We may collect Personal Information from you in the following ways:
Your submissions. We collect Personal Information when you voluntarily submit information directly to us. This can include information you provide to us when you complete a web-based form; correspond with us; subscribe to our mailing lists, newsletters, or other forms of marketing communications; use some feature of our Website; request to be added to a professional or social media network (such as LinkedIn, Facebook, or Twitter) or accept an invitation from one of our media platforms; join one of our educational seminars, apply for a job with us; or when you interact with us by telephone or in person. If you are an employee, agent, contractor or vendor of Achieved (“Achieved Personnel”) then we collect Personal Information consistent with, and as is usual in, a business or employment relationship.
Your visit to our Website. We collect some information when you access the Website, including information about the browser and device you have used to access the website, your IP address, location (country and city), and what pages you have looked at on our Website (“Browsing Behavior”).
From a customer. We may collect Personal Information when, in the course of a business relationship with a customer, we gather material that contains Personal Information.
From a service provider. We have contact details for individuals at each of our service providers and sub-processors.
From a third party. We may collect Personal Information from other third-party providers or individuals in our network, such as through credit reporting services, referrals, mailing lists, databases, information gathered from Internet communication or media providers, such as My Emma, Slack, Vimeo, or Skype, Google Analytics and plug-ins like Fastbase, or gathered from parties to a transaction or adversarial proceeding.
When we act on behalf of a third-party. Achieved acts as a virtual data protection officer (vDPO) for many organizations. On their behalf we respond to inquiries from individuals about the use of their personal data. We are a sub-processor of any personal data you may submit to our client companies. Our sister company, Achieved Compliance Advocacy Ltd. (Advocacy) acts as a representative in the EU for organizations that do not have operations in the EU. Advocacy collects certain personal data on our clients’ behalf when you send a subject access request to one of our clients. Once again, we obtain that information as a sub-processor to our clients.
The list below sets out the categories of Personal Information we may collect:
Contact details. We may collect contact information such as your name, your email address, your organization, your role, your telephone number, and your addresses.
Payment, transaction, and financial information. We keep records of the services we have provided to you, including your billing information and payment history. If you are Achieved Personnel, we collect and store financial information as well as Personal Information for HR, insurance, and other administrative purposes.
Browsing behavior. We collect information about how visitors use our Website. In some cases, this information may be linked to other personal information. We collect information about the information you download from our website.
Job application information. If you apply for a job with us, we may collect information from you that will be used to evaluate your candidacy, including your resume, education, and employment history.
We use your Personal Information in the following ways:
To provide you (or someone else) with professional services. We may use your Personal Information while providing professional services to you or to another one of our customers. You may voluntarily provide Personal Information in response to a request for Personal Information on our Website, such as a web-based form. We will use this Personal Information for the purposes provided in the request.
For decision-making and recordkeeping. We use your Personal Information when determining whether to enter into a business relationship with you. If we have a relationship with you, we will use your Personal Information to identify you internally in connection with any matters relating to you.
To comply with our legal obligations. We will keep Personal Information as may be required by applicable laws or regulations.
To provide you with information about our services. We may use your Personal Information to communicate with you about products or services we are offering and to provide you with our newsletter.
To provide you with the materials or educational access to seminars that you requested.
To provide you with information about other’s services and to act on your behalf. We may use your Personal Information to engage with other businesses who may be able to help you, such as, but not limited to, when we engage an attorney, advisor, consultant, information technology provider or other service provider that may act on our behalf or yours, or when purchasing or subscribing to products or services that are necessary to support your interests, such as document management, hosted IT environments, or data compliance tools.
For Achieved administration. If you are Achieved Personnel, we use your Personal Information to identify you internally for HR purposes and to administer your payment and benefits, as well as for insurance, safety, and other administrative purposes consistent with Achieved’s legitimate business interests and our personnel policies.
To improve our Website. We may use Personal Information you indirectly submit to us by visiting our Website to make changes that improve the functionality of our Website on your browser or device.
For storage and backup. We store all Personal Information we collect as detailed in the Where and How Your Personal Information Is Stored section below.
For marketing and lead generation purposes. When you visit our website, we use personal information obtained from you to provide you with information about our products and services. You may unsubscribe from these communications at any time.
To screen and evaluate job applicants. If you apply for a job with Achieved, we may use the personal information you provide to evaluate your application and to contact you regarding the status of your application.
Your Personal Information may be accessed by the following people or entities:
Our service providers. Your Personal Information may be accessed by third parties who provide a service to us, including server providers, hosting companies, document management contractors, e-discovery contractors, and any of the providers listed above in Section C, and/or affiliated companies. These third parties will only be allowed to use your Personal Information on our behalf and in accordance with our instructions. They are required to keep your information secure pursuant to an agreement that we reasonably determine is appropriate to the circumstances.
Investors in or purchasers of our business. Personal Information may be disclosed or transferred to investors, buyers or prospective buyers of our business or any part of our assets as part of any such proposed investment or sale, including to their professional advisors, lawyers, or accountants.
Law enforcement, regulators, and other parties for legal reasons. We may disclose your Personal Information to a court, regulatory authority, law enforcement agency, or other third party when we are legally required to do so by law or when we must disclose your Personal Information to protect our rights, property, or safety or to protect the rights, property, or safety of others. We may also disclose Personal Information to third parties to help detect or investigate illegal activities and breaches of any agreement we have with you.
From time to time we may contact you with information about our products and services or those offered by an affiliate. If you do not want to receive marketing messages from us, you are always able to opt out by directly contacting us or by using the unsubscribe function.
You can also change your marketing preference at a later date by following the instructions on the communication.
We store your Personal Information in the following ways:
Physically. We may keep physical copies of your Personal Information at our offices or otherwise in our possession.
On a secured server. All Personal Information is stored on a secured server. We outsource all our systems to a professional IT solutions provider to host, manage, maintain and support our remote network and remotely accessed desktops (“Managed Systems”).
On Achieved Personnel’s devices. Achieved Personnel may access your Personal Information via their own computers, tablets, or mobile devices. However, it is our policy that all Personal Information or confidential information must only be stored on the Managed Systems or on a password-protected device.
Personal Information may be stored in, or transferred to, countries outside of the jurisdiction in which you reside – specifically in the US. We are a US-based company. The laws of the US may offer less protection to your Personal Information than the jurisdiction in which you may reside. If you are submitting personal information to us, then you are granting us permission to process and store your information in the US. For more information, see Section I. below regarding Data Rights For Those in the EEA, UK, and Switzerland.
We take the following steps to secure your Personal Information:
Technical Safeguards. We keep your electronically stored Personal Information in secure online and offline facilities and implement appropriate measures to protect your Personal Information against accidental or unlawful destruction, loss, change, damage, or unauthorized access. See Sections F.
Organizational Safeguards. We maintain security policies that govern all Personal Information. All Achieved Personnel are made aware of these policies, and we have procedures in place to train Achieved Personnel on implementing these policies. Failure to properly secure confidential and/or Personal Information results in discipline. Achieved periodically assesses compliance with these policies.
If the United States, you may opt-out of our communications by using the “opt-out” function at the bottom of emails, or opt-out or make other inquiries by contacting us at email@example.com. While we would be very happy to have more inquiries or visitors to the website from the State of California, we currently do not process enough information from California residents to require a toll-free number. Please use the email address provided.
Our office manager may be contacted to exercise any of the above rights, or if you have any questions relating to your rights.
Achieved has clients and personnel in various parts of the world, including the United States, the United Kingdom, and the European Union. It may be necessary at times to transfer your Personal Information between the United States and the European Union.
If you reside in the EEA, the United Kingdom, or Switzerland, our use of your personal information is governed by the European Union’s General Data Protection Regulation, or “GDPR” or applicable EEA, UK or Swiss national laws. These grant you particular rights in your personal information, including the right to alter, correct, receive, or delete personal information stored by Achieved at any time, subject to our business interests and any legal requirements we may face. If you are a resident in the EU, and we can verify your identity, we will provide you with access to the information we process about you. Individuals outside the EU may also inquire, and, depending on applicable law you may also have certain rights in your data. Please use the contact information below for any inquiries. Europeans have the right to:
Those in the EEA, UK, or Switzerland have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA are available here.
We respond to all requests we receive from individuals wishing to exercise their data protection rights under applicable data protection laws. To protect your privacy and security, we may need to take reasonable steps to verify your identity before responding to your request.
To exercise any of these rights, you may contact us at firstname.lastname@example.org. If we are unable to resolve your complaint, you may contact your country’s data protection authority.
Those in the EAA, UK, or Switzerland wishing to contact our GDPR Article 27 representative in the European Union or the United Kingdom may contact us at email@example.com.
When you chose to do business with Achieved, your personal data is transferred to the United States for processing. The laws of the United States do not protect your personal data to the same extent or in the same way as in your own country.
To the fullest extent allowed by applicable law, you voluntarily request and consent to the trans-border transfer and hosting of such information to fulfill a transaction request or perform as part of a contract.
To the extent that Achieved transfers your Personal Information to a third party outside of the EAA, UK or Switzerland we will ensure that at least one of the following safeguards is in place:
If you have any questions regarding this policy, or need to contact us for any other reason, you may contact our office manager, Deanna McVeigh. She may be contacted by using the “Contact” submission page or at firstname.lastname@example.org. If you are located in the European Union, you may contact Achieved Compliance Advocacy, our Article 27 representative in the European Union, by email at email@example.com.
If you have a privacy-related concern or complaint, please contact us using the information above and we will attempt to address your concerns.
If you are a resident of the European Union, in the event that we are unable to resolve your complaint, we commit to refer unresolved complaints under the Privacy Shield Principles to an independent dispute resolution panel established by European Union Data Protection Authorities. Please contact the Data Protection Authority in your country if we do not resolve your complaint. In some instances, citizens of the European Union may invoke binding arbitration.
This policy was last modified in July 2020.