Privacy policy

1. Introduction

Data Protection policy of AmeriPol Staffing LLC indicates that we are dedicated to and responsible for processing the information of our, customers, stakeholders, employees and other interested parties with absolute caution and confidentiality. This policy describes how we collect, store, handle and secure our data fairly, transparently, and with confidentiality.

2.  Collection of personal data

AmeriPol Staffing LLC was established in response to the global talent shortage exacerbated by pandemic, offering a cost-effective solution by providing qualified candidates from Poland for outsourced positions. We specialize in the transportation, services, insurance, and technology industries, providing comprehensive services such as candidate sourcing, recruitment, onboarding, payroll management, training, and administrative support.

The selection of the best candidates takes place between our two companies: AmeriPol Sp. z o.o. and AmeriPol Staffing LLC. According to the principles of personal data protection, both companies have signed a co-administration agreement, where they have defined the following scope of responsibilities:

·   Handling the recruitment process, where Ameripol Sp. z o.o. will be responsible for selecting potential employees, providing information to recruited participants, especially regarding the processing of their personal data according to the established pattern. Additionally, the company will be responsible for obtaining voluntary consent to transfer recruitment data to AmeriPol Staffing LLC.

·   AmeriPol Staffing LLC will process personal data solely for the purpose of presenting a candidate’s application to its client – this also applies to recruitment meetings conducted through dedicated online platforms.

·   Handling the employee hiring process, where Ameripol Sp. z o.o. will be responsible for hiring employees and providing information related to employment, in particular: accounting for work hour schedules, approval, and accounting for leave. Additionally, the company will be responsible for providing informational obligations and will serve as a point of contact between the employee and AmeriPol Staffing LLC.

In compliance with the EU-U.S. DPF, AmeriPol Staffing LLC commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF in the context of the employment relationship.

·   AmeriPol Staffing LLC will process personal data for the purpose of supervising the service delivery process and handling complaints.

The scope of data to be transferred includes: first name, last name, education, employment information and professional experience, age, and image.

3. How we use personal data

We use Personal Data only for legally permissible reasons which include one or more of these reasons:

·   To fulfil a contract, we have with an Individual, or

·   If we have a legal duty to use an Individual’s data for a particular reason, or

·   When the Individual gives consent to it, or

·   When it is in our legitimate interests.

Legitimate interests are genuine and fair usage of the Personal Data for business or commercial reasons. The use of such information is subject to privacy notice in effect at the time of use. This may include the following purposes:

·   To respond to an Individual’s requests

·   To provide services to an Individual including customer service

·   To send communications to an Individual about our or our affiliates’ services and other information that may be relevant

·   To communicate with an Individual about job or career opportunities about which the Individual had inquired

·   To ensure that our site and our services function in an effective manner

·   To measure or understand the effectiveness of advertising and outreach

·   Legal obligations: We may be required to use and retain personal information for legal and compliance reasons, such as the prevention, detection, or investigation of a crime; loss prevention; fraud; regulatory requirements etc. We may also use personal information to meet internal and external audit requirements, information security purposes, and as we otherwise believe to be necessary or appropriate. This obligation may be under any applicable law wherever we operate or the relevant Individual reside. Legal obligations may also include responding to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside the country of residence of the Individual.

We endeavor to collect only such information that is reasonably necessary to perform services for an Individual or to respond to inquiries. Individuals are responsible for ensuring that the information provided is accurate, complete and current; we will take reasonable steps to ensure that the information we collect and use is relevant to its intended use.

4. Security Measures

We deploy information security policies and procedures that are aligned with widely accepted international standards and are reviewed regularly and updated as necessary to meet business needs, changes in technology, and regulatory requirements. We ensure the following for securing Personal Data:

Access Control

•      Access authorizations for employees and third parties, including the respective documentations

•      Code card passes;

•      Restrictions on keys;

•      Regulations for third parties;

•      Regulations on key codes;

•      Identification of the persons having access authority;

•      Security alarm system or other appropriate security measures even after the working time;

•      Securing the decentralized data processing equipment and personal computers;

•      Protection and restriction of access path;

•      Establishing security areas especially for deliveries and handover establishing from locks;

•      Inhouse verification requirements (four-eye-principle);

•      Securing of the building (attack-blocking glazing, security alarm system, supervision by watchmen, inspection of chutes).

Access Control to Data

•      Locking of terminals;

•      Allocation of individual terminals and / or terminal user and identification characteristics exclusive to specific functions;

•      Functional and / or time restricted use of terminals and / or terminal users and identification characteristics;

•      Regulations for user authorization;

•      Obligation to comply with data secrecy;

•      User codes for data and programs;

•      Coding routines for files;

•      Differentiated access regulations (e. g. partial blocking);

•      Regulations for the organization of files;

•      Logging and analysis of use of the files;

•      Controlled destruction of data media;

•      Work instructions for templates for the registration of data;

•      Checking-, adjustment- and controlling systems;

•      Processes for the checking and release of programs;

User Control

•      Authorization concept;

•      Terminal with access user key;

•      Identification of the terminal and / or the terminal user to the system of the Company;

•      Automatic turn-off of the user ID when several erroneous passwords where entered;

•      Log file of events (monitoring of break-in attempts);

•      Issuing and safeguarding the identification codes;

•      Dedication of individual terminals and / or terminal users;

•      Identification characteristics exclusive to specific functions;

•      Authentication of the authorized personal;

•      Protective measures for the data input into memory as well as for the reading, blocking and deletion of stored data;

•      Use of encryption for critical security files;

•      Specific access rules for procedures, control cards, process control methods, program cataloging authorization;

•      Guidelines for data file organization;

•      Keeping records of data file use;

•      Separation of production and test environment for libraries and data files;

•      Providing that entries to data processing facilities (rooms, housing, computer hardware and related equipment) are capable of being locked;

•      Automatic log-off of user IDs that have not been used for a substantial period of time;

•      Designating the areas in which data media may / must be located;

•      Designating the persons in such areas for authorized remove of data media;

•      Controlling the removal of data media;

•      Securing the areas in which data media are located;

•      Release of data media only to authorized persons;

•      Control of files, controlled and documented destruction of data media;

•      Policies controlling the production of backup copies.

Transmission Control

•      Authentication of the authorized personal;

•      In-house verification requirements (four-eye-principle);

•      Designating the areas in which data media may / must be located;

•      Controlling the removal of data media;

•      Designating the persons in such areas who are authorized to remove data media;

•      Control of files;

•      Locking of confidential data media;

•      Security lockers;

•      Prohibition of taking bags etc. within the secure area;

•      Control of destruction of data media;

•      Policies controlling the production of backup copies;

•      Documentation of the transfer programs;

•      Documentation of the retrieval and transmission programs;

•      Documentation of the remote locations / destinations to which a transmission is intended and the transmissions path (logical path);

•      Authorization policy;

•      Encryption of the data for online transmission or transport by means of data carries (tapes and cartouches);

•      Monitoring of the completeness and correctness of the transfer or data (end to end check);

•      Encryption;

•      Courier services, personal pickup, accomplishing of the transport;

•      Control of plausibility;

•      Control of completeness and correctness;

•      Deletion of remaining data before change of data media.

Input Control

•      Input authorization controls;

•      Electronic recording of Data entries;

•      Electronic recording of data processing, in particular usage of Data.

•      Organization Control

•      Processor shall maintain its internal organization in a manner that meets the requirements of data protection law. This shall be accomplished by (inter alia):

•      Internal data processing policies and procedures, guidelines, work instructions, process descriptions and regulations for programming, testing and release;

•      Formulation of a data security concept;

•      Formulation of an emergency plan (backup contingency plan).

Control of Separation of Data

•      Storage of the Data in separated data collectors (physical separation);

•      Authorization policy (logical separation).

5. When we disclose personal data

We will not disclose, give, sell or transfer any Personal Information to third parties without obtaining it prior consent of the Person concerned, unless disclosure is necessary fulfilling a legal obligation or order under currently applicable law. The above rule also applies to employees who will perform their tasks for our potential clients.

Whenever we share Personal Data with a third party, we ensure that the third party receiving We do not share Personal Data with any other entities and use them only for specified purposes the purpose for which the Personal Data was shared. We will not publish in any mode, i.e. via social media, written or oral communication, Personal Data. We may share Personal Information with our affiliated companies and affiliates located around the world as necessary to provide the Services administration, sales and marketing, customer and technical support and business I product development etc. However, in all such cases we will ensure that our employees and contractors are obliged to comply with our data protection and security principles during service personal information.

We would like to inform you that Personal Data will be made available without the need to obtain the prior consent of the Administrator an interested individual that government agencies are authorized by law to obtain information, including for the purpose of verifying identity or preventing, detecting, investigations, including cyber incidents, prosecution and prosecution of crimes. Even in this one cases, the Company will not publish in any way, i.e. via social media, in writing or orally communication, Personal Data.

6. How long we retain the personal data

We retain Personal Data for as long as we reasonably require it for legal or business purposes. In determining data retention periods, we take into consideration local laws, contractual obligations, and the expectations and requirements of our customers. When we no longer need the Personal Data, we securely delete or destroy it.

7. Right of access, correction and objection

·     Right to Access: An Individual who had shared Personal Data or who suspects that his/her Personal Data is with us, can contact us to request the information we hold on the said Individual as well as why we have that information, who has access to the information, where we obtained the information from and how the said information is protected. We will respond to the request within 30 (thirty) days of the date of receiving such request.

·     The right to correct and update the information: If the data we hold on an Individual is out of date, incomplete or incorrect, the concerned Individual can inform us about the changes required in the Personal Data and the data will be updated.

·     The right to have information erased: If an Individual feel that we should no longer be using the Individual’s Personal Data or that we are illegally using the Personal Data, the said Individual can directly request that we erase the data we hold. When we receive such request we will confirm whether the data has been deleted or the reason why it cannot be deleted (for example because we need it for our legitimate interests or regulatory purpose(s)).

·     The right to object to the processing of personal data: We will provide an Individual with the ability to object to the processing of the said Individual’s Personal Data if such processing is not reasonably required for a legitimate purpose as described in this policy or compliance with law. Any grievances regarding handling of Personal data shall be addressed to Grievance officer at email id compliance@ameripolstaffing.com The Grievance Officer shall redress all the grievances within 30 days from the date of receipt of grievance.

·     The right to withdraw consent: An Individual who had given the consent to the Company for possessing and processing the Personal Data can withdraw the consent at any time prospectively. The Individual can withdraw the consent easily by contacting Grievance officer at email id compliance@ameripolstaffing.com When an Individual withdraws the consent, we will ensure that the said data is destroyed or deleted permanently.

8. Data Privacy Framework

Ameripol Staffing LLC is responsible for the processing of personal data it receives, under the Data Privacy Framework, and subsequently transfers to a third party acting as an agent on its behalf. Ameripol Staffing LLC complies with the Data Privacy Framework for all onward transfers of personal data from the EU, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Data Privacy Framework, Ameripol Staffing LLC is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Ameripol Staffing LLC may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the Data Privacy Framework Principles, Ameripol Staffing LLC commits to resolve complaints about our collection or use of your personal data. EU individuals with inquiries or complaints regarding our policies should first contact Ameripol Staffing LLC at compliance@ameripolstaffing.com. In compliance with the EU-U.S. DPF, Ameripol Staffing LLC commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you. Under certain conditions, more fully described on the Data Privacy Framework website at https://www.dataprivacyframework.gov/s/assistance, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

9. Personal information

We always ensure that the Personal Data is only collected from Individuals who are legally eligible to enter into a contract and signify their consent for holding and processing of their Personal Data. Any individual who views, requests or shares any information must be 18 years of age or over.

10. Contact Us

In case of any queries or complaints about Company’s compliance with this Privacy Policy, or any recommendations or comments to improve the quality of this Privacy Policy, please email us at compliance@ameripolstaffing.com.