What information does Arise collect from you?
You can visit our site without having to tell us who you are or reveal any identifiable personal information to us. It is only when you apply on this Web site to become a Client Support Professional that you will be asked to provide us with identifiable personal information directly relevant to becoming a Client Support Professional.
Whenever you visit this Web site, even if you have not applied to become a Client Support Professional, our web server automatically logs your IP address. We may analyze the IP address data for trends and statistics about Web traffic to this site. We may also use this data to help diagnose any problems with our server and to administer this Web site. Unless you apply to become a Client Support Professional, we do not link IP Addresses to a specific person, so you will remain anonymous to us.
If you apply on this Web site to become a Client Support Professional your identifiable personal application information is also recorded alongside the anonymous information in our Web server log. Once you apply to become a Client Support Professional, you are no longer anonymous to us.
What are cookies and does Arise use them?
Do any third parties receive or collect your Information through Arise?
Arise will not share personally identifiable information with other companies or individuals except to the extent disclosed in the Client Support Professional application and as authorized by you in such application; or, to comply with subpoenas or court orders.
What security measures are in place to protect your information?
Arise operates secure data networks protected by industry standard firewall and password protection. We have stringent security measures in place to attempt to protect against the loss, misuse or alteration of your identifiable personal information.
Arise will occasionally update this privacy statement. When we do, we will also revise the "last updated" date at the bottom of this privacy statement. For material changes to this privacy statement, we will notify you by placing prominent notice on this Web site.
Arise Virtual Solutions, Inc. (hereinafter referred to as “Arise”) has joined the US-EU Program for compliance in the Safe Harbor Principles of the U.S. Department of Commerce for the protection of subcontractor data transferred from Arise locations in the European Union to the United States, as required by the EU Directive on Data Protection. Status of the Arise Safe Harbor certification can be found in the Safe Harbor list.
Arise is a US-based company that utilizes a data center located in the EU. The EU’s comprehensive privacy legislation, the Directive on Data Protection, requires that transfers of personal data take place only: (1) where a relevant basis exists upon which a transfer may be made; or (2) to non-EU countries that provide an “adequate” level of privacy protection for such data. The US Department of Commerce in consultation with the EU, has developed a “safe harbor” framework to assist U.S. companies in complying with the Directive on Data Protection. The safe harbor framework consists of “Safe Harbor Principles” with which Arise must comply if it wishes to self-certify under and enjoy the benefits of the Department of Commerce Safe Harbor.
Any questions regarding this Policy or Arise´s processing of personal data in the U.S. may be addressed to:
- Arise Corporate Headquarters
Attention: Legal Counsel
3450 Lakeside Drive, 6th Floor
Miramar, FL 33027
Arise complies with the U.S.-EU Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. The company has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view the company’s certification, please visit http://www.export.gov/safeharbor/.
This Policy sets forth Arise’s procedures for complying with the Safe Harbor Principles in regard to subcontractor data that is transferred to the United States from EU locations. This Policy, including the procedures discussed below, shall be communicated to all subcontractors of Arise’s EU locations and to all Company subcontractors in the U.S. that process or otherwise have access to the “Subcontractor Data” discussed below.
Compliance with this Policy is mandatory, and any subcontractor failing to comply will be subject to disciplinary action, up to and including termination of employment, as may be permitted by applicable law.
Arise does not purposely process sensitive information or personal data specifying medical or health conditions, racial or ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, or union membership.
Arise collects and uses personal data regarding its EU subcontractors for the following purposes:
- To facilitate the performance of certain administrative tasks and functions relating to general servicing as outlined in the Master Services Agreements and Statements of Work for its subcontractors such as, calculating service fees, certification, performance compliance and scheduling; and
- Processing and investigating reports of fraud under the one or more Arise policies, Master Service Agreements or Statements of Work.
Subcontractor data could include one or more of the following: name, address, other job information, location, service fee information, Arise identification number, compliance and performance status, copy of Master Services Agreement and Statement of Work. Arise may receive information about an subcontractor’s actions or inactions relative to a adherence to the Master Services Agreement or Statement of Work and any other legal or ethical issue covered by internal procedures.
Subcontractor data is only used and/or disclosed to third parties for the purposes described above. In no case does Arise use and/or disclose to third parties subcontractor data for any purpose(s) incompatible with the above stated purposes without first notifying the data subject. Furthermore, the data subject is provided an opportunity to affirmatively opt-out or object to such use or disclosure. Except in limited and permissible circumstances, Arise does not use or transfer to third parties subcontractor data deemed “sensitive” under the EU Directive on Data Protection without first providing the data subject with an opportunity to affirmatively opt-in and explicitly agree such use or disclosure.
Any subcontractor in an EU location performing services for Arise may contact Arise Legal Counsel with complaints or inquires regarding Arise’s processing of subcontractor data, or, to “opt out” of the transfer of this data as described below.
In the course of their work, these subcontractors who are contracted with Arise, engage in phone conversations with customers. The only data collected about these customers by Arise is the actual phone conversation itself. All phone conversations are recorded for quality assurance purposes and are only retained for 90 days on Arise premises.
Any subcontractor whose data is to be transferred to third parties or used for purposes incompatible with the purposes described above may choose not to have his or her data so used or transferred and must communicate his or her desire to “opt out” by the means described in the last paragraph above. A subcontractor may not opt out of the transfer of his or her data which is transferred by Arise to a third party for the purpose of (1) meeting applicable legal requirements or (2) protecting the legitimate interests of Arise in making business related decisions.
Arise also transfers subcontractor data only to those third parties who: (a) have agreed, in writing, to provide at least the same level of privacy protection to this data as is required under the EU Directive on Data Protection and/or adherence with the Safe Harbor Principles. Exceptions to this limitation on onward transfer include where a subcontractor has granted Arise US express permission to transfer his or her data to the third party, or, where such transfer is necessary for the purpose of meeting an applicable legal requirement.
Customer call recordings are considered the property of Arise US clients who have hired Arise US to complete their services.
Arise US implements a high level of data security measures to prevent loss, disclosure, unauthorized access, misuse, alteration and destruction. Arise US has implemented an information security program based on the Payment Card Industry Data Security Standard (PCI-DSS). This framework is recognized internationally and provides the basis for the organizational and technical and organizational security measures used by Arise US.
Subcontractor data is kept up-to-date, accurate, complete and reliable for its intended use either by the subcontractor themselves (for data that is accessible) or by Arise US employees responsible for other parts of this data.
Customer data is only current in recorded phone conversations and deleted after 90 days.
Arise US has informed its Customers about the need, where required by their applicable data protection law, that procedures are in place to ensure that call recording data (which may contain personal data) are reliable for their intended use, accurate, complete, and current. Retention of these call recordings does not exceed 90 days.
A subcontractor whose data is processed by Arise US may request access for the purpose of correcting, amending, or, deleting data that is inaccurate. Alternatively, in some cases, the subcontractor may also access data for the purpose of correcting, amending, or, deleting on their own. Arise US may deny a subcontractor’s request to access his or her data where the burden or expense of providing such access would be disproportionate to the risks to the requesting subcontractor’s privacy or where the rights of persons other than the requesting subcontractor would be violated.
Customers only have data collected in customer service call recordings. Arise US may deny a customer’s request to access his or her data where the burden or expense of providing such access would be disproportionate to the risks to the requesting customer’s privacy or where the rights of persons other than the requesting customer would be violated.
Arise US continually reviews its compliance with this Policy to verify that the assertions and practices made in it are true and are correctly implemented. Any breach of this Policy that has been reported to Arise US will be duly investigated.
An individual with a complaint or dispute about the processing of its personal data should use the following procedure:
- Report any complaint(s) about such processing to the Arise US Legal Counsel (see above).
- Unresolved complaints can be directed to the EU Data Protection Authority (“DPA”) or the American Arbitration Association (AAA).
- Arise US is voluntarily certifying that it will comply with the Safe Harbor Principles, subjecting itself to the enforcement, dispute resolution, and sanctioning powers of the AAA or DPA and has agreed to cooperate and comply with either in regard to Arise US’s processing of subcontractor or customer data.
Arise US has selected a third party to serve as its independent recourse mechanism (IRM) for dispute resolution. The E.U. Data Protection Authorities (DPAs) will be used for dispute resolution which will be available to investigate unresolved complaints involving “human resources data”. In addition, the American Arbitration Association (AAA) may be used to resolve all other disputes and when selected will be available to investigate unresolved complaints involving other types of data (e.g. client and customer data).
To verify its compliance with the Safe Harbor Principles, Arise US, through its Internal audit processes, periodically (i.e., at least once a year)
Arise US will conduct an annual self-assessment to ensure that:
- The Arise US EU Directive on Data Protection Policy is prominently displayed, comprehensive and accessible.
- The Arise US EU Directive on Data Protection Policy conforms to the Safe Harbor Principles.
- Subcontractors and customers are informed of the internal arrangements for handling complaints and how they may pursue complaints.
- Instruction is provided on the implementation of the Arise US EU Directive on Data Protection Policy and disciplining those who fail to comply.
- Arise US reserves the right to amend and revise the Arise US EU Directive on Data Protection Policy at any time. Any and all changes will be communicated to the appropriate parties.
Further resources available for review:
- For materials regarding the Safe Harbor Principles, you may go to the following link: www.export.gov/safeharbor
Per the principles of the US Safe Harbor, adherence to these principles may be limited to the extent necessary to meet national security, public interest, or law enforcement requirements.
Last Updated: February 2012.