Updated: December 15, 2017
EU-U.S. PRIVACY SHIELD
Lavante is committed to and complies with the Principles of the EU-U.S. Privacy Shield program as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information of subjects in European Union member states. Lavante is a covered entity under the PRGX USA, Inc. Privacy Shield certification and adheres to the Privacy Shield Principles (“Principles”) of Notice, Choice, and Accountability for Onward Transfers, Security, Data Integrity and Purpose Limitation, Access, Recourse, Enforcement and Liability. If there is any conflict between this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/. Lavante is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
Personal Information (“Personal Information”) is information that pertains to or is about any individual, and can be linked to or used to identify that individual. Personal Information does not include information that is encoded or publically available information that has not been combined with non-public Personal Information. Personal Information does not include information that pertains to or is about a specific individual, but from which that individual could not reasonably be identified. Without prejudice to the foregoing, with respect to information received by Lavante under the EU-U.S. Privacy Shield, “Personal Information” is any information about an identified or identifiable individual, as defined under the Privacy Shield Framework.
Sensitive Personal Information (“Sensitive Personal Information”) means Personal Information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or that concerns health or specifies sex life. Lavante does not knowingly collect Sensitive Personal Information from our clients, suppliers and vendors, investors, or individuals who browse and use our Sites.
The Site captures usage information such as: date and time of visit, referring address (location from which a visitor comes to the Site), type of Internet browser, and visitor’s IP address and DNS name. This information helps us to support and improve the operation of the Site.
What is a cookie?
A cookie is a text file unique to you that is related to your computer or mobile device and it can be picked up by a server, allowing the website to pick up things such as your preferences, what is in your shopping basket or allow us to recognize you when you return. This information helps us dynamically generate web content and design web functionality specifically for users of our sites and enables us to provide you with a customized experience each time that you visit.
Types of cookies used
Most common technologies such as cookies, pixel tags, browser analysis tools, server logs and web beacons are used on most of Our Sites.
We may also use flash cookies (also known as Local Stored Objects) and similar technologies to personalize and enhance your online experience. The Adobe Flash Player is an application that allows rapid development of dynamic content, such as video clips and animation. We use Flash cookies for security purposes and to help remember settings and preferences. We do not use Flash cookies or similar technologies for behavioral or interest-based advertising purposes. To manage Flash cookies, you may visit Adobe’s website at http://kb2.adobe.com/cps/526/52697ee8.html or visit http://www.adobe.com/.
Pixel tags and web beacons are tiny graphic images placed on website pages or in emails that allow us to determine whether you have performed a specific action. When you access these pages or open or click on an email, the pixel tags and web beacons generate a notice of that action. These tools allow us to measure response to our communications and improve our web pages and promotions.
How do we collect information using cookies?
We collect many different types of information from cookies and other technologies. For example, we may collect information from the device you use to access our website, your operating system type, browser type, domain, and other system settings, as well as the language your system uses and the country and time zone where your device is located. Our server logs may also record the IP address assigned to the device you are using to connect to the Internet. An IP address is a unique number that devices use to identify and communicate with each other on the Internet. We may also collect information about the website you were visiting before you came to PRGX and the website you visit after you leave our site.
Can cookies be disabled?
COLLECTION OF INFORMATION
Lavante is a business-to-business information and professional services firm that collects and processes transactional client data for improving clients’ financial performance by reducing costs, improving business processes and increasing profitability. PRGX’s core business segment is recovery audit services which is the processing of procurement-to-payment transactional data (i.e. accounts payable data, vendor file information and line item/product data) to identify client overpayments made to their third party suppliers. Other business segments include providing analytics and advisory services to senior financial executives.
We collect data from, or on behalf of, our clients in order to perform the requested services. Personal Information may be received from clients in limited circumstances, such as when a vendor happens to be a sole proprietor. Information on these data subjects is used as instructed by our clients for accounts payable recovery auditing or other requested services in accordance with client contractual requirements.
Personal Information, such as contact information, may also be collected from our suppliers and vendors, our investors, or from individuals who browse and use our websites.
The business information collected through Our Sites falls under one of the following four categories:
- Public Profile Information. Public Profile Information includes your basic corporate or company information: its official name, headquarters address and contact information (including phone number), standard industry codes (SIC), geographical service scope, and the like.
- Controlled Profile Information. Controlled Profile Information includes more sensitive information such as federal tax ID number (TIN), reseller tax ID data, insurance information and the like.
- Client-Specific Profile Information. Client-Specific Profile Information includes information you provide for a specific Client through the Site. This includes statements of accounts, bank account information, contract terms, Client contact information and the like.
- Private Profile Information. Private Profile Information is protected and visible only to you. Your password and challenge question are protected for security purposes, and your Lavante Supplier Network registration status is visible only to you.
A complete list of information collected along with the associated categories is available here: Profile information categories. You acknowledge and agree that high level statistical reports relating to the Site may utilize Your business information so long as such reports contain only anonymous, aggregated data so as not to identify Your company, and that such reports may be reported publicly.
USE OF PERSONAL INFORMATION
When We collect Personal Information, Our use of your Personal Information is limited to:
- Purposes as described in this Policy;
- Purposes stated in the applicable notice or consent form, such as a client contract or terms on one of our websites;
- Purposes for which the individual would reasonably expect the information to be processed;
- Customary internal purposes, such as anonymous benchmarking, reporting
- or quality assurance purposes; and
- Contacting you about products and/or services that may be of interest to you.
DISCLOSURES AND ONWARD TRANSFERS
Your data will be stored and processed in whole or in part in the United State. If you access one of Our Sites outside of the United States, your usage of the Site constitutes consent to the transfer of your data out of your country and to the United States.
Lavante may perform services, including the processing of Personal Information, using one or more of PRGX’s worldwide affiliates (wholly-owned PRGX company group entities) based in the United Kingdom, other European Union member states, the United States, and India, unless otherwise prohibited by client contractual requirements. In such event, PRGX and its affiliate(s) shall take such measures as are necessary to ensure adequate protection for the Personal Information that it or they process in accordance with relevant data protection laws and regulations. Lavante maintains appropriate technical, administrative, and physical controls to protect the security, confidentiality, and integrity of Personal Information in accordance with this Policy.
Personal Information provided to Lavante may be shared with third party service providers, such as agents and contractors, for customary business purposes. We may also, at the request of an individual client, provide client data, including Personal Information, to a third party agent for additional services, as arranged by the client. In all circumstances, we complete a screening process in which we validate that the third party has appropriate technical, administrative, and physical controls in place to protect the security, confidentiality, and integrity of Personal Information. In addition, we ensure that appropriate contracts are reviewed and executed to ensure adequate controls around confidentiality, limited use, proper disposal, and retention of Personal Information. Under the EU-U.S. Privacy Shield, Lavante remains liable if its service provider or agent processes Personal Information received under the Privacy Shield in a manner inconsistent with Privacy Shield Principles, unless PRGX was not responsible for the event giving rise to the damage.
Please note that we may use or disclose any information, including Personal Information, in order to respond to requests by public authorities, including to meet national security or law enforcement requirements, when necessary for public health or safety purposes, when needed to protect our legal rights, or as otherwise required by law. For example, we may disclose information in response to a subpoena or court order. We may also disclose information in connection with the transfer or sale of all or part of our business.
We may also provide aggregate data (not including any Personal Information) to third parties for various purposes, including facilitation of the improvement of services we provide to our clients.
SHARING OF INFORMATION
With respect to information collected on Our Sites, your information may be shared as follows:
- Public Profile Information. Public Profile Information will be made available to (searchable by) Lavante Clients that use the Site unless you opt-out of the Lavante Supplier Network, in which case your Public Profile Information will be shared only with your accepted Client or Client(s), as applicable.
- Controlled Profile Information. Controlled Profile Information will be shared only with your accepted Clients.
- Client-Specific Profile Information. Client Specific Profile Information will be shared only with the specific, accepted and applicable Client for which you provided the Client Specific Profile Information.
- Private Profile Information. Private Profile Information is not shared with anyone.
COMMITMENT TO DATA SECURITY
Lavante is committed to protecting the privacy and security of the data that is provided to us, including Personal Information, through a combination of technical, physical and administrative controls, including internal policies, practices and procedures.
Lavante’s privacy and security framework is based on ISO 27001 standards and, as such, we have a strong focus on establishing, maintaining, and continuously improving information security management systems and identifying, analyzing, and addressing information security risks. The ISO 27001 standards cover all aspects of security including physical protection of equipment and people, hiring practices, employee training, network security, and access controls. This framework combined with regular monitoring and testing of controls, allows us to ensure that appropriate levels of data confidentiality, integrity, and availability are maintained.
Lavante is also committed to protecting the security and integrity of information collected and maintained within Our Sites. We employ commercially reasonable security measures to prevent loss, misuse, alteration, and unauthorized access of information under our control. Some of those measures include:
- Multiple-level firewalls are used to secure the network;
- Data transmission is encrypted using industry-standard secure socket layer (SSL) technology;
- Digital certificates are used to verify our identity;
- Primary data center facility uses 24-hour video surveillance and security guards to control physical access;
- Comprehensive security monitoring is performed;
- Security scans are performed daily by a third party security specialist;
- A detailed backup and secure off-site storage strategy is in place; and
- Redundant systems, power supplies, and network connections are in use.
CHOICE, ACCESS, & CORRECTION
With regard to the Personal Information that we collect, we are committed to respecting individual rights of choice, access and correction. Individuals may submit access requests, ask questions or object to our processing of their Personal Information by contacting us at firstname.lastname@example.org. We will use reasonable efforts to respond to all such requests in a timely manner. With regard to Personal Information that PRGX collects from our suppliers and vendors, our investors, or from individuals who browse and use our websites, we will offer the persons concerned a choice to opt out of any uses or disclosures which are materially different from those described in this Policy.
In the exceptional cases where we process Sensitive Personal Information, we collect individuals’ affirmative express consent in case we intend to (i) disclose such information to a third party; or (ii) use for a purpose other than originally collected or authorized by you.
With respect to Personal Information provided to us by, or on behalf of, our clients, we recommend that you contact the client directly to seek access to and to correct, amend, or delete inaccurate data. We assume that our clients have provided any notice required for PRGX to process Personal Information they provide to us, consistent with this Policy, and will provide further notice of any uses or disclosures that are materially different from those described in this Policy. If you need assistance, please contact us and we will request our clients to correct, amend or delete any erroneous information, subject to their own policies and instructions.
EU-U.S. Privacy Shield Principles
In compliance with the EU-U.S. Privacy Shield Principles, PRGX commits to resolve complaints of individuals in the European Union about our processing of their Personal Information. Individuals in the European Union with inquiries or complaints should first contact PRGX at: email@example.com. We will respond to your inquiry or complaint within 45 days.
For unresolved privacy complaints of European Union individuals, PRGX has further committed to cooperate with an independent dispute mechanism established by European Union Data Protection Authorities and to provide this recourse free of charge. If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed, please visit http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm or http://www.uscib.org/privacy-shield/ for further information.
Under certain conditions, European Union individuals may invoke binding arbitration when other dispute resolution procedures have been exhausted. For further information, please see the Privacy Shield website at: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
INFORMATION ABOUT CHILDREN
We do not knowingly provide products or services to or solicit information from children under the age of 18.
SOCIAL SECURITY NUMBERS
In some cases, PRGX collects Social Security Numbers, mainly in the United States, in the ordinary course of its business, such as from our employees, as well as in certain records we process for our clients. We have implemented reasonable technical, physical and administrative safeguards to protect the Social Security Numbers. All of our employees are required to follow these established procedures. In particular, access to Social Security Numbers is limited to those employees and service providers with an approved business need to access the information to perform tasks for us and our clients.
Social Security Numbers are only disclosed to third parties in accordance with our established policies. We only disclose Social Security Numbers to (i) those service providers, auditors, advisors, and/or successors in interest who are legally or contractually obligated to protect them or (ii) as required or permitted by law.
For Personal Information that Lavante receives from European Union member states and Switzerland, PRGX USA, Inc. has committed to handling such Personal Information in accordance with the EU-U.S. Privacy Shield Principles.
UPDATING YOUR INFORMATION
As a vender or supplier you may edit your profile at any time by logging into the Site using your user ID and password. After successful login, you are able to update, correct, or delete your business information with exception of email address, legal company name and federal tax identification number, which we use to uniquely identify you and your company.
OPTING OUT OF OPTIONAL COMMUNICATIONS
You may also opt out of receiving information about Lavante products, partner offerings, and other special offers and promotions by sending an email to optout@Lavante.com. In addition, all optional communications will include instructions on how to opt-out.
Opting-out of the Lavante Supplier Network
Any vendor or supplier may opt-out of participating in the Lavante Supplier Network by updating your profile information on the Site. When you opt-out of the Lavante Supplier Network, your company will not be discoverable by other Lavante Clients.
CHANGES TO THIS POLICY
From time to time, we may decide to make changes to this Policy. If we make a material change, we will port the revised Policy and highlight the changes in this section of the Policy.
January 30, 2017: Updated Policy to reflect adherence to the EU-U.S. Privacy Shield Framework and pending addition under the PRGX USA, Inc. Privacy Shield Certification.
Questions about our Policy may be sent by email to: firstname.lastname@example.org or by contacting:
Vice President, Global Privacy and Security