The data controller in respect of your personal data is Arise Virtual Solutions (Canada) Inc. Our registered office is at 181 Bay Street, Suite 2500, Toronto, Canada 5MJ 2T7.
What Information Does Arise Collect From You and How Will We Use It?
You can visit our site without having to tell us who you are or reveal any personal data to us. It is only when you apply on this Web site to become a Client SupportProfessional that you will be asked to provide us with personal data directly relevant to becoming a Client Support Professional.
Whenever you visit this Web site, even if you have not applied to become a Client Support Professional, our web server automatically logs your IP address. We may analyze the IP address data for trends and statistics about Web traffic to this site. We may also use this data to help diagnose any problems with our server and to administer this Web site. Unless you apply to become a Client Support Professional, we do not link IP addresses to a specific person so that you will remain anonymous to us.
If you apply on this Web site to become a Client Support Professional we will ask you to provide personal data including your name, address, phone number, email address, etc. to allow us to process your application. The personal data provided as part of your application is recorded alongside the anonymous information in our web server log. So, once you apply to become a Client Support Professional, you are no longer anonymous to us.
You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies (most web browsers provide instructions on how to do this in a "Help" section available via the web browser). However, if you choose this setting, you may not be able to access parts of our site and we may not be able to process your payment of training fees.
Do Any Third Parties Receive or Collect Your Information Through Arise?
We may also disclose your personal data to Arise for the purpose of providing us with testing services to allow us to assess your Client Support Professional application. Our US based affiliates and US contractors shall comply with EU-US Safe Harbor Principles as detailed below.
Arise will not share your personal data with third parties except to the extent set out above, or as required by law.
Where We Store Your Personal Data
What Security Measures Are in Place to Protect Your Information?
Arise operates secure data networks protected by industry standard firewall and password protection. We have reasonable security measures in place to attempt to protect against the loss, misuse or alteration of your personal data.
Access to Your Information
You may inform us of any changes in your personal data, and in accordance with our obligations under the Data Protection Acts 1988 and 2003 we will update or delete your personal data accordingly. You are entitled to access personal data held about you, in accordance with the Data Protection Acts 1988 and 2003. Any access request may be subject to a fee of up to $15 (Canadian) to meet our costs in providing you with details of the information we hold about you.
Arise will occasionally update this privacy statement. When we do, we will also revise the "last updated" date at the bottom of this privacy statement. For material changes to this privacy statement, we will notify you by placing a prominent notice on this Web site.
Arise welcomes your comments or queries regarding this Privacy Statement by postal mail.
Arise Virtual Solutions (Canada) Inc
Attention: Legal Counsel
181 Bay Street, Suite 2500
Toronto, Canada 5MJ 2T7
Last updated: October 2010
ARISE VIRTUAL SOLUTIONS, INC: SAFE HARBOR CERTIFICATION
Arise Virtual Solutions, Inc. (hereinafter referred to as “AVSI ”) has joined the US-EU Program for compliance in the Safe Harbor Principles of the U.S. Department of Commerce for the protection of subcontractor data transferred from Arise locations in the European Union to the United States, as required by the EU Directive on Data Protection. Status of the Arise Safe Harbor certification can be found in the Safe Harbor list.
Arise is a US-based company utilizes a data center located in the EU. The EU’s comprehensive privacy legislation, the Directive on Data Protection, requires that transfers of personal data take place only: (1) where a relevant basis exists upon which a transfer may be made; or (2) to non-EU countries that provide an “adequate” level of privacy protection for such data. The US Department of Commerce in consultation with the EU, has developed a “safe harbor” framework to assist U.S. companies in complying with the Directive on Data Protection. The safe harbor framework consists of “Safe Harbor Principles” with which Arise US must comply if it wishes to self-certify under and enjoy the benefits of the Department of Commerce Safe Harbor.
Any questions regarding this Policy or Arise US´s processing of personal data in the U.S. may be addressed to:
US Corporate Headquarters
Arise Virtual Solutions Inc.
Attention: Legal Counsel
3450 Lakeside Drive, 6th Floor
Miramar, FL 33027
Arise US complies with the U.S.-EU Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. The company has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view the company’s certification, please visit http://www.export.gov/safeharbor/.
This Policy sets forth Arise US’s procedures for complying with the Safe Harbor Principles in regard to subcontractor data that is transferred to the United States from EU locations. This Policy, including the procedures discussed below, shall be communicated to all subcontractors of Arise US’s EU locations and to all Company subcontractors in the U.S. that process or otherwise have access to the “Subcontractor Data” discussed below.
Compliance with this Policy is mandatory, and any subcontractor failing to comply will be subject to disciplinary action, up to and including termination of employment, as may be permitted by applicable law.
Arise US does not purposely process sensitive information or personal data specifying medical or health conditions, racial or ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, or union membership.
Arise US collects and uses personal data regarding its EU subcontractors for the following purposes:
- To facilitate the performance of certain administrative tasks and functions relating to general servicing as outlined in the Master Services Agreements and Statements of Work for its subcontractors such as, calculating service fees, certification, performance compliance and scheduling; and
- Processing and investigating reports of fraud under the one or more Arise US policies, Master Service Agreements or Statements of Work.
Subcontractor data could include one or more of the following: name, address, other job information, location, service fee information, Arise US identification number, compliance and performance status, copy of Master Services Agreement and Statement of Work. Arise US may receive information about an subcontractor’s actions or inactions relative to a adherence to the Master Services Agreement or Statement of Work and any other legal or ethical issue covered by internal procedures.
Subcontractor data is only used and/or disclosed to third parties for the purposes described above. In no case does Arise US use and/or disclose to third parties subcontractor data for any purpose(s) incompatible with the above stated purposes without first notifying the data subject. Furthermore, the data subject is provided an opportunity to affirmatively opt-out or object to such use or disclosure. Except in limited and permissible circumstances, Arise US does not use or transfer to third parties subcontractor data deemed “sensitive” under the EU Directive on Data Protection without first providing the data subject with an opportunity to affirmatively opt-in and explicitly agree such use or disclosure.
Any subcontractor in an EU location performing services for Arise US may contact Arise US Legal Counsel with complaints or inquires regarding Arise US’s processing of subcontractor data, or, to “opt out” of the transfer of this data as described below.
In the course of their work, these subcontractors who are contracted with Arise US, engage in phone conversations with customers. The only data collected about these customers by Arise US is the actual phone conversation itself. All phone conversations are recorded for quality assurance purposes and are only retained for 90 days on Arise US premises.
Any subcontractor whose data is to be transferred to third parties or used for purposes incompatible with the purposes described above may choose not to have his or her data so used or transferred and must communicate his or her desire to “opt out” by the means described in the last paragraph above. A subcontractor may not opt out of the transfer of his or her data which is transferred by Arise US to a third party for the purpose of (1) meeting applicable legal requirements or (2) protecting the legitimate interests of Arise US in making business related decisions.
Arise US also transfers subcontractor data only to those third parties who: (a) have agreed, in writing, to provide at least the same level of privacy protection to this data as is required under the EU Directive on Data Protection and/or adherence with the Safe Harbor Principles. Exceptions to this limitation on onward transfer include where a subcontractor has granted Arise US express permission to transfer his or her data to the third party, or, where such transfer is necessary for the purpose of meeting an applicable legal requirement.
Customer call recordings are considered the property of Arise US clients who have hired Arise US to complete their services.
Arise US implements a high level of data security measures to prevent loss, disclosure, unauthorized access, misuse, alteration and destruction. Arise US has implemented an information security program based on the Payment Card Industry Data Security Standard (PCI-DSS). This framework is recognized internationally and provides the basis for the organizational and technical and organizational security measures used by Arise US.
Subcontractor data is kept up-to-date, accurate, complete and reliable for its intended use either by the subcontractor themselves (for data that is accessible) or by Arise US employees responsible for other parts of this data.
Customer data is only current in recorded phone conversations and deleted after 90 days.
Arise US has informed its Customers about the need, where required by their applicable data protection law, that procedures are in place to ensure that call recording data (which may contain personal data) are reliable for their intended use, accurate, complete, and current. Retention of these call recordings does not exceed 90 days.
A subcontractor whose data is processed by Arise US may request access for the purpose of correcting, amending, or, deleting data that is inaccurate. Alternatively, in some cases, the subcontractor may also access data for the purpose of correcting, amending, or, deleting on their own. Arise US may deny a subcontractor’s request to access his or her data where the burden or expense of providing such access would be disproportionate to the risks to the requesting subcontractor’s privacy or where the rights of persons other than the requesting subcontractor would be violated.
Customers only have data collected in customer service call recordings. Arise US may deny a customer’s request to access his or her data where the burden or expense of providing such access would be disproportionate to the risks to the requesting customer’s privacy or where the rights of persons other than the requesting customer would be violated
Arise US continually reviews its compliance with this Policy to verify that the assertions and practices made in it are true and are correctly implemented. Any breach of this Policy that has been reported to Arise US will be duly investigated.
An individual with a complaint or dispute about the processing of its personal data should use the following procedure:
- Report any complaint(s) about such processing to the Arise US Legal Counsel (see above).
- Unresolved complaints can be directed to the EU Data Protection Authority (“DPA”) or the American Arbitration Association (AAA).
- Arise US is voluntarily certifying that it will comply with the Safe Harbor Principles, subjecting itself to the enforcement, dispute resolution, and sanctioning powers of the AAA or DPA and has agreed to cooperate and comply with either in regard to Arise US’s processing of subcontractor or customer data.
Arise US has selected a third party to serve as its independent recourse mechanism (IRM) for dispute resolution. The E.U. Data Protection Authorities (DPAs) will be used for dispute resolution which will be available to investigate unresolved complaints involving “human resources data”. In addition, the American Arbitration Association (AAA) may be used to resolve all other disputes and when selected will be available to investigate unresolved complaints involving other types of data (e.g. client and customer data).
To verify its compliance with the Safe Harbor Principles, Arise US, through its Internal audit processes, periodically (i.e., at least once a year)
- Arise US will conduct an annual self-assessment to ensure that:
- The Arise US EU Directive on Data Protection Policy is prominently displayed, comprehensive and accessible.
- The Arise US EU Directive on Data Protection Policy conforms to the Safe Harbor Principles.
- Subcontractors and customers are informed of the internal arrangements for handling complaints and how they may pursue complaints.
- Instruction is provided on the implementation of the Arise US EU Directive on Data Protection Policy and disciplining those who fail to comply.
- Arise US reserves the right to amend and revise the Arise US EU Directive on Data Protection Policy at any time. Any and all changes will be communicated to the appropriate parties.
Further resources available for review:
For materials regarding the Safe Harbor Principles, you may go to the following link:www.export.gov/safeharbor
Per the principles of the US Safe Harbor, adherence to these principles may be limited to the extent necessary to meet national security, public interest, or law enforcement requirements.
Last Updated: February 2012.