least the same level of confidentiality and data protection that we maintain for such Personal Data.
Some of our service providers who receive your Personal Data may be located in countries outside of the European Union or the European Economic Area ("EEA"). In some cases, the European Commission may not have determined that the legal environment in those countries provides a level of data protection that is essentially equivalent to the level of protection provided under European Union law. Transfers of your Personal Data to such service providers will typically be subject to appropriate safeguards, such as the Standard Contractual Clauses ("SCCs") for the transfer of Personal Data to third countries, as approved by, and available directly from, the European Commission.
Bristol Global Mobility remains liable for the protection of Personal Data that we transfer or have transferred to our service providers through our designated data transfer mechanism, such as the SCCs, except to the extent that we are not responsible for the event giving rise to any unauthorized or improper processing.
Other Disclosures of Your Personal Data:
We may disclose your Personal Data:
- to the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to: in response to subpoenas, search warrants, or court orders;
- if we sell or transfer all or a portion of our company’s business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring, or other company change; or
- to our subsidiaries or affiliates only if necessary for business and operational purposes.
We reserve the right to use, transfer, sell, and share aggregated, anonymous data, which does not include any Personal Data, about our Services users as a group for any legal business purpose, such as analyzing usage trends and seeking compatible advertisers, sponsors, clients, and customers.
If we must disclose your Personal Data in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your Personal Data will maintain the privacy or security of your Personal Data.
Disclosure of Your Personal Data under the CCPA
In the preceding twelve (12) months, Bristol Global Mobility has disclosed the following categories of Personal Data for a business purpose:
- California Customer Records Personal Information Categories
- Protected Classification Characteristics Under California or Federal Law
- Professional or Employment Related Information
- Nonpublic Education Information
Sale of Your Personal Data under the CCPA:
In the preceding twelve (12) months, Bristol Global Mobility has not sold Personal Data.
Data Integrity & Security
Bristol Global Mobility has implemented and will maintain technical, organizational, and physical security measures that are reasonably designed to help protect Personal Data from unauthorized processing, such as unauthorized access, disclosure, alteration, or destruction.
Access & Review
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits or imposing penalties
- Provide you a different level or quality of goods or services
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Revoking or Limiting Consent and Opting Out
EU-U.S. and Swiss-U.S. Privacy Shield Frameworks
Bristol Global Mobility commits to continue to adhere to and has certified to the Department of Commerce that it will continue to adhere to the Privacy Shield Principles with regard to Personal Data that was received in reliance on Privacy Shield. Bristol Global Mobility does not currently use the Privacy Shield as its data transfer mechanism from the EEA and uses the SCCs as its primary data transfer mechanism for EEA Personal Data.
To learn more about the Privacy Shield principles, and to view Bristol Global Mobility’s certification information, please visit https://www.privacyshield.gov and https://www.privacyshield.gov/list, respectively.
Data Transfer Mechanisms
Bristol Global Mobility uses the SCCs as its primary data transfer mechanism for transferring Personal Data from the EEA. The SCCs are formally integrated into our agreements with third parties from whom and on behalf of whom we receive EEA Personal Data.
VeraSafe Privacy Program
Where a privacy complaint or dispute relating to Personal Data that was received by us in reliance on the Privacy Shield cannot be resolved through Bristol Global Mobility’s internal processes, Bristol Global Mobility has agreed to participate in the VeraSafe Privacy Shield Dispute Resolution Procedure. Subject to the terms of the VeraSafe Privacy Shield Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Privacy Shield Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/
If your dispute or complaint related to your Personal Data that we received in reliance on Privacy Shield can’t be resolved by us, nor through the dispute resolution program established by VeraSafe, you may have the right to require that we enter into binding arbitration with you pursuant to the Privacy Shield’s Recourse, Enforcement and Liability Principle and Annex I of the Privacy Shield.
U.S. Regulatory Oversight
Bristol Global Mobility is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
Data Protection Officer
VeraSafe has been appointed as Bristol Global Mobility’s data protection officer (DPO) in accordance with Article 37 of the General Data Protection Regulation of the EU (GDPR). VeraSafe can be contacted in addition to Bristol Global Mobility only on matters related to the processing of Personal Data and to exercise your rights under the GDPR. To make such an inquiry, please contact VeraSafe at:
22 Essex Way #8203
Essex, VT 05451 USA
Phone: +1 (888) 376-1079
Email: email@example.comSafe can be contacted at:
European Union (EU) Representative
VeraSafe has been appointed as Bristol Global Mobility’s representative in the EU for data protection matters, pursuant to Article 27 of the GDPR. VeraSafe can be contacted in addition to Bristol Global Mobility only on matters related to the processing of Personal Data. To make such an inquiry, please contact VeraSafe using this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative/ . Alternatively, VeraSafe can be contacted at:
VeraSafe Ireland Ltd
Unit 3D North Point House
North Point Business Park
New Mallow Road
EU Supervisory Authority Oversight
If you are a data subject whose Personal Data we process, you may also have the right to lodge a complaint with a data protection regulator in one or more European Union member states.
Attn: Privacy Officer
Bristol Global Mobility LLC
2001 N. 3rd Street, Suite 200
Phoenix, AZ 85004
You may also contact us via the following phone numbers:
Within the United States: +1 888 371 4297; Fax: +1 602 952 1557; Text: +1 972 839 7285
Outside the United States: + 1 602 952 0355;
EMEA (United Kingdom): + 44 020 7952 1050;
APAC (Singapore): + 65 66533421
Please allow up to 10 days for us to reply.