EU – US Privacy Shield

EU – US Privacy Shield

Neeyamo Inc.

Privacy Policy | Your Privacy Rights

 

This Privacy Shield Policy describes how Neeyamo Inc. and its affiliates collect, use and disclose personally identifiable information that we receive in the US from the European Union (EU Personal Data). Our website Privacy policy located at https://www.neeyamo.com, and the terms in this policy have the same meaning as the Website  Privacy Policy.

Neeyamo Inc. recognizes that the EU has established strict protections regarding the handling of EU Personal Data, including requirements to provide adequate protection for EU Personal Data transferred outside of the EU. To provide adequate protection for certain EU Personal Data about corporate customers, clients, suppliers, and business partners received in the US, Neeyamo.Inc has elected to self-certify to the EU-US Privacy Shield Framework administered by the US Department of Commerce (“Privacy Shield”).

For purposes of enforcing compliance with the Privacy Shield, Neeyamo.Inc is subject to the investigatory and enforcement authority of the US Federal Trade Commission.

Neeyamo complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries transferred to the United States pursuant to Privacy Shield.  Neeyamo has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/ 

Neeyamo being in the HR industry collects a lot of sensitive and personal data required to process all activities related to the lines of businesses. Client’s/ Employees / Staff in the countries within scope-including full-time, part-time, Consultants and contractors.

The personal data transferred concern the following categories of data:

  • Contact information such as Full Name, Home Address, Email Address, Date of Birth and Financial information
  • Documentation: Education/ Employment documents and Identity proofs.
  • Payroll data, such as banking data necessary to make payments to data subject, compensation information, data on leave, paycheck details (including the following: total gross salary, employee’s wage tax (withheld by the employer), employee’s compulsory social security deduction, employee’s compulsory retirement deduction, employee’s compulsory unemployment deduction, employee’s additional medical care deduction, other compulsory or additional employee’s deductions, employee’s voluntary retirement deduction, employee’s voluntary medical care deduction, other employee’s voluntary deductions, total employee deductions, total net salary, expenses refund and advances, banking details; and third party payments (where acting as an employer surrogate when the employee is on leave for long-term sickness, accident at work or other reason).
  • Special categories of data (if required)
  • Bank account information;
  • Where applicable, religious affiliation and information required to deduct sick payments (if required for payroll and related tax processing); Passport, Social security numbers, details of disabilities, if any.
  • Other special categories of personal data contained in payroll information (if any).

 

We collect and process customer personal information both directly and indirectly;

(i) to provide service(s) agreed through commercial contracts, (ii) managing customer account within our applications, (iii) to verify customer identity or to perform any other authentication that we need to provide service(s), (iv) to maintain customer personal profile, (v) to provide the services that customer have requested including processing transactions, (vi) to tailor / customize our website or other services we provide to customer as per customer requirement, (vii) to enable third parties to perform services or functions on our behalf, for example where this is necessary to process a transaction or provide services, (viii) to comply with applicable laws and regulations.

 

Notice:

Neeyamo Inc. notifies Data Subjects about its data practices regarding Personal Data received by Neeyamo Inc. in the US from EEA (including Liechtenstein, Norway and Iceland). Neeyamo Inc. will not use or disclose Personal Data transferred from an EU Member State to the United States for any purpose that has not previously been disclosed to the data subjects unless: (a) the data subjects has received notice and an opportunity to exercise choice, as described below, with respect to such use or disclosure; or (b) applicable law permits the use or disclosure without requiring that Neeyamo Inc. first comply with the Notice and Choice Principles.

 

Choice:

Neeyamo Inc. currently does not allow personal data to be either shared with third party non-agents or used for reasons other than that for which it was provided.  If this practice should change in the future we will notify individuals beforehand and provide opt-out choice. Neeyamo.Inc maintains reasonable procedures to help ensure that EU Personal Data is reliable for its intended use, accurate, complete, and current.

 

Use and Disclosure of Personal Data and Accountability for Onward Transfer:

Neeyamo Inc. limits access to Personal Data to employees, subcontractors, and third-party agents that have a specific business reason for accessing such Personal Data. Neeyamo has partnerships and alliances in leveraging expertise and knowledge of countries’ local labor laws, labor union rules and collective labor agreements.

We have a triangulated framework for compliance that comprises of three different sources providing us with updates for all the countries on the changing legislative requirements

  • A central team of dedicated compliance experts to oversee and manage all compliance related activities
  • Partnership with leading global audit firms to warranty 100% compliance and to stay abreast in various aspects of compliance management
  • Foot-on-the-ground presence in each and every jurisdiction through a network of carefully shortlisted in-country partners to guarantee last mile

Neeyamo shall disclose the personal information to the third parties like Process Service providers and Compliance Service providers in accordance with applicable laws and regulations. Personal data may also be disclosed in the event of a sale, merger, reorganization, liquidation or similar event.

Note that we also may be required to share EEA personal data in response to lawful requests by public authorities including to meet national security and/or law enforcement requirements.

Neeyamo’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Neeyamo remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Neeyamo proves that it is not responsible for the event giving rise to the damage.

 

Security:

Neeyamo Inc. is committed to safeguarding the Personal Data that it received from the EU. Neeyamo Inc. possession from loss, misuse, unauthorized access, disclosure, alteration and destruction.

Neeyamo Inc. utilizes security technologies, procedures and organizational measures to help safeguard Personal Data.  For example, facility security is designed to prevent unauthorized access to Neeyamo Inc. computers.  Electronic security measures including, for example, network access controls, passwords and access logging provide protection from hacking and other unauthorized access.

 

Data Integrity & Purpose Limitation:

Neeyamo Inc. will use personal data only in ways that are compatible with the purposes for which it was collected or subsequently authorized by you. Neeyamo Inc. will take reasonable steps to ensure that personal data is relevant to its intended use, accurate, complete, and current. Neeyamo Inc. depends on you to update and correct your personal data to the extent necessary for the purposes for which it was collected and subsequently authorized by you.

 

Access:

Pursuant to the Privacy Shield Frameworks, EU individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States.  Upon request, we will provide you with access to the personal information that we hold about you.  You may also correct, amend, or delete the personal information we hold about you.  An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to privacy@neeyamo.com.  If requested to remove data, we will respond within a reasonable timeframe.

Data subjects who wish to review or update their Personal Data can do so by contacting Neeyamo Inc. Data Privacy office at 14317 La Rinconada Dr, Los Gatos, CA 95032. Neeyamo Inc. may require verification of identity before providing access to Personal Data.

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized.  To request to limit the use and disclosure of your personal information, please submit a written request to privacy@neeyamo.com

 

Recourse, Enforcement and Liability:

Neeyamo’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Neeyamo remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Neeyamo proves that it is not responsible for the event giving rise to the damage.

In compliance with the Privacy Shield Principles, Neeyamo commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union individuals with Privacy Shield inquiries or complaints should first contact Neeyamo by email at privacy@neeyamo.com or via post at: Data Privacy office at 14317 La Rinconada Dr, Los Gatos, CA 95032

Neeyamo has further committed to refer unresolved Privacy Shield complaints to BBB EU Privacy Shield, an alternative dispute resolution provider located in the United Sates. If you do not receive timely acknowledgement of your complaint from us, or if we have not resolved your complaint, please contact or visit https://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information or to file a complaint.  The services of BBB EU Privacy Shield are provided at no cost to you.

Finally as a last resort and under limited circumstances, EU individuals with residuals may invoke a binding arbitration option before a Privacy Shield Panel.  For more information on this option please see Annex 1 of the Privacy Shield at https://www.privacyshield.gov/article?id=ANNEX-I-introduction

 

Human Resources Data within the Context of the HR Relationship:

If your complaint involves human resources data transferred to the United States from the EU in the context of the employment relationship, and Neeyamo does not address it satisfactorily, Neeyamo commits to cooperate with the panel established by the EU data protection authorities (DPA Panel), as applicable and to comply with the advice given by the DPA panel, as applicable with regard to such human resources data.  To pursue an unresolved human resources complaint, you should contact the state or national data protection or labor authority in the appropriate jurisdiction.  Complaints related to human resources data should not be addressed to the BBB EU PRIVACY SHIELD.

Contact details for the EU data protection authorities can be found at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm

 

Changes to this Policy

We reserve the right to amend this Policy from time to time consistent with the Privacy Shield’s requirements.

 

Effective Date: March 1, 2019