LAVANTE PRIVACY POLICY

LAVANTE GLOBAL PRIVACY POLICY

Updated: December 15, 2017

 

Lavante, Inc. (“Lavante,” “We,” or “Our”), a subsidiary of PRGX USA, Inc. (“PRGX”), is committed to respecting and protecting the privacy of individuals with whom we come into contact including our employees, our clients and their suppliers and vendors, our suppliers and vendors, our investors and those individuals who browse and use our websites (“Site” or “Sites”). We believe in protecting individual rights with respect to the privacy of their personal information. The Lavante Global Privacy Policy (“Policy”) governs our collection, use, disclosure and processing of personal information that we receive.

 

EU-U.S. PRIVACY SHIELD

Lavante is committed to and complies with the Principles of the EU-U.S. Privacy Shield program as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information of subjects in European Union member states. Lavante is a covered entity under the PRGX USA, Inc. Privacy Shield certification and adheres to the Privacy Shield Principles (“Principles”) of Notice, Choice, and Accountability for Onward Transfers, Security, Data Integrity and Purpose Limitation, Access, Recourse, Enforcement and Liability. If there is any conflict between this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/. Lavante is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

DEFINITIONS

Personal Information (“Personal Information”) is information that pertains to or is about any individual, and can be linked to or used to identify that individual. Personal Information does not include information that is encoded or publically available information that has not been combined with non-public Personal Information. Personal Information does not include information that pertains to or is about a specific individual, but from which that individual could not reasonably be identified.  Without prejudice to the foregoing, with respect to information received by Lavante under the EU-U.S. Privacy Shield, “Personal Information” is any information about an identified or identifiable individual, as defined under the Privacy Shield Framework.

Sensitive Personal Information (“Sensitive Personal Information”) means Personal Information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or that concerns health or specifies sex life. Lavante does not knowingly collect Sensitive Personal Information from our clients, suppliers and vendors, investors, or individuals who browse and use our Sites.

CONSENT

By using any of our Sites, you consent to the policies and practices described in this Policy as it relates to the Site(s). This Policy may change from time to time. When it changes, we will post changes on our Site. You are encouraged to check the date of our Privacy Policy whenever you visit any of our Sites to stay informed of any changes. The generality of the foregoing notwithstanding, if you are, or represent a Client accessing the Site pursuant to an executory hosted services agreement with Lavante, in the event any term or provision of such hosted services agreement directly conflicts with a term or provision set-forth in our Policy, the term or provision of the hosted services agreement shall control as between such Client and Lavante.

IP ADDRESSES

The Site captures usage information such as: date and time of visit, referring address (location from which a visitor comes to the Site), type of Internet browser, and visitor’s IP address and DNS name. This information helps us to support and improve the operation of the Site.

COOKIES

Cookies may be used on some pages of our sites. In many cases, the information we collect using cookies and other tools is only used in a non-identifiable way, without any reference to Personal Information. For example, we use information we collect about all website users to optimize our websites and to understand website traffic patterns. In some cases, we do associate the information we collect using cookies and other technology with your Personal Information. This Privacy Policy applies to the collection and use of any Personal Information that is obtained through the use of cookies and otherwise.

What is a cookie?

A cookie is a text file unique to you that is related to your computer or mobile device and it can be picked up by a server, allowing the website to pick up things such as your preferences, what is in your shopping basket or allow us to recognize you when you return. This information helps us dynamically generate web content and design web functionality specifically for users of our sites and enables us to provide you with a customized experience each time that you visit.

Types of cookies used

Most common technologies such as cookies, pixel tags, browser analysis tools, server logs and web beacons are used on most of Our Sites.

We may also use flash cookies (also known as Local Stored Objects) and similar technologies to personalize and enhance your online experience. The Adobe Flash Player is an application that allows rapid development of dynamic content, such as video clips and animation. We use Flash cookies for security purposes and to help remember settings and preferences. We do not use Flash cookies or similar technologies for behavioral or interest-based advertising purposes. To manage Flash cookies, you may visit Adobe’s website at http://kb2.adobe.com/cps/526/52697ee8.html or visit http://www.adobe.com/.

Pixel tags and web beacons are tiny graphic images placed on website pages or in emails that allow us to determine whether you have performed a specific action. When you access these pages or open or click on an email, the pixel tags and web beacons generate a notice of that action. These tools allow us to measure response to our communications and improve our web pages and promotions.

How do we collect information using cookies?

We collect many different types of information from cookies and other technologies. For example, we may collect information from the device you use to access our website, your operating system type, browser type, domain, and other system settings, as well as the language your system uses and the country and time zone where your device is located. Our server logs may also record the IP address assigned to the device you are using to connect to the Internet. An IP address is a unique number that devices use to identify and communicate with each other on the Internet. We may also collect information about the website you were visiting before you came to PRGX and the website you visit after you leave our site.

Can cookies be disabled?

In most cases, if you prefer not to allow the use of cookies, you can manage cookie preferences and opt-out of having cookies and other data collection technologies used by adjusting the settings on your browser. All browsers are different, so please visit the “help” section of your browser to learn about the privacy settings that may be available.  Please be advised that disabling cookies may result in limited functionality on our sites.

 

COLLECTION OF INFORMATION

Lavante is a business-to-business information and professional services firm that collects and processes transactional client data for improving clients’ financial performance by reducing costs, improving business processes and increasing profitability. PRGX’s core business segment is recovery audit services which is the processing of procurement-to-payment transactional data (i.e. accounts payable data, vendor file information and line item/product data) to identify client overpayments made to their third party suppliers. Other business segments include providing analytics and advisory services to senior financial executives.

We collect data from, or on behalf of, our clients in order to perform the requested services.  Personal Information may be received from clients in limited circumstances, such as when a vendor happens to be a sole proprietor.  Information on these data subjects is used as instructed by our clients for accounts payable recovery auditing or other requested services in accordance with client contractual requirements.

Personal Information, such as contact information, may also be collected from our suppliers and vendors, our investors, or from individuals who browse and use our websites.

Access to and use of our Sites as a supplier or vendor requires you to become a “Registered User” by completing the registration process. Information collected may be used by Lavante to handle your inquiries, to communicate to you regarding administrative issues about the Site, and to communicate information about you to your accepted trading partners. In addition, if you have not opted-out, we may contact you about Lavante products or partner offerings, request your participation in surveys, or communicate other special offers and promotions. As part of the registration process, you will be required to agree to the Terms of Use applicable to the Site.

The business information collected through Our Sites falls under one of the following four categories:

  1. Public Profile Information. Public Profile Information includes your basic corporate or company information: its official name, headquarters address and contact information (including phone number), standard industry codes (SIC), geographical service scope, and the like.
  2. Controlled Profile Information. Controlled Profile Information includes more sensitive information such as federal tax ID number (TIN), reseller tax ID data, insurance information and the like.
  3. Client-Specific Profile Information. Client-Specific Profile Information includes information you provide for a specific Client through the Site. This includes statements of accounts, bank account information, contract terms, Client contact information and the like.
  4. Private Profile Information. Private Profile Information is protected and visible only to you. Your password and challenge question are protected for security purposes, and your Lavante Supplier Network registration status is visible only to you.

A complete list of information collected along with the associated categories is available here: Profile information categories. You acknowledge and agree that high level statistical reports relating to the Site may utilize Your business information so long as such reports contain only anonymous, aggregated data so as not to identify Your company, and that such reports may be reported publicly.

Please note: Personal Information of our job applicants and employees is protected by the PRGX Employee Privacy Policy. The Employee Privacy Policy is available on the company intranet site or you may request a copy by emailing privacyoffice@prgx.com or by contacting your local Human Resource manager.

 

USE OF PERSONAL INFORMATION

When We collect Personal Information, Our use of your Personal Information is limited to:

  1. Purposes as described in this Policy;
  2. Purposes stated in the applicable notice or consent form, such as a client contract or terms on one of our websites;
  3. Purposes for which the individual would reasonably expect the information to be processed;
  4. Customary internal purposes, such as anonymous benchmarking, reporting
  5. or quality assurance purposes; and
  6. Contacting you about products and/or services that may be of interest to you.

DISCLOSURES AND ONWARD TRANSFERS

Your data will be stored and processed in whole or in part in the United State. If you access one of Our Sites outside of the United States, your usage of the Site constitutes consent to the transfer of your data out of your country and to the United States.

Lavante may perform services, including the processing of Personal Information, using one or more of PRGX’s worldwide affiliates (wholly-owned PRGX company group entities) based in the United Kingdom, other European Union member states, the United States, and India, unless otherwise prohibited by client contractual requirements. In such event, PRGX and its affiliate(s) shall take such measures as are necessary to ensure adequate protection for the Personal Information that it or they process in accordance with relevant data protection laws and regulations. Lavante maintains appropriate technical, administrative, and physical controls to protect the security, confidentiality, and integrity of Personal Information in accordance with this Policy.

Personal Information provided to Lavante may be shared with third party service providers, such as agents and contractors, for customary business purposes. We may also, at the request of an individual client, provide client data, including Personal Information, to a third party agent for additional services, as arranged by the client. In all circumstances, we complete a screening process in which we validate that the third party has appropriate technical, administrative, and physical controls in place to protect the security, confidentiality, and integrity of Personal Information.  In addition, we ensure that appropriate contracts are reviewed and executed to ensure adequate controls around confidentiality, limited use, proper disposal, and retention of Personal Information.  Under the EU-U.S. Privacy Shield, Lavante remains liable if its service provider or agent processes Personal Information received under the Privacy Shield in a manner inconsistent with Privacy Shield Principles, unless PRGX was not responsible for the event giving rise to the damage.

Please note that we may use or disclose any information, including Personal Information, in order to respond to requests by public authorities, including to meet national security or law enforcement requirements, when necessary for public health or safety purposes, when needed to protect our legal rights, or as otherwise required by law. For example, we may disclose information in response to a subpoena or court order. We may also disclose information in connection with the transfer or sale of all or part of our business.

We may also provide aggregate data (not including any Personal Information) to third parties for various purposes, including facilitation of the improvement of services we provide to our clients.

SHARING OF INFORMATION

Lavante will not share your information with any third party, except as specifically provided in this Privacy Policy.

With respect to information collected on Our Sites, your information may be shared as follows:

  1. Public Profile Information. Public Profile Information will be made available to (searchable by) Lavante Clients that use the Site unless you opt-out of the Lavante Supplier Network, in which case your Public Profile Information will be shared only with your accepted Client or Client(s), as applicable.
  2. Controlled Profile Information. Controlled Profile Information will be shared only with your accepted Clients.
  3. Client-Specific Profile Information. Client Specific Profile Information will be shared only with the specific, accepted and applicable Client for which you provided the Client Specific Profile Information.
  4. Private Profile Information. Private Profile Information is not shared with anyone.

Additionally, Lavante may disclose information collected through the Site in special cases if lawfully compelled to do so by a governmental entity or if we believe in good faith such action is necessary to (i) conform to legal requirements or comply with legal process; (ii) identify, contact or bring legal action against someone who may be violating Lavante’s Terms of Use or may be causing injury to or interference with (either intentionally or unintentionally) Lavante’ss rights or property, or those of other Users or of a Client; or (iii) prevent a crime.

COMMITMENT TO DATA SECURITY

Lavante is committed to protecting the privacy and security of the data that is provided to us, including Personal Information, through a combination of technical, physical and administrative controls, including internal policies, practices and procedures.

Lavante’s privacy and security framework is based on ISO 27001 standards and, as such, we have a strong focus on establishing, maintaining, and continuously improving information security management systems and identifying, analyzing, and addressing information security risks.  The ISO 27001 standards cover all aspects of security including physical protection of equipment and people, hiring practices, employee training, network security, and access controls. This framework combined with regular monitoring and testing of controls, allows us to ensure that appropriate levels of data confidentiality, integrity, and availability are maintained.

Lavante is also committed to protecting the security and integrity of information collected and maintained within Our Sites. We employ commercially reasonable security measures to prevent loss, misuse, alteration, and unauthorized access of information under our control. Some of those measures include:

  1. Multiple-level firewalls are used to secure the network;
  2. Data transmission is encrypted using industry-standard secure socket layer (SSL) technology;
  3. Digital certificates are used to verify our identity;
  4. Primary data center facility uses 24-hour video surveillance and security guards to control physical access;
  5. Comprehensive security monitoring is performed;
  6. Security scans are performed daily by a third party security specialist;
  7. A detailed backup and secure off-site storage strategy is in place; and
  8. Redundant systems, power supplies, and network connections are in use.

CHOICE, ACCESS, & CORRECTION

With  regard  to  the  Personal Information  that  we  collect,  we  are  committed  to  respecting individual  rights  of  choice,  access  and  correction.  Individuals may submit access requests, ask questions or object to our processing of their Personal Information by contacting us at privacyoffice@prgx.com. We will use reasonable efforts to respond to all such requests in a timely manner. With regard to Personal Information that PRGX collects from our suppliers and vendors, our investors, or from individuals who browse and use our websites, we will offer the persons concerned a choice to opt out of any uses or disclosures which are materially different from those described in this Policy.

In the exceptional cases where we process Sensitive Personal Information, we collect individuals’ affirmative express consent in case we intend to (i) disclose such information to a third party; or (ii) use for a purpose other than originally collected or authorized by you.

With  respect  to  Personal Information provided  to  us  by,  or  on  behalf  of,  our  clients,  we recommend that you contact the client directly to seek access to and to correct, amend, or delete inaccurate data. We assume that our clients have provided any notice required for PRGX to process Personal Information they provide to us, consistent with this Policy, and will provide further notice of any uses or disclosures that are materially different from those described in this Policy. If you need assistance, please contact us and we will request our clients to correct, amend or delete any erroneous information, subject to their own policies and instructions.

ENFORCEMENT

EU-U.S. Privacy Shield Principles

In compliance with the EU-U.S. Privacy Shield Principles, PRGX commits to resolve complaints of individuals in the European Union about our processing of their Personal Information. Individuals in the European Union with inquiries or complaints should first contact PRGX at: privacyoffice@prgx.com. We will respond to your inquiry or complaint within 45 days.

For unresolved privacy complaints of European Union individuals, PRGX has further committed to cooperate with an independent dispute mechanism established by European Union Data Protection Authorities and to provide this recourse free of charge.  If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed, please visit http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm or http://www.uscib.org/privacy-shield/ for further information.

Under certain conditions, European Union individuals may invoke binding arbitration when other dispute resolution procedures have been exhausted.  For further information, please see the Privacy Shield website at:   https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

INFORMATION ABOUT CHILDREN

We do not knowingly provide products or services to or solicit information from children under the age of 18.

SOCIAL SECURITY NUMBERS

In some cases, PRGX collects Social Security Numbers, mainly in the United States, in the ordinary course of its business, such as from our employees, as well as in certain records we process for our clients. We have implemented reasonable technical, physical and administrative safeguards to protect the Social Security Numbers. All of our employees are required to follow these established procedures. In particular, access to Social Security Numbers is limited to those employees and service providers with an approved business need to access the information to perform tasks for us and our clients.

Social Security Numbers are only disclosed to third parties in accordance with our established policies. We only disclose Social Security Numbers to (i) those service providers, auditors, advisors, and/or successors in interest who are legally or contractually obligated to protect them or (ii) as required or permitted by law.

For Personal Information that Lavante receives from European Union member states and Switzerland, PRGX USA, Inc. has committed to handling such Personal Information in accordance with the EU-U.S. Privacy Shield Principles.

 

UPDATING YOUR INFORMATION

As a vender or supplier you may edit your profile at any time by logging into the Site using your user ID and password. After successful login, you are able to update, correct, or delete your business information with exception of email address, legal company name and federal tax identification number, which we use to uniquely identify you and your company.

OPTING OUT OF OPTIONAL COMMUNICATIONS

You may also opt out of receiving information about Lavante products, partner offerings, and other special offers and promotions by sending an email to optout@Lavante.com. In addition, all optional communications will include instructions on how to opt-out.

Opting-out of the Lavante Supplier Network

Any vendor or supplier may opt-out of participating in the Lavante Supplier Network by updating your profile information on the Site. When you opt-out of the Lavante Supplier Network, your company will not be discoverable by other Lavante Clients.

CHANGES TO THIS POLICY

From time to time, we may decide to make changes to this Policy. If we make a material change, we will port the revised Policy and highlight the changes in this section of the Policy.

January 30, 2017: Updated Policy to reflect adherence to the EU-U.S. Privacy Shield Framework and pending addition under the PRGX USA, Inc. Privacy Shield Certification.

QUESTIONS

Questions about our Policy may be sent by email to: privacyoffice@prgx.com or by contacting:

Alicia Jackson

Vice President, Global Privacy and Security

770-779-3042

alicia.jackson@prgx.com

 

© 2017 PRGX Global, Inc. All rights reserved. Many of the trademarks and service marks appearing on this Web site are registered trademarks. Use of this site is subject to certain Terms of Use which constitute a legal agreement between you and the Company. By using this site, you acknowledge that you have read, understood, and agree to be bound by the Terms of Use. Please review the Terms of Use; and if you do not agree to the terms, please do not use this site.