PRGX Global, Inc. and its affiliates and subsidiaries (collectively referred to in this Statement as “PRGX,” “we”,“our”, or “us”) is committed to respecting and protecting the privacy of individuals with whom we come into contact, including our employees,our clients and their suppliers and vendors, our suppliers and vendors,our investors and those individuals who browse and use our websites.We believe in protecting individual rights with respect to the privacy of their Personal Information.
This Privacy Statement(“Statement”)governs our collection,use, disclosure and processing of Personal Information that we collect and process about our clients,our suppliers and vendors,our investors and individuals who browse and use our websites (collectively referred to in this Statement as “you” or “your”). In addition, we may also receive Personal Information from our clients to perform services on their behalf, and from other third parties as described in this Statement.
This Statement may be updated from time to time to reflect changes in our Personal Information practices, and we will post a prominent statement on our website to notify you of any significant changes and highlight the changes in the Statement. This Statement may also be supplemented by differing terms that apply to you, such as specific client contracts.
Lavante Inc., a wholly owned subsidiary of PRGX USA, Inc., is a covered entity under this Statement. Please visit www.lavante.com/company/privacy-policy to view Lavante’s Privacy Statement.
Personal Information(“Personal Information”) is information that pertains to or is about any individual, and can be linked to or used to identify that individual. Personal Information does not include information that is encoded or publicly available information that has not been combined with non-public Personal Information. Personal Information does not include information that pertains to or is about a specific individual, but from which that individual could not reasonably be identified. Without prejudice to the foregoing, with respect to information originating from the EEA, “Personal Information” is any information relating to an identified or identifiable natural person.
Sensitive Personal Information("Sensitive Personal Information") means Personal Information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or that concerns health or specifies sex life.
Without prejudice to the foregoing, with respect to Personal Information originating from the EEA, “Sensitive Personal Information” is any information as described in the definition above, but also includes data concerning sexual orientation, genetic data and biometric data for the purpose of uniquely identifying a natural person.
2. INFORMATION WE COLLECT
We collect Personal Information in a variety of ways through our normal business activities, in both online and offline contexts. This includes, for example, when you communicate and interact with us, including when you participate in events, register for webinars, submit website contact forms, opt-in via PRGX’s preference center, register as a user on our website, or visit and use our websites. We may also receive Personal Information from third parties, including public databases, social media platforms, trade-show lists, sponsorships, or third-party partners such as analytics or marketing providers. In the normal course of activities, we may collect the following types of Personal Information:
- Contact information that allows us to communicate with you, such as your name, job title, age and prefix, username, mailing address, tax identification number, telephone numbers, email address or other addresses that allow us to send you messages, company information and registration information you provide on our website.
- Relationship Information that helps us do business with you, such as the types of products and services that may interest you, contact and product preferences, languages, creditworthiness, marketing preferences and demographic data.
- Transaction Information about how you interact with us, including purchases, inquiries, customer account information, order and contract information, delivery details, billing and financial data, details for taxes, transaction and correspondence history, and information about how you use and interact with our websites.
- Security and Compliance Information that helps us to secure our interests, including information for conflict checks, fraud prevention and internal verification, as well as information necessary for the security of our premises, such as visual or audio recordings.
We do not knowingly collect Sensitive Personal Information about you, except when this is provided by you on a voluntary basis
We may also receive and process third party Personal Information from and on behalf of our clients to perform our services (please refer to Section 4 of this Statement if you would like to find out how we protect this Personal Information).
Please note: Personal Information of our job applicants and employees is protected by the PRGX Employee Privacy Statement that is readily available on career sites that collect applicant Personal Information.
3.HOW WE USE YOUR PERSONAL INFORMATION
We take reasonable steps to ensure that the Personal
Information we process is reliable for its intended use, is accurate,
up-to-date and complete, and is limited to the Personal Information required to
carry out the purposes of the processing, as described in this Statement. Where
appropriate, we may ask you to ensure that your Personal Information that we
hold is accurate and up-to-date.
When we collect Personal Information, our use and processing of your
Personal Information is limited to the following legal bases and purposes:
- To Provide Our
Services and Perform the Contract We Have with You: managing our contractual obligations, including interacting
with you, fulfilling your orders for products or services and related
activities, such as product and service delivery, customer service, account and
billing management, support and training and to provide other services related
to the contract you have with us.
- To Comply with
Our Legal Obligations: corporate governance, audit, reporting
and legal compliance and the establishment, exercise or defense a legal claim.
- For Other
Legitimate Business Purposes: managing our
everyday business needs, such as payment processing and financial account
management, product development, contract management, website administration,
fulfillment, consumer research, trend analysis, financial analysis and other
customary internal purposes, such as anonymous benchmarking, reporting or
quality assurance purposes and marketing and to ensure the security of our
websites, networks and systems, and premises, as well as protecting us against
- Based on Your
your ongoing relationship with us, including interacting with you, informing
you about our products or services that may be of interest to you, as well as
special offers and promotions.
When you visit our websites, otherwise request us to provide a service or decide to enter into
agreement with us, we will notify you when information is required to provide
our services, enter into agreement or as required by law, upon which you may
decide to provide us with Personal Information or not. Where Personal Information is required, we may be unable to provide you with our services or
enter into agreement with you unless you provide us with the relevant
4. HOW WE PROTECT PERSONAL INFORMATION WE PROCESS ON BEHALF OF OUR CLIENTS
PRGX is a business-to-business information and professional services firm that collects and processes transactional client data for improving clients’ financial performance by reducing costs, improving business
processes and increasing profitability. PRGX’s core business segment is recovery audit services which is the processing of procurement-to-payment
transactional information (i.e. accounts payable data, vendor file information
and line item/product data) to identify client overpayments made to their third-party
suppliers or vendors. Other business segments include providing analytics and
advisory services to senior financial executives.
We process this transactional information
on behalf of our clients to perform the requested services. This transactional
information may contain Personal Information in limited circumstances, such as
when a client’s third-party supplier or vendor happens to be a sole proprietor.
Information on these individuals is used and processed as instructed by our
clients for accounts payable recovery auditing or other requested services in
accordance with client contractual requirements. In any event, regarding
transactional information that constitutes Personal Information, we act in a
data processor capacity, meaning we collect and process this Personal
Information only as instructed by our client and will not use or disclose it
for our own purposes.
We do, however maintain information
security controls to protect this Personal Information and will only disclose
or transfer this information as instructed by or agreed upon with our client to
provide the requested service. Unless otherwise instructed by our clients, we
treat the Personal Information we process on behalf of our clients in line with
our commitments on disclosure and transfer as set forth in this Statement.
5. DISCLOSURES OF PERSONAL INFORMATION
We may disclose Personal Information collected by or provided to us to the following recipients:
our affiliated companies (including
our subsidiaries and branches) for purposes stated in this Statement;
- to third
party service providers, such as agents and contractors, for customary business purposes or for
facilitation or improvement of the services we provide to our clients;
- to third party vendors, whom we contract with for specific purposes;
- to public authorities in response to
lawful requests to meet national security or law enforcement requirements;
- where needed to protect our legal
- to a newly formed or acquiring organization if Lavante is involved in a merger, sale or transfer of some or all of its business;
- where otherwise required by law;
- where permitted by law, such as with
your consent or in the event of an emergency;
- at the request of an individual client, to a third-party agent for additional services,
as arranged by the client.
In all circumstances, we complete a screening process in which we validate that the third party has appropriate technical, administrative, and physical controls in place to protect the security, confidentiality, and integrity of Personal Information. In addition, we ensure that appropriate contracts are reviewed and executed to ensure adequate controls around confidentiality, limited use, proper disposal, and retention of Personal Information. Under the EU-U.S. Privacy Shield, PRGX remains liable if its service provider or agent processes Personal Information received under the Privacy Shield in a manner inconsistent with Privacy Shield Principles, unless PRGX was not responsible for the event giving rise to the damage.
6. INTERNATIONAL DATA TRANSFERS
PRGX may perform services, including the processing of
Personal Information, using one or more of its worldwide affiliates
(wholly-owned PRGX company group entities) based in the United Kingdom, other
European Union member states, the United States, and India, unless otherwise
prohibited by client contractual requirements.
As such, in case your Personal Information originates from
the European Union, this may include transferring Personal Information outside
the European Union to locations in the U.S. and other countries that have
different data protection laws than those in the country of origin and that may
not have been granted an adequacy decision by the European Commission.
In this regard, PRGX complies with the Principles of the
EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of
Commerce regarding the collection, use, and retention of Personal Information originating
from the European Union. PRGX USA, Inc. has certified that it adheres to the
Privacy Shield Principles of Statement, Choice, and Accountability for Onward
Transfers, Security, Data Integrity and Purpose Limitation, Access, Recourse,
Enforcement and Liability. If there is any conflict between this Statement and
the Privacy Shield Principles, the Privacy Shield Principles shall govern. PRGX USA, Inc. is subject to the investigatory
and enforcement powers of the Federal Trade Commission or other U.S. authorized
statutory body. To
learn more about the Privacy Shield program, and to view our certification
page, please visit PRGX USA, Inc. Privacy Shield Certification .
For further information, please contact us through the “How
to Contact Us” section below.
7. SECURITY AND DATA INTEGRITY
PRGX is committed to protecting the privacy,
confidentiality, and security of the data that is provided to us, including Personal
Information, through a combination of technical, physical and administrative measures,
controls, including internal policies, practices and procedures.
We apply appropriate technical,
physical and organizational measures that are reasonably designed to protect Personal
Information against accidental or unlawful destruction, loss, alteration,
unauthorized disclosure or access where Personal Information is transferred
over a network, and against all other unlawful forms of processing. Access to
Personal Information is restricted to authorized recipients on a need-to-know
basis. We maintain a comprehensive information security program that is
proportionate to the risks associated with the processing. The program is
continuously adapted to mitigate operational risks and to ensure the protection
of personal information taking into account industry-accepted practices. We will also use enhanced security measures
in case we process any Sensitive Personal Information.
privacy and security framework is based on ISO 27001 standards and, as such, we
have a strong focus on establishing, maintaining, and continuously improving
information security management systems and identifying, analyzing, and
addressing information security risks.
The ISO 27001 standards cover all aspects of security including physical
protection of equipment and people, hiring practices, employee training,
network security, and access controls. This framework combined with regular
monitoring and testing of controls, allows us to ensure that appropriate levels
of data confidentiality, integrity, and availability are maintained.
8. DATA RETENTION
We will retain your Personal Information only for as
long as necessary to achieve the purposes outlined in this Statement, usually
for the duration of any contractual relationship, if necessary to provide our
services and for any period thereafter as legally required or permitted by
applicable law. This means that, in some cases, we may be required to retain
your Personal Information for a period following termination of your
relationship with us. Our retention policies reflect applicable statute of
limitation periods and legal requirements, such as the EU-U.S. Privacy Shield
Cookies may be used on some pages of our sites.In many cases, the information we collect using cookies and other tools is only used in a non-identifiable way, without any reference to Personal Information. For example, we use information we collect about all website users to optimize our websites and to understand website traffic patterns. In some cases, we do associate the information we collect using cookies and other technology with your Personal Information. This Privacy Statement applies to the collection and use of any Personal Information that is obtained using cookies and otherwise.
What is a cookie?
cookie is a text file unique to you that is related to your computer or mobile
device and that can be picked up by a server, allowing a website to pick up
things such as your preferences, what is in your shopping basket or that allows
the website to recognize you when you return. This information helps a website to dynamically generate web content and design web functionality specifically for its users and enables it to
provide you with a customized experience each time that you visit.
What types of cookies do PRGX use?
Most common technologies such as cookies, pixel tags, browser analysis tools, server
logs and web beacons are used on most PRGX websites. Pixel tags and web beacons
are tiny graphic images placed on website pages or in emails that allow us to
determine whether you have performed a specific action. When you access these pages,
or open or click on an email, the pixel tags and web beacons generate a statement
of that action. These tools allow us to measure response to our communications
and improve our web pages and promotions.
PRGX may use flash cookies (also known as Local Stored Objects) and similar
technologies to personalize and enhance your online experience. The Adobe Flash
Player is an application that allows rapid development of dynamic content, such
as video clips and animation. We use Flash cookies for security purposes and to
help remember settings and preferences. We do not use Flash cookies or similar
technologies for behavioral or interest-based advertising purposes. To manage
Flash cookies, you may visit Adobe’s website at Adobe Flash Player or visit www.adobe.com.
How do we collect information using cookies?
We collect many different types of information from cookies and other related technologies. For example, we may collect information from the device you use to access our website, your operating system type, browser type, domain, web page visits, web form fills, content clicks/view, email opens/clicks and other system settings, as well as the language your system uses and the country and time zone where your device is located. Our server logs may also record the IP address assigned to the device you are using to connect to the Internet. An IP address is a unique number that devices use to identify and communicate with each other on the Internet. We may also collect information about the website you were visiting before you came to PRGX and the website you visit after you leave our site.
Can cookies and tracking be disabled?
you can manage cookie preferences and opt-out of having cookies and other tracking
technologies used by adjusting the settings on your browser. In most cases, “Do
Not Track” (DNT) is a web browser setting that send a signal to other websites,
plug in providers, ad networks, and the like, to stop tracking your activity. All
browsers are different, so please visit the “help” section of your browser to
learn about the privacy settings that may be available. Please be advised that
disabling cookies may result in limited functionality on our sites.
The website captures usage information such as:
date and time of webpage visit, referring address (location from which a
visitor comes to the website), type of Internet browser, and visitor's IP
address and DNS name, web form fills, content clicks/views, email opens/clicks.
This information helps us to support and improve the operation of the website.
10. YOUR PERSONAL INFORMATION RIGHTS
You have certain rights with respect to our
processing of your Personal Information, which include:
- (1) Access, Correction and Transmission: You may reasonably access the Personal Information pertaining to you that is on
file with us. You also have the right to request that we correct incomplete,
inaccurate or outdated Personal Information. To the extent required by
applicable law, you may also request that we transmit Personal Information you
have provided to us to you or to another company.
- (2) Objection: We respect your right to object to any uses or disclosures of your Personal Information that
are not (i) required by law, (ii) necessary for the fulfillment of a contractual obligation, or (iii) required to meet legitimate
interests of PRGX (such as general administration disclosures for auditing and
reporting purposes, internal investigations, management of network and
information systems security, or protection of our assets). If you do object,
we will work with you to find a reasonable accommodation. You may also withdraw
your consent at any time in relation to our processing of Personal Information
based on your consent. In addition, you may always object to the use of your
Personal Information for direct marketing purposes, including related profiling
activities. Also, in case you have specific reasons that relate to your situation,
you may object to our processing of your Personal Information based on our
- (3) Deletion: You may request the deletion of your
Personal Information as provided by applicable law. This applies, for instance,
where your information is outdated; where the processing is not necessary or is
unlawful; where you withdraw your consent to our processing based on such
consent; or where we determine we should accommodate an objection you have
raised to our processing. In some situations, we may need to retain your
Personal Information pursuant to our legal obligations or for the
establishment, exercise or defense of legal claims.
- (4) Restriction of processing: Similarly, and where provided by applicable law, you may
request that we restrict processing of your Personal Information while we are
answering your request or complaint pertaining to (i) the accuracy of your
Personal Information, (ii) our legitimate interests to process such
information, or (iii) the lawfulness of our processing activities. You may also
request that we restrict processing of your Personal Information if you wish to
use the Personal Information for litigation purposes.
If you wish to exercise these rights, you may contact the PRGX Privacy Office as described below in the “How to
Contact Us” section or, complete the Personal Information Rights Request Form on our website. Where reasonable, we will accommodate your request and use reasonable efforts to respond to requests in a timely manner. In some situations, we may refuse to act, charge a reasonable fee or impose limitations on your rights if, for instance, your request is likely to adversely affect the rights and freedoms of PRGX or others, prejudice the execution or enforcement of the law, interfere with pending or future litigation, or infringe applicable law. In all cases, you have a right to file a complaint with a Data Protection Authority.
We assume that our clients have provided any notice required for PRGX to process Personal Information they
provide to us, consistent with this Statement, and will provide further notice
of any uses or disclosures that are materially different from those described
in this Statement. Please
note that if you wish to exercise any of your rights in relation to Personal
Information we process on behalf of our clients we recommend that you contact
the client directly.
If you need assistance, please contact us and we will request our clients to correct, amend or delete any erroneous information,
subject to their own policies and instructions.
Where reasonable, we will accommodate your request. However, PRGX may charge a reasonable fee or refuseto act on a request if it is manifestly unfounded or excessive in particular
because of its repetitive character. In some situations, PRGX may refuse to act
or may impose limitations on your rights if, for instance, your request is
likely to adversely affect the rights and freedoms of PRGX or others, prejudice
the execution or enforcement of the law, interfere with pending or future
litigation, or infringe applicable law. In all cases, you have a right to file a
complaint with a Data Protection Authority.
obtain PRGX’s Personal Rights Request Forms, please contact the PRGX privacy
office at email@example.com.
11. YOUR OBLIGATIONS
Bear in mind that you are responsible for the accuracy of your Personal Information. Please let us know when changes to your Personal Information are needed by contacting us through the “How to Contact Us” section and in accordance with applicable law. We will use reasonable efforts to respond to all such requests in a timely manner.
EU-U.S. Privacy Shield Principles
In compliance with the EU-U.S. Privacy Shield Principles, PRGX commits to resolve
complaints of individuals in the European Union about our processing of their Personal
Information. Individuals in the European Union with inquiries or complaints
should first contact PRGX at: firstname.lastname@example.org.
We will respond to your inquiry or complaint within 45 days.
unresolved privacy complaints relating to Personal Information origintaing from the European Union, PRGX has further
committed to cooperate with an independent dispute mechanism established by European
Union Data Protection Authorities and to provide this recourse free of charge. If you do not receive timely acknowledgement
of your complaint, or if your complaint is not satisfactorily addressed, please
Commission Data Protection Authorities or http://www.uscib.org/privacy-shield/ for further information.
Under certain conditions, European Union individuals may invoke binding arbitration when other dispute resolution procedures have been exhausted. For further information, please see the Privacy Shield website at: https://www.privacyshield.gov/welcome.
13. INFORMATION ABOUT CHILDREN
We do not knowingly provide products or services to or solicit Personal Information from children under the age of 18.
14. SOCIAL SECURITY NUMBERS
In some cases, PRGX collects Social Security Numbers, mainly
in the United States, in the ordinary course of its business, such as from our
employees, as well as in certain records we process for our clients. We have
implemented reasonable technical, physical and administrative safeguards to
protect the Social Security Numbers. All our employees are required to follow
these established procedures. Access to Social Security Numbers is limited to
those employees and service providers with an approved business need to access
the information to perform tasks for us and our clients.
Social Security Numbers are only disclosed to third parties
in accordance with our established policies. We only disclose Social Security
Numbers to (i) those service providers, auditors, advisors, and/or successors
in interest who are legally or contractually obligated to protect them or (ii)
as required or permitted by law.
For Personal Information that PRGX USA, Inc. receives from
European Union member states, PRGX USA, Inc. has committed to handling such
Personal Information in accordance with the EU-U.S. Privacy
15. CHANGES TO THIS STATEMENT
As specified, we may decide to make changes to this Statement from time to time. The changes made in the past include the following:
2010:As part of the launch of our new PRGX website, the “Cookie” section of this Statement has been updated to reflect new and limited uses of cookies which are used to monitor the traffic and use within our site as well as to enhance web content and functionality. Cookies on our site do not collect Personal Information.
October 10, 2014:PRGX’s Global Privacy Statement was updated to reflect compliance with United States and international data protection laws and regulations including the European Union Data Privacy Directive, Mexico’s Federal Law Protecting Personal Data, and the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA).
June 10, 2015: The “Cookie” section of PRGX’s Global Privacy Statement was updated to reflect new and limited uses of cookies, and other similar technologies, which will be used to associate web activity with limited Personal Information to personalize and enhance user experience. In addition, information regarding users’ ability to opt-out of cookie usage was added to the Cookie section of this Statement.
July 1, 2016:Updated the introductory section to reflect the European Court of Justice’s decision on October 6, 2015 whereby Safe Harbor was deemed invalid.
September 20, 2016: Updated Statement to reflect certification
under the EU-U.S. Privacy Shield Framework.
August 8, 2017: Updated Statement to reflect Lavante Inc. as a covered entity under the PRGX Global, Inc. Global Privacy Statement.
May 25, 2018: Updates related to collection, use, disclosure, transfers, and protection of personal information as well as updates regarding your personal information rights - to reflect the entry into force of the EU General Data Protection Regulation.
16. HOW TO CONTACT US
Questions about this Statement, or requests in relation to Your Personal Information Rights section above may be sent by email to email@example.com or by contacting:
Attention: Alicia Jackson
Protection Officer & Vice President, Global Privacy and Security
600 Galleria Parkway, Suite 100
Atlanta, GA 30339
This Statement was last updated on May 25, 2018.