Revalize Expands Foodservice Equipment & Supplies Portfolio with Latest Acquisition Learn More

HR DATA PRIVACY FRAMEWORK POLICY

Effective Date: April 24, 2024

This HR Data Privacy Framework Policy (“HR DPF Policy”) supplements Revalize’s Employee Privacy Notices and Candidate Privacy Notices. This HR DPF Policy applies to the transfers of personal data from the European Economic Area (EEA), the United Kingdom (UK) and Gibraltar, and Switzerland to the United States.

Revalize, Inc. (“Revalize”) complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), (collectively the “Data Privacy Framework” or “DPF”) as set forth by the U.S. Department of Commerce.

Personal data may be processed on servers located outside of the country where you reside. Our Privacy Policy describes the way we protect your personal data. In addition to those protections, we provide the following protections in respect of data transfers from the EEA, UK and Gibraltar, and Switzerland.

Adequacy Decisions

Where the European Commission has made an “adequacy decision” in respect of a country outside the European Economic Area (EEA) (i.e. determined that the country provides adequate data protection), personal data can be transferred from the EEA to that country without further safeguards being necessary. The UK and Switzerland have adopted similar adequacy mechanisms to allow personal data to be sent to countries that they consider provide adequate data protection. Revalize, Inc. and its Affiliates (“Revalize” or “we”) rely on the European Commission’s adequacy decisions, as well as the UK adequacy regulations and Swiss adequacy decisions.

Standard Contractual Clauses

Where there is no adequacy mechanism in place, we rely on Standard Contractual Clauses (SCCs) for data transfers from the EEA, the UK and Switzerland to third countries as these provide appropriate data protection safeguards. SCCs have been approved by the European Commission and must be used in their original form without modification.

EU-US and Swiss-US Data Privacy Frameworks and UK Extension

Revalize complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Revalize has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Revalize has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov.

In compliance with EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Revalize commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO), the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

Data subjects may contact the relevant independent recourse providers listed below:

EU Data Protection Authorities (https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm)

Swiss Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home.html)

UK Information Commissioner’s Office (https://ico.org.uk/)

Revalize will cooperate with the applicable data protection authority in the investigation and resolution of complaints brought under the DPF. Revalize will comply with any advice given by the EU DPAs, the FDPIC, or the ICO with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF. The alternative dispute resolution services of the data protection authorities are provided at no cost to you.

If a dispute or complaint cannot be resolved by Revalize or by the EU DPAs, the Swiss FDPIC, or the UK ICO, you have the right to require that Revalize enter into binding arbitration pursuant to the DPF’s Recourse, Enforcement and Liability Principle and Annex I of the DPF.

We remain responsible for any of your personal information that is shared by us with third parties for external processing on our behalf.
Revalize is subject to the investigatory and enforcement powers of the US Federal Trade Commission.

We currently do not rely on the Swiss-U.S. DPF and the UK Extension to the EU-U.S. DPF to transfer personal information to the U.S.
If you have an inquiry regarding our privacy practices in relation to our DPF certification, please contact our Chief Privacy Officer at [email protected].