Privacy Notices

PRIVACY SHIELD POLICY

Elevate Services, Inc. complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information or Sensitive Information transferred from the European Union and Switzerland to the United States. Elevate Services Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

This Policy is separate and apart from the Privacy Statement applicable to users of Elevate Services Inc.’s website and privacy policies governing human resources data of Elevate Services, Inc.’s Associates. For human resource data transferred from the EU and Switzerland in the context of the employment relationship, Elevate commits to cooperate with the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC).

Policy

1. Collection of Personal and Sensitive Data.

Elevate provides services to corporate legal departments and law firms globally. These services include, but are not limited to, litigation support services, including data processing, document review and production, medical bill review, legal process services, business administration services, information technology services, and consulting services. In the course of providing services to its customers, Elevate may receive or collect Personal Data or Sensitive Information from its customers, either directly or through an Elevate Affiliate. This data may be disclosed to third party service providers to assist Elevate in providing services to Elevate’s customers. Human resource data may be disclosed to third parties service providers to assist with background checks, payroll, and other human resources activities.

2. Use of Personal and Sensitive Data.

Elevate will only access or use Personal Data or Sensitive Information in the course of performing services requested by its customers in accordance with its contractual obligations.

3. Onward Transfer/Potential Liability for Acts of Third-Party.

Elevate’s accountability for data it receives pursuant to the EU-U.S. Privacy Shield/Swiss-U.S. Privacy Shield and subsequent transfer of that data to third parties is detailed in the Privacy Shield Principles. In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-U.S. Privacy Shield, and Swiss individuals received pursuant to the Swiss-U.S. Privacy Shield, Elevate is potentially liable. In particular, Elevate remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process Personal Data or Sensitive Information on its behalf do so in a manner inconsistent with the Principles, unless Elevate proves that it is not responsible for the event giving rise to the damage.

4. Access and Choice.

EU and Swiss individuals have the right to access Personal Information or Sensitive Information about them, and the choice to limit use and disclosure of their Personal or Sensitive Data. If you wish to request access to your Personal or Sensitive Data for such purposes please contact our privacy team at dpo@elevateservices.com or send a written request to the contact information provided below in the “Recourse Mechanism” section.

If your Personal Information or Sensitive Information changes or you change your preference for receiving information from us, send us a request specifying your updated information or your new choice. Send such requests to dpo@elevateservices.com or by telephone or mail with the contact information provided in the “Recourse Mechanism” section.

5. Safeguards.

Elevate, its Affiliates, and its third party contractors maintain physical, electronic and procedural safeguards designed to secure Personal and Sensitive Data and to prevent against unauthorized or unlawful destruction, loss, alteration, or disclosure of the same. Elevate, its Affiliates, and its third party contractors perform their own assessments of their compliance with this Privacy Policy and all applicable laws and regulations.

6. Recourse Mechanism.

In compliance with the EU – U.S. Privacy Shield Principles, Elevate commits to resolve complaints about your privacy and our collection or use of your Personal Information or Sensitive Information. European Union and Swiss individuals with inquiries or complaints regarding this privacy policy should first contact Elevate using the following information:

Elevate Services, Inc.
Attn: General Counsel
10250 Constellation Blvd., Ste. 2815
Los Angeles, CA 90067
E-mail: dpo@elevateservices.com

Elevate has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit JAMS for more information or to file a complaint. The services of JAMS are provided at no cost to you.

7. Arbitration.

Under certain conditions an individual can invoke binding arbitration regarding complaints of Elevate’s Privacy Shield compliance not resolved by any of the other recourse mechanisms provided. For more information visit: https://www.privacyshield.gov/article?id=ANNEX-I-introduction

8. Lawful Disclosure.

Elevate is required to disclose information in response to lawful requests by public authorities. This includes meeting national security or law enforcement requirements placed on Elevate. Elevate may voluntarily issue a periodic transparency report on the number of requests for Personal Information or Sensitive Information it has received by public authorities for law enforcement or national security purposes. Such reports will only be issued to the extent such disclosures are permissible under applicable law.

9. Enforcement and Investigative Power.

Elevate is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) and/or the Department of Transportation.

Changes to this Privacy Policy. Elevate reserves the right to change this Privacy Policy from time to time consistent with applicable privacy laws and principles. Unless such changes afford greater protections regarding Personal or Sensitive Data, such changes will apply only to Personal or Sensitive Data received after the effective date of such change.

Definitions of Terms Used in this Privacy Policy

“Affiliates” means any corporation, partnership, limited liability company, or other entity directly or indirectly controlled by, or under the common control of, Elevate Services, Inc.

“Associates” means an employee or independent contractor of Elevate or an Elevate Affiliate.

“Data Subject” means the natural person who is the subject of, and identified in, Personal or Sensitive Data.

“Elevate” means Elevate Services, Inc., incorporated under the laws of the state of Delaware having its corporate headquarters in Los Angeles, California, USA.

“European Union” or “EU” means the European Union consisting of its Member States, covered by the European Union Data Protection Directive.

“Personal Data” or “Personal Information” means any information relating to an identified or identifiable natural person; an identifiable natural person can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity. By way of example, data such as an individual’s name, address, phone number, email address, user ID and password, personal billing information or credit card information. Personal Data does not include data that is encoded or anonymized, or publicly available information that has not been combined with non-public Personal Data.

“Sensitive Information” or references to “Sensitive Data” means personal information specifying medical or health condition, race or ethnicity, political, religious or philosophical affiliations or opinions, sexual orientation, or trade union membership.

“Privacy Shield” or “EU-U.S. Privacy Shield” or “Swiss-U.S. Privacy Shield” means the adequacy decision that allows for legal collection, use or retention of transfers of personal data of EU and Swiss persons outside of the EU and Switzerland to the United States. Certified Privacy Shield Framework members must abide by the Privacy Shield Principles which are available at the Privacy Shield website provided below. All certified members of the framework are also available for viewing via a list provided on the Privacy Shield website: https://www.privacyshield.gov/welcome

STATE NOTICES

1. Notice to California Residents

Updated: April 20, 2020

California Consumer Privacy Act (“CCPA”) Privacy Notice

Who is protected under the CCPA

The CCPA protects the privacy rights of (1) every individual who is in the state of California (the “State”) for any purpose other than a temporary or transitory purpose, and (2) every individual domiciled in the State who may be outside the State for a temporary or transitory purpose.

Collection of Personal Information

Elevate Services, Inc. and its affiliates (“Elevate”) do not, and will not, sell personal data (“Personal Information”) to third parties. During the past 12 months we have collected the following categories of information from our website visitors for the corresponding purpose stated below. Any collected data is deleted after 12 months.

Collection and processing of personal information from business activities like HR recruitment and personal information processing under the instructions of our controllers are done in fulfillment of a contractual obligation or by legitimate interest. Retention of personal data follows Elevate internal retention policies, contractual obligation with our customers, and legal requirements for retention

 

Category Examples of Personal Information Collected Source Purpose
A. Identifiers. A real name (or company name for Business Entities or Suppliers/Vendors), alias, unique personal identifier, Internet Protocol address, email address, account name, or other similar identifiers.

1. Directly from you through our “Contact Us” page

2. When you consent to the use of cookies

As part of legitimate interest to respond to your queries and perform services for you
B. Personal records information. A name, signature, social security number, address, telephone number, passport number, driver’s license or state identification card number, education, employment, employment history, bank account number, or any other financial information, medical information, or health insurance information. Not collected by Elevate on its website. As part of a contractual obligation to fulfill a customer business requirement
C. Protected classification characteristics under California or federal law. Age, race, national origin, citizenship, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), information relating to same sex benefits, veteran or military status. Not collected by Elevate on its website. As part of a contractual obligation to fulfill a customer business requirement
D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. Not collected by Elevate on its website. As part of a contractual obligation to fulfill a customer business requirement
E. Biometric information. Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints. Not collected by Elevate on its website. As part of a contractual obligation to fulfill a customer business requirement
F. Internet or similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. Information automatically collected from site visitors, Internal analytics As part of legitimate interest in performing services for you, security detection and protection, ad customization, internal research and development, and quality control
G. Sensory data. Audio and Visual information. Not collected by Elevate on its website. As part of a contractual obligation to fulfill a customer business requirement
H. Professional or employment-related information. Current or past job history or performance evaluations. Other data such as salary history, background checks, and other data submitted in your resume or CV. Directly from you through our Careers page As part of legitimate interest in performing HR services, processing of employment application
I. Education information, as defined by the Family Educational Rights and Privacy Act Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. Not collected by Elevate on its website. As part of legitimate interest in performing HR services, processing of employment application

 

Children Under 16

Elevate does not market, collect information from or about, or provide services to minors.

Shine the Light Act and Disclosing Information to Third Parties

Elevate is a B2B company and does not process personal information of individual persons except for website visitors. Elevate may disclose Personal Information to third parties for the following reasons:

  1. Applicable personal data processing done under the instructions of our Controllers.
  2. Instructions given to our suppliers regarding HR and Payroll data.

Elevate does not share any personal information with third parties for their direct marketing purposes. California residents with established business relationships with Elevate under California law may request once a year information about the manner in which Elevate shared certain categories of information with others for their marketing purposes during the prior calendar year. For guidance on how to exercise this right, please refer to the “Contact” section below

Your Rights under the CCPA

The CCPA confers you the following rights:

  1. Right to Notice – You have the right to receive full disclosure regarding (a) when Elevate collects Personal Information, the categories of data Elevate collects, the business purpose(s) for which these are collected, and specific Personal Information collected and (b) if Elevate “sells” or transfers Personal Information to third parties, or otherwise discloses Personal Information for a business purpose, the categories of Personal Information collected/sold, third parties sold to, and business purposes that necessitated selling or disclosure of your Personal Information by Elevate;
  2. Right to Access – You may make a verified request to access your Personal Information that Elevate collected from you, as well as other matters in relation to that, such as the categories of Personal Information collected from you, specific Personal Information collected, and the categories of third parties with whom your Personal Information is shared;
  3. Right to Opt-out – Should Elevate begin selling Personal Information about you to third parties, you have the right, at any time, to direct Elevate to not “sell” your Personal Information;
  4. Right to Deletion – You have the right to request that Elevate delete all the information it has collected about you. Elevate may retain your information in a few permitted instances. These instances include, but not limited to, completing the transaction for which it was collected, detecting security incidents, compliance with legal obligations or applicable laws, or for other internal uses reasonably aligned with the consumer’s expectations; and
  5. Right to equal services and prices – You have the right to non-discrimination in relation to your exercise of your CCPA rights. Elevate is prohibited from denying goods or services, charging different prices or rates, providing a different level or quality, or suggesting that you will receive a different price or rate or a different level or quality of goods or services if you choose to exercise your rights under the CCPA.

For guidance on how to exercise these rights, please refer to the “Contact” section below.

Cookies

Elevate Services, Inc. and its affiliates, do not share or sell personally identifiable information collected from our website. Information about our use of cookies:

  • Strictly necessary cookies. These cookies are essential for the website’s functionality and for your ability to use its features.
  • Preference cookies or “functionality cookies”. The cookies allow a website to remember your choices like language preference and are not enabled by default on our website.
  • Statistics cookies or “performance cookies” are used to improve website functionality. These cookies collect information about how a website is used, pages visited, and links clicked. Any information collection through these types of cookies are aggregated and cannot be used to identify you.

If you choose to continue using our website, you consent to our use of these cookies.  You may choose to opt out through your browser settings or by selecting Preference and Statistics Cookies as a means for opting out.

Security Controls

Your privacy is a top priority for us at Elevate and we shall take all reasonable effort to protect the information we have about you. Elevate follows the ISO/IEC 27001:2013 security management framework for protecting Elevate and customer information and PII. This includes physical and logical security controls and governance designed to secure confidential and sensitive information.

Inapplicability of Privacy Policies of any Linked Sites or Other Parties

Your privacy is a top priority for us at Elevate and we shall take all reasonable effort to protect the information we have about you. Elevate follows the ISO/IEC 27001:2013 security management framework for protecting Elevate and customer information and PII. This includes physical and logical security controls and governance designed to secure confidential and sensitive information.

Do Not Sell My Personal Information

Elevate Services and its affiliates do not sell personal information to third parties for monetary consideration but we may transfer information to a third party providing us with services, which may fall under the definition of “other valuable consideration,” which could be considered a ‘sale’ under the CCPA. If you are resident of the State you can contact us via the toll-free number or e-mail in the “Contact” section below.

Contact

You may contact us via this number +1 310 853 8448 or email us at dpo@elevateservices.com to exercise any of your rights under the CCPA, or for any inquires or concerns relating to such rights. We may require you to submit proof of your identity in order to verify that the collected personal information pertains to you. Your request will be completed within 45 days upon successful identity verification.

Using an Authorized Agent.  You may designate an authorized agent to make a request on your behalf subject to proof of identity and authorization.

Changes to Privacy Notice

Elevate may amend this Privacy Notice to reflect feedback or changes in legislation and reserves the right to make changes to this Privacy Notice at any time. The use of your information is subject to the Privacy Notice in effect at the time of use. The provisions contained in this Privacy Notice supersede all previous notices or policies regarding Elevate’s privacy practices with respect to this site.

 

2. Notice to Nevada Residents

Elevate Services, Inc. and its affiliates do not disclose information for monetary consideration. If you would like to request we never sell your information in the future, please e-mail us at dpo@elevateservices.com. In the e-mail please put “Nevada Resident Do Not Sell” in the subject line and provide your name, postal address, telephone number and e-mail address(es) in the body.

Get the Latest Insights From Elevate

Share This