PRIVACY NOTICE (EFFECTIVE DATE: 16 APRIL, 2021)

I. Introduction.

Your privacy is important. This Privacy Notice (the “Privacy Notice,”) together with its addendums, our Terms of Use for our Websites (as defined below), our Digital Revolution Awards Terms and Conditions (the “DRATC”), and any other documents referred to in this Privacy Notice, DRATC, or the Terms of Use explains how we comply with applicable privacy requirements and sets out minimum standards for how we deal with all personal data that we collect from you, or that you provide to us including via this website and any other websites or applications using the https://digitalrevolutionawards.com domain or Digital Revolution Awards-branded applications of Frank Recruitment Group Services Limited and its Affiliates as defined below (collectively, the “Websites”). The Digital Revolution Awards is a trademark and brand owned by Frank Recruitment Group Services Limited (UK) (“DRA, ” “we,” “us,” or “our”). We have many affiliates including Nigel Frank International Limited (UK), Mason Frank International Limited (UK), Frank Recruitment Group UK Services Limited (UK), Frank Recruitment Group Services USA Ltd. (UK), Rebura Limited (UK), Frank Recruitment Group Inc. (USA), Frank Recruitment Group Services Inc. (USA), Frank Recruitment Group Private Limited (Singapore), Frank Consulting Services Private Limited (Singapore), Frank Recruitment Group Pty Limited (Australia), Frank Recruitment Group GmbH (Germany), Frank Recruitment Group K.K. (Japan), Frank Recruitment Group Sp Zo.o. (Poland), Frank Recruitment Group Poland Sp Z o.o. (Poland), Frank Recruitment Group BV (Netherlands), Frank Recruitment Group S.L. (Spain), Frank Consulting Services S.L. (Spain), and Frank Recruitment Group S.Á.R.L. (Switzerland) (collectively, the “Affiliates”). The Affiliates operate several different brands across the globe such as Nigel Frank, Mason Frank, Nelson Frank, Jefferson Frank, The Revolent Group, The Tenth Revolution Group, Anderson Frank, Washington Frank, FRG Technology Consulting, Rebura, Gulfjob Market and Dynamic Jobs.

This Privacy Notice sets out the basis on which we collect, store, use and disclose personal data we receive in writing, through our Websites and through the awards’ contests we hold,.  It therefore applies to personal data that you provide to DRA telephonically, electronically (including email) and in person.

This information may be updated from time to time, and should be read in the context of any additional specific information such as that provided in privacy policies applicable to specific businesses or local areas as displayed on the relevant Website or distributed to you from time to time.

This Privacy Notice also informs you how we obtain and use information gained by us through your use of the Websites, including by using “cookies” and third party vendors.

Please read the following carefully to understand our views and practices regarding your personal data, how we will treat it and your rights.

This Privacy Notice applies to DRA globally. The first part of the policy is general and applies globally.  The second of the Privacy Notice is comprised of country-specific addendums, and where applicable, DRA will handle Personal Data relying on certain exemptions under local law.  Please be sure to check the addendums below to see if there is one that applies to your country or local jurisdiction.  In the event of a conflict between the general part of this Privacy Notice and an addendum, the addendum prevails.

II. Who are we?

Digital Revolution Awards is a brand operating under Frank Recruitment Group Services Limited to provide awards competitions to celebrate the very best individuals and businesses in the cloud ecosystem in order to recognise the power of the cloud to digitally transform our world; to help us live better and achieve more.

If you want to contact DRA or any of its group companies, please click here.

You can contact DRA’s Chief Privacy Officer (“CPO”) by emailing privacy@frankgroup.com or by sending written correspondences here:

Frank Recruitment Group Services Limited t/a Digital Revolution Awards
The St. Nicholas Building
St. Nicholas Street
Newcastle-Upon-Tyne
Tyne & Wear U.K. NE1 1RF
Attn: Chief Privacy Officer

III. Who does this Privacy Notice protect?

This Privacy Notice protects individuals throughout the world who access our Websites or participate in awards competitions by nominating others or being nominated for an award, or judging a competition.

IV. What information will we collect?

Some of the data that we collect and receive from you is personal data which means that it is information that could personally identify you (“Personal Data” or “PII”). The Personal Data that we may collect from all users of our Websites and users of our recruitment services may include any of the following:

  • Your name;
  • Your age;
  • Your gender;
  • Contact details e.g. street address (including your residence and/or your place of employment), email address, cell (or mobile), work or home telephone numbers;
  • Work Experience;
  • Job Title;
  • Professional Certifications;
  • Education & Qualifications;
  • Skills;
  • Career History;
  • Images (including your image and likenesses);
  • Your voice;
  • Citizenship;
  • References; and
  • IP address

V.  Why do we process your Personal Data?

Generally, we use your Personal Data for our business and activities, and in our efforts to expand and improve our business. Examples include:

A. All users of the Websites and/or our nominees, nominators, and judges

  • DRA To enable us to develop and market other products and services and where you have consented to being contacted for such purposes;
  • To improve our customer service and to make our services more valuable to you (including tailoring the Websites when you log on to enrich your personal online experience);
  • To send you electronically or by post surveys, reports, DRA event details, promotions, offers, networking and client events and general information about relevant industry sectors which we think might be of interest to you, where you have consented to being contacted, or where we have a legitimate interest or other legal rights to contact you, for such purposes (and we will provide you with an opportunity to opt out);
  • To identify you, and respond to and process your requests for information and provide you with a product or service;
  • To amend records to remove personal information;
  • To use your information on an pseudonymized basis to monitor compliance with our equal opportunities policy, other DRA policies and any legal or compliance requirements;
  • To use your information on an pseudonymized basis to create marketing materials; and
  • To carry out our obligations arising from any contracts entered into between you and us, and for other everyday business purposes that involve use of Personal Data.
  • To establish, exercise or defend any legal claims.


B. Nominees, nominators, and judges who participate in awards’ competitions

a) To provide our awards’ competition services to you;

b) To facilitate the awards’ competition process, including but not limited to:

    • Publishing contest rules;
    • Collecting, qualifying and submitting participants, contest applications, judges, and winners;
    • Facilitating the acceptance, rejection, or delivery of contest awards;
    • Providing post award follow up; and

c) To send you electronically or by post surveys, marketing materials about relevant industry sectors which we think might be of interest to you, where we have legitimate interest or other legal right in contacting you for such purposes.

VI. Who do we send your Personal Data to?

A. All users of the Websites and/or our services

  • To third parties where we have retained them to provide services that we or you have requested.
  • To vendors in connection to any awards event, gala, or forum.
  • To third parties to provide data storage, data cleansing and marketing (via email & SMS, standard SMS and text rates may apply) services to DRA where such third parties have agreed to maintain the confidentiality of, and to protect, your Personal Data in accordance with applicable law.
  • To third parties, regulatory or law enforcement agencies if we believe in good faith that we are required by law to disclose it in connection with the detection of crime, the collection of taxes or duties, in order to comply with any applicable law or order of a court of competent jurisdiction, in connection with legal proceedings or other similar cause or circumstance.
  • To DRA affiliates, whose locations can be found at https://www.frankgroup.com/contact . These entities will process your Personal Data in accordance with this Privacy Notice.
  • In the event of a sale, merger, liquidation, receivership or transfer of all or substantially all of the assets, or a controlling interest in the equity, of DRA (or any of its group companies) provided that such counterparty(ies) to any such transaction agrees to adhere to the terms of this Privacy Notice (or a similar document) and applicable law.

VII. What will DRA do if my Personal Data is breached?

DRA has put in place reasonable technical, administrative and physical safeguards intended to prevent a breach of your Personal Data. That being said, DRA cannot guarantee that your Personal Data will not be breached.

A breach can take many forms, including, without limitation, the loss of your Personal Data or the unauthorized access to, disclosure, modification, copying and transfer of your Personal Data.

Once DRA becomes aware of the breach, DRA will take reasonable steps to isolate the breach, stop the breach, determine the root cause, determine the Personal Data breached, fix the root cause and determine if notice to you and/or the appropriate government agency(ies) is required.  DRA will comply with all applicable law in reacting to, and dealing with, a breach of Personal Data.

If you believe, for any reason, that your Personal Data has been breached while in DRA’s care, custody or control, please email DRA immediately at privacy@frankgroup.com.

If DRA obtains your Personal Data from someone other than you, this Privacy Notice includes  all information required under applicable law except that DRA shall not provide you with this information if you already possess this information, providing you with such information is against (or not mandatory under) applicable law, is subject to an obligation of professional secrecy, proves impossible, would involve a disproportionate effort or would render impossible or seriously impair the achievement of the objectives of the processing, in which case, DRA shall take appropriate measures to protect your rights, freedoms and legitimate interests. If you have any questions, please contact DRA at privacy@frankgroup.com.

VIII. Will my Personal Data be transferred to another country?

Yes, DRA may transfer your Personal Data to the categories of third parties described in this Privacy Notice, some of whom are located outside of the country in which you provided your Personal Data to DRA or the country of collection.

If so, DRA will take reasonable steps to ensure that your Personal Data is protected and treated in accordance with this Privacy Notice and local applicable law.  The countries where DRA may transfer your Personal Data will have varying levels of data security practices and laws, some of which may be less stringent or protective than your country.  DRA will use all reasonable efforts to require that any of its suppliers and vendors who receive your Personal Data are contractually bound to (a) keep your Personal Data confidential and (b) take, at a minimum, reasonable efforts to maintain the privacy and security of your Personal Data.

Under certain circumstances, DRA may share your Personal Data with one or more of its group companies who may be located in a country other than yours or other than the country in which DRA collected your Personal Data.  In such cases, DRA will comply with applicable laws and its Intercompany Data Processing Agreements (“DPAs”). The DPAs are incorporated by reference into this Privacy Notice.

IX. How long will DRA store my Personal Data for?

We are required by applicable law to store your Personal Data for as long as is necessary to comply with our legal, regulatory and contractual obligations.  This period of time will vary based on the law in your country and in the country where DRA stores your Personal Data.

In addition, DRA will keep your Personal Data for the identified purposes until it reasonably believes that it no longer needs it, that there is no reasonable chance that you, your employer or your company will do business with DRA, and there is no reason to believe that we will need the Personal Data for any special circumstances such as the issuance or defence of legal proceedings, audit, investigation or collections.

X. Sending DRA Personal Data over the internet

Your Personal Data is held on servers hosted by us, our internet services providers or third party vendors with whom DRA has a contract. The transmission of information via the internet is not completely secure. Although we will take the efforts set forth in the Privacy Notice to protect your Personal Data, we cannot guarantee the security of any data transmitted through or to our Websites.  Any transmission of data by you to us over the internet is at your own risk.

XI. How we collect and aggregate information about visitors to our Websites

We also collect information about the way contest participants and visitors use the Websites in order to improve our services, to understand our users better, and to determine aggregate trends, most popular pages, etc. By using the Websites, you agree that we may share de-identified aggregate data with selected third parties to assist with these purposes. We may also undertake marketing profiling to help us identify services which may be of interest to you.  We may process Personal Data that you submit to us through the Websites under one or more of the permissible bases for processing Personal Data set forth in the Privacy Notice.

XII. Technology and Tools

Like many companies, we use technology and tools that tell us when a computer or device has visited or accessed our content. Those tools include services from search engines and other companies that help us to tailor our products and services to better suit our customers and potential customers. Search engines provide facilities to allow you to indicate your preferences in relation to the use of those tools in connection with computers and other devices controlled or used by you.

We also set out further information below about Cookies and Web Beacons.

A. What are cookies?

A “cookie” is a piece of information that is stored on your computer’s hard drive and which records your navigation of a website so that, when you revisit that website, it can present tailored options to you based upon the stored information about your last visit. You can normally alter the settings of your browser to prevent acceptance of cookies.

Cookies are used are many, many websites, including DRA’s Websites.

B. How do we use cookies and plug-ins?

We use “cookies” and plug ins to: (1) make the Websites function properly and as a user would normally expect of a commercial website, (2) monitor Website user traffic patterns and Website usage.; and (3) help us to advertise to you services we think you, your company or your employer will be interested in.  Our use of these tools helps us to understand how our users use our Websites so that we can develop and improve the design, layout and functionality of the Websites and to provide more efficient and relevant services to you.

C. There are different kinds of cookies with different functions.

The cookies we use are explained below:

  1. Session cookies: these are only stored on your computer during your web session. They are automatically deleted when the browser is closed. They usually store an anonymous session ID allowing you to browse a website without having to log in to each page. They do not collect any information from your computer.
  2. Persistent cookies: a persistent cookie is one stored as a file on your computer, and it remains there when you close your web browser. The cookie can be read by the website that created it when you visit that website again.
  3. Strictly necessary cookies
    These cookies are essential to enable you to use the Websites effectively and therefore cannot be turned off.  Without these cookies, the services available to you on our Websites cannot be provided. These cookies do not gather information about you that could be used for marketing or remembering where you have been on the internet.
  4. Performance cookies
    These cookies enable us to monitor and improve the performance of our Websites. For example they allow us to count visits, identify traffic sources and see which parts of the Websites are most popular. These cookies do not collect information that identifies a visitor, as all information these cookies collect is anonymous and is only used to improve how our Websites work.
  5. Functionality cookies
    These cookies allow our Websites to remember choices you make (such as your user name, language or the region you are in) and provide enhanced features. These cookies can also be used to remember changes you have made to text size, font and other pages of our Websites that you can customise. They may also be used to provide services you have requested such as viewing a video or commenting on a blog.
  6. Personalisation cookies


The DRA Websites use personalisation cookies to help us to advertise jobs that we think may be of interest to you. These cookies are persistent and mean that when you log in, or return to, the particular DRA Website, you may see advertising for jobs that are similar to jobs that you have previously browsed.

For information on how to reject these personalisation cookies, see Section E below

D. Cookies and Plug-ins set by DRA or Third Parties used by DRA

Below are tables listing the cookies that you may encounter on our Websites and the purpose for which we use each one and the duration that the cookie remains in place (unless you take action to reject the cookie). DRA may update these tables from time to time. Most of the cookies on our Websites are set by third parties. DRA works with several third parties to provide services which help us to keep the Websites tailored to your needs. Some of these vendors use cookies to help them deliver these services.

For our DRA Websites generally:

Cookie

Description

Duration

Type

6suuid (6sense)

6sense is a B2B predictive intelligence engine for marketing and sales. 6sense’s privacy policy is located here.

 2 years

Other

E. How to reject cookies

If you don’t wish to receive cookies that are not strictly necessary to perform basic features of our Websites, you may choose to opt out of them by selecting the appropriate box at the bottom of any of the Websites, in a link called “Cookie Preferences.”

Note that most web browsers will accept cookies, but if you would rather that we did not collect data in this way you can choose to accept or reject some or all cookies in your browser’s privacy settings. Rejecting all cookies means that certain features of the Website(s) cannot then be provided to you and accordingly you may not be able to take full advantage of all our Websites’ features. Each browser is different, so check the “Help” menu of your browser to learn how to change your cookie preferences.

For more information generally on cookies, including how to disable them or change cookies’ settings, please refer to aboutcookies.org (http://www.allaboutcookies.org/). You will also find details on how to delete cookies from your computer. Find out how to manage cookies on popular browsers:


To find information relating to other browsers, visit the browser developer’s website.

To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.

F. Web Beacons

DRA may use or include web beacons in emails or other electronic communications that DRA sends to you. We use web beacons to help us analyze the effectiveness of our communications to you. For example, we may use web beacons to understand when and if you opened our email, how many times you opened the email, if you have forwarded the email to another email address, or if you clicked on a link in an email that we sent to you. The web beacons do not collect or give us your PII but they do provide information to us about your actions after receiving a communication from us. If you would like to stop receiving emails with web beacons from us, you may unsubscribe by clicking the “Unsubscribe” link in the email.  However, you may receive auto generated emails from DRA after you create an account on the Websites or take some other affirmative action on the Websites which contain web beacons but do not contain an “Unsubscribe” link. In those cases, just simply email privacy@frankgroup.com if you would like to stop receiving emails from DRA with web beacons.

Also, DRA works with third parties to help manage online advertising who embed web beacons in online job postings and job advertisements that DRA requests these third parties to post online. One such third party that we use is Broadbean. These web beacons allow Broadbean to obtain information such as the IP address of the computer that downloaded the page on which the beacon appears, the URL of the page on which the beacon appears, the time the page containing the beacon was viewed, the type of browser used to view the page, and the information in cookies set by a third party that Broadbean uses such as Google Analytics.  These files enable Google Analytics to recognize a unique cookie on your web browser, which in turn enables Broadbean to learn which advertisements bring users to our Websites or websites on which Broadbean placed our advertisements. The cookie on your web browser was placed by Broadbean, or by another advertiser who works with Google Analytics. With both cookies and web beacon technology, the information that Google Analytics (either directly, see cookie/plug-in chart above) or Broadbean collects and shares with us is anonymous and not personally identifiable. It does not contain your name, address, telephone number, or email address. For more information about Google Analytics, including information about how to opt out of these technologies, go to www.google-analytics.com. For more information about web beacons and cookies placed by Broadbean, please click https://www.broadbean.com/uk/privacy-policy/.

XIII. Links to other websites

Please note that clicking on links and banner advertisements and RSS (Rich Site Summary) feeds may result in your transfer to another website, where data privacy practices may be different than described in this Privacy Notice. It is your responsibility to check other website privacy notices and policies to ensure that you are happy for your personal information, including Personal Data, to be used in accordance with those third parties’ privacy notices and policies. We accept no responsibility for, and have no control over, third party websites, links, adverts or RSS feeds or information that is submitted to or collected by third parties.

XIV. Changes to our Privacy Notice

We reserve the right to change this Privacy Notice from time to time by updating this Privacy Notice on our website. Any changes to this Privacy Notice or any of its addendums will be posted on this Website so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. We encourage you to check this Website frequently for updates. Your continued use of this Website or any DRA services shall constitute your acceptance of the revised Privacy Notice.

DRA will interpret and enforce this Privacy Notice in accordance with all applicable law.

This Privacy Notice was previously updated on October 9, 2020.

This Privacy Notice was last updated on April 16, 2021.

[1] The “Purposes” listed in this chart are brief summaries and not intended to explain all or every reason why DRA uses the particular cookie or plug in. If you have any questions about the cookie table, please click the link to the cookie creator’s website and/or email DRA at privacy@frankgroup.com.

UNITED KINGDOM AND EUROPEAN ECONOMIC AREA ADDENDUM

I. Who is DRA’s Supervisory Authority for Data Protection Purposes?

Until December 31, 2020, DRA has designated the UK Information Commissioner’s Office (“ICO”) as the supervisory authority for purposes of Data Protection Act of 2018 (“DPA2018”) and General Data Protection Regulation (“GDPR”). After December 31, 2020, DRA shall update this United Kingdom and European Economic Area Addendum to reflect a new European Union supervisory authority(ies). After December 31, 2020, the ICO shall remain the supervisory authority for purposes of the DPA2018. This Addendum applies to both United Kingdom and European Economic Area residents.

II. How do we lawfully process your data?

In order to process your Personal Data lawfully DRA must have a legal basis to do so.  DRA relies on three main legal basis for processing your Personal Data:

  • where we obtain your affirmative consent to use your Personal Data in this way;
  • where we have a legitimate interest in processing your Personal Data, which we have balanced against your rights and freedoms and concluded that our processing is justifiable; or
  • where our handling of your Personal Data is necessary for us to perform our legal and contractual  

We may rely on one or more legal bases to process your Personal Data

A. All users of the Websites and/or our services

Legitimate Interests: DRA uses Personal Data that we collect for the following general purposes in the performance of our legitimate interests as a business: to provide the services to our visitors and awards participants; to enhance their experience, to improve our services and to contact awards participants.

Consent: If  you, whether on your own behalf or on behalf of your company or your employer, would like to receive general marketing and other communications from us, you will have the option to affirmatively check a box consenting to DRA processing your Personal Data for this purpose.  DRA may also ask you via email or telephone for your affirmative consent to receive marketing and other communications from us.

Necessary for the performance of a contract: DRA can process your Personal Data in the performance of its contract with your company or employer.

With respect to awards participants and nominees, if DRA obtains your Personal Data from someone other than you, DRA shall inform you of the identity and contact details of the person or entity from whom DRA obtained your Personal Data (upon request for nominees), whether DRA obtained your Personal Data from publicly available sources, the categories of Personal Data that DRA obtained and, if DRA is processing your Personal Data based on its legitimate interest (as described above), the nature of DRA’s legitimate interest.  DRA shall provide you with the information listed in this paragraph by the earlier of (1) one month after DRA obtains your Personal Data or (2) if DRA uses your Personal Data to communicate with you, the first time that DRA communicates with you.

DRA shall not provide you with the information described in the paragraph immediately above if you already possess this information, providing you with such information is against applicable law, is subject to an obligation of professional secrecy, proves impossible, would involve a disproportionate effort or would render impossible or seriously impair the achievement of the objectives of the processing, in which case, DRA shall take appropriate measures to protect your rights, freedoms and legitimate interests.

III. Your Special Rights under Data Protection Laws

A. Do I have a right to be erased (forgotten)?

Yes. You have the right to request that DRA deletes or removes your Personal Data where there is no compelling reason for us to continue to process it. You can exercise this right, free of charge, by sending an email to DRA at privacy@frankgroup.com.

Please note that your right to erasure is not absolute.  DRA will remove your Personal Data when:

  1. the Personal Data is no longer necessary in relation to the purpose for which DRA originally collected and/or processed it;
  2. if DRA is processing your Personal Data on the basis of your consent and you withdraw consent;
  3. you object to the processing of your Personal Data and there is no overriding legitimate interest for us to continue to process it;
  4. the Personal Data was unlawfully processed; and
  5. the Personal Data must be erased to comply with a legal obligation.

DRA can refuse to comply with an erasure request in the following limited circumstances:

(a) to exercise DRA’s right of freedom of expression and information;

(b) to comply with a legal obligation or for the performance of a public interest task;

(c) for archiving purposes in the public interest, scientific research, historical research or statistical purposes; or

(d) for the establishment, exercise or defence of legal claims.

If we remove your Personal Data per your request for erasure, then we will confirm this with you.

If we have disclosed any of your Personal Data to a third party and you submit an erasure request to us, then we will inform (1) you about the recipients and (2) any such third parties of your erasure request unless doing so is impossible or involves disproportionate efforts.

We will respond to your erasure request without undue delay.  Please note that, for your and DRA’s protection, we cannot respond to an erasure request until we have verified the identity of the person making the request.  This verification process may extend the response timeframes set forth in this paragraph.

B. Do I have a right of access to a copy of my Personal Data?

Yes. You have the right to:

  • obtain confirmation that your Personal Data is being processed;
  • a copy of your Personal Data being processed;
  • the purposes of the processing;
  • the categories of personal data being processed;
  • the recipients or categories of recipients to whom DRA has disclosed your Personal Data; and
  • the criteria DRA uses to determine how long it will store your Personal Data.

You can exercise this right by sending an email to DRA at privacy@frankgroup.com.

This right is in place to ensure that you are aware of and can verify the lawfulness of the processing. In most cases, we will provide you with a copy of your Personal Data free of charge. However, we may charge you a reasonable fee if your request is manifestly unfounded, excessive or repetitive. With respect to unfounded, excessive or repetitive requests, in rare cases, DRA may refuse to respond to your request but will explain the reason(s) for its refusal to you without undue delay and within one month of its receipt of your request. If DRA so refuses, you have the right to file a complaint with the ICO and to seek a judicial remedy.

If you submit your access request to DRA electronically, DRA will provide you with its response, and a copy of your Personal Data (if applicable) via email or other commonly used electronic form.

If DRA did not collect your Personal Data from you, DRA will inform you about the source from which it obtained your Personal Data. Your right of access does not adversely affect your right of erasure (forgotten) and right of rectification, both of which are described in this Privacy Notice.

Generally, DRA will provide you with a copy of your Personal Data without undue delay and within one month of its receipt of your request, provided that DRA may extend this time period for up to two additional months if your request is complex or numerous. If DRA exercises this extension of time, DRA will inform you of its decision to exercise the extension within one month of its receipt of your request, and will explain the reason(s) for the extension. If your request is large or complex, DRA may ask you to specify the particular information or category of information you seek.

Please note that, for your and DRA’s protection, DRA cannot respond to an access request until it verifies the identity of the person making the request for your Personal Data. This verification process may extend the response timeframes set forth in the paragraph above.

C. Do I have a right to object to the processing of my Personal Data, including the processing of my Personal Data by DRA for direct marketing?

Yes, you have a right to object to the processing of your Personal Data where:

  • DRA’s processing is based on its legitimate interest; or
  • where DRA is using your Personal Data to directly market to you.

You can exercise this right, free of charge, by sending an email to DRA at privacy@frankgroup.com.

If DRA receives an objection request from you for reasons unrelated to direct marketing, DRA will stop processing your Personal Data unless we can show compelling legitimate ground(s) for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of any legal claims.

If DRA receives an objection request from you for reasons related to direct marketing, we will stop processing your Personal Data.

If you receive a direct marketing communication from DRA and you do not wish to receive future direct marketing communications from DRA, you may request to unsubscribe from future marketing communications by sending DRA an email at privacy@frankgroup.com  In addition, if the direct marketing communication you received was via email, you can click the “Unsubscribe” link at the bottom of the email, fill out the required form and DRA will process your unsubscribe request.  Please allow up to ten (10) business days for your unsubscribe request to take effect.

D. Do I have a right to restrict processing of my Personal Data?

Yes, you have a right to restrict, the processing of your Personal Data.  You can exercise this right, free of charge, by sending an email to DRA at privacy@frankgroup.com.  When you exercise this right, DRA may continue to store your Personal Data but cannot further process it.  DRA will cease processing your Personal Data in the following circumstances:

  1. when you file a rectification request with DRA (see the “Do I have a right to have any inaccurate or incomplete Personal Data rectified?” section below) in accordance with this Privacy Notice and applicable law. The restriction shall remain in place until such time as DRA has verified the accuracy of the Personal Data that is the subject of your rectification request;
  2. where DRA is processing your Personal Data based on its legitimate interest and you file a notice with DRA objecting to the processing of your Personal Data (see the “Do I have a right to object to the processing of my Personal Data?” section above) in accordance with this Privacy Notice and applicable law, DRA will cease processing your Personal Data until such time as DRA has made a determination as to whether its legitimate grounds for continued processing override your reasons for objecting to the processing;
  3. when the processing is unlawful and you do not seek or want erasure and you file a restriction request with DRA in accordance with this Privacy Notice and applicable law instead; and
  4. if DRA no longer needs the Personal Data and you require the data to establish, exercise or defend a legal claim.

While the processing of your Personal Data is restricted, DRA may continue to process such data by storing it, processing it with your consent or processing it for the establishment, exercise or defence of legal claims.

DRA will inform you if it decides to lift a restriction on processing.

If DRA has disclosed any of your Personal Data to a third party and you submit a request to restrict processing, DRA will inform (1) you about the recipients if you so request and (2) any such third parties of your restriction request unless doing so is impossible or involves disproportionate efforts.

DRA will act on your restriction request in accordance with this Privacy Notice without undue delay. Please note that, for your and DRA’s protection, DRA cannot act on a restriction request until it verifies the identity of the person making the request. This verification process may extend the timeframe in which DRA acts on your restriction request.

E. Do I have a right to Personal Data portability?

Yes. You can exercise this right, free of charge, by sending an email to DRA at privacy@frankgroup.com. This right exists to allow you to obtain and use your Personal Data for your own purposes across different services. Under this right, you can move, copy or transfer your Personal Data from DRA to another data controller.

This right applies where DRA is processing your Personal Data with your consent or for the performance of a contract. It also applies if we process your Personal Data by automated means. If your portability request concerns someone other than you, DRA will have to consider whether providing or porting the Personal Data would prejudice the other person’s or people’s rights.

Generally, DRA will respond to your portability request without undue delay and within one month of its receipt of your request, provided that DRA may extend this time period for up to two additional months if your request is complex or numerous. If DRA exercises this extension of time, DRA will inform you of its decision to exercise the extension within one month of its receipt of your request, and will explain the reason(s) for the extension. Where technically feasible, you may request that DRA transmit your Personal Data to another data controller.

F. Do I have a right to object to decision been taken by automated means?

If DRA uses automated (i.e. non-human) methods to process your Personal Data to make decisions that could potentially have a damaging legal or similarly significant effect on you (each, an “Automated Decision”), you have the right not to be subject to the Automated Decision. This right is inapplicable to any Automated Decision made by DRA that is necessary for entering into or the performance of a contract between you and DRA, is authorized by law or is based on your explicit consent.

If DRA makes any Automated Decisions to which this right applies, DRA will ensure that you are able to obtain human intervention, express your point of view and obtain an explanation of the decision and challenge it.

If DRA engages in “profiling” by automated means, DRA will ensure that appropriate safeguards are in place including (1) ensuring that the processing is fair and transparent by providing you with meaningful information about the logic involved and the significance and consequences of the outcome of the decision, (2) using appropriate mathematical or statistical procedures for the profiling, (3) implementing appropriate technical and organizational measures to enable inaccuracies to be corrected and minimize the risk of errors and (4) securing the Personal Data in a way that is proportionate to the risk to your interests and rights and prevents discriminatory effects.

G. Do I have a right to have any inaccurate or incomplete Personal Data rectified?

Yes. You can exercise this right, free of charge, by sending an email to DRA at privacy@frankgroup.com.

Generally, DRA will respond to your rectification request within one month of its receipt of your request, provided that DRA may extend this time period for up to two additional months if your request is complex. In rare cases, DRA may refuse to respond to your request but will explain the reason(s) for its refusal to you within one month of its receipt of your request. If DRA so refuses, you have the right to file a complaint with the ICO and to seek a judicial remedy.

If DRA has disclosed any of your Personal Data to a third party and you submit a rectification request to DRA that DRA is going to honor, DRA will inform (1) you about the recipients and (2) any such third parties of your rectification request as well as any corrected Personal Data, unless doing so is impossible or involves disproportionate efforts.

We will use reasonable endeavours to ensure that your Personal Data is maintained and up to date.

H. What are my rights if the Security of my Personal Data is breached?

A breach of Personal Data (a “Breach”) means a breach of security leading to the destruction, loss, alteration, unauthorized disclosure of, or access to, your Personal Data for which we are responsible under applicable law.

If the Breach is likely to have a significant detrimental effect on your rights and freedoms (such as resulting in discrimination, damage to reputation or financial loss), DRA will notify the ICO without undue delay, and if feasible, within 72 hours of DRA’s becoming aware of the Breach. DRA will assess the determination of “significant detrimental effect” on a case by case basis.

If the Breach is likely to result in a “high risk” to your rights and freedoms, DRA will notify you without undue delay. To be clear, the threshold requiring DRA to notify you of a Breach is higher than the threshold requiring DRA to notify the ICO of a Breach so it is possible that DRA will notify the ICO of a Breach but not you. DRA will assess the determination of “high risk” on a case by case basis.

Any Breach notice issued by DRA will contain, where possible, (1) the categories and approximate number of individuals and Personal Data records effected by the Breach, (2) the name and contact details of the ISM (or other DRA contact representative if DRA does not have a ISM at the time that DRA issues the Breach notice), (3) a description of the likely consequences of the Breach, (4) a description of the measures that DRA has taken, and may take, to stop the Breach and, where appropriate, to mitigate the adverse effects of the Breach and (5) recommendations on actions you can take to protect yourself in light of the Breach.

I. Will my Personal Data be transferred outside the UK, EEA, or Switzerland?

DRA may transfer your Personal Data to third parties described in this Privacy Notice who are located outside of the UK, Switzerland, or EEA. If so, DRA will take reasonable steps to ensure that your Personal Data is protected and treated in accordance with this Privacy Notice and local applicable law. Some of the countries outside the UK, Switzerland, or EEA where your Personal Data may be transferred will be on the EU Commission’s or Swiss Federal Data Protection and Information Commission’s list of countries that it has deemed to have adequate security controls in place (the “Approved List”). Given the European Court of Justice’s decision in Data Protection Commissioner v. Facebook Ireland and Maximilian Schrems, Case C-311/18 (July 16, 2020) (“Schrems II”) as well as the September 8, 2020 Swiss Federal Data Protection and Information Commissioner’s Policy paper on the transfer of personal data to the USA and other countries lacking an adequate level of data protection within the meaning of Art. 6 Para. 1 Swiss Federal Act on Data Protection, and absent consent from the Data Subject (or any other reason provided in GDPR Article 49(1)(b)-(f) or Swiss law as may be amended from time to time), if DRA transfers your Personal Data to processors (which could be external third party vendors or suppliers) that store, transfer, process, or control your Personal Data in a country not on the Approved List or not in the UK, Switzerland, or EEA (“Third Countries”), then DRA shall determine whether each processor (and each subprocessor that a processor has provided DRA formal notice of) can store, transfer, process, or control the Personal Data solely within the UK, Switzerland, EEA, or a country on the Approved List.

  • If DRA determines that the processor (and each subprocessor that a processor has provided DRA formal notice of) can store, transfer, process, or control the Personal Data solely within a country on the Approved List or in the UK, Switzerland, or EEA, we will require such processor (and will require the processor to require each of its applicable subprocessors) to do so.
  • If DRA determines that the processor (and each subprocessor that a processor has provided DRA formal notice of) cannot store, transfer, process, or control the Personal Data in a country on the Approved List or in the UK, Switzerland, or EEA, then:
    • DRA will require such processor (and will require the processor to require each of its applicable subprocessors) to be bound by the model clauses promulgated by the European Commission as provided here: https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32010D0087 (or any updated link which the European Commission from time to time) (“Model Clauses”). When relying on the Model Clauses, DRA shall (a) monitor the laws and regulations of Third Countries for the adequate protections of UK, Swiss, or EEA Data Subjects as required by the GDPR or other local laws and regulations; and (b) terminate the storage, transfer, processing , or control of Personal Data by a processor (or a subprocessor where the process has informed DRA of the country in which such subprocessor is processing your Personal Data) when (i) such laws and regulations of Third Countries are incompatible with the GDPR or other local laws and regulations, or (ii) access to Personal Data is requested by the public authorities of Third Countries and such access is lawful under the laws of the Third Countries but is prohibited under the GDPR or other local laws and regulations. If the events described in III(I)(b)(i)(b)(i) or (ii) occur, DRA will confer with the appropriate supervisory authority regarding appropriate actions to safeguard your Personal Data.
  • DRA shall also require the processor (and will require each processor to require its applicable subprocessors) to determine whether each processor or subprocessor can store, transfer, process, or control the Personal Data solely within the UK, Switzerland, EEA, or a country on the Approved List.
  1. If processor (or its applicable subprocessors) can store, transfer, process, or control the Personal Data solely within the UK, Switzerland, EEA, or a country on the Approved List, then DRA shall contractually require the processors (and require processor to require its subprocessors to) do so.
  2. If processor (or its applicable subprocessors) must store, transfer, process, or control the Personal Data in a Third Country, then DRA shall require its processors (and require processor to require its subprocessors to) to be bound by the Model Clauses. When relying on the Model Clauses, DRA shall contractually require such processors (and shall also require processors to require their subprocessors) to agree to (a) monitor the laws and regulations of Third Countries for the adequate protections of UK, Swiss, or EEA Data Subjects as required by the GDPR or other local laws and regulations; and (b) terminate the transfer, processing, or control of Personal Data when (i) such laws and regulations of Third Countries are incompatible with the GDPR or other local laws and regulations, or (ii) access to Personal Data is requested by the public authorities of Third Countries and such access is lawful under the laws of the Third Countries but is prohibited under the GDPR or other local laws and regulations. If the events described in III(I)(c)(2)(b)(i) or (ii) occur with respect to your Personal Data (and if DRA has formal notice that the events described in III(I)(c)(2)(b)(i) or (ii) have occurred), DRA will confer with the appropriate supervisory authority regarding appropriate actions to safeguard your Personal Data.

Under certain circumstances, DRA may share your Personal Data with one or more of its group companies who may be located in a Third Country. In such cases, DRA will comply with its DPAs. The DPAs are incorporated by reference into this Addendum

J. How long will DRA store my Personal Data for?

We are required by law to store your Personal Data for as long as is necessary to comply with our legal, regulatory and contractual obligations.

With respect to GDPR (and similar laws), we will store and process your Personal Data that we obtain via: (i) your consent, until the earlier of (a) the purpose for which we obtained such information has been fully accomplished or (b) you inform us that you have withdrawn your consent; (ii) our legitimate interest until the earlier of (a) your Personal data is no longer necessary for the purpose for which it is being processed, or (b) DRA concludes that your rights and freedoms outweigh our right to process your Personal Data; and (iii) our necessity for the performance of a contract, until the termination or expiration of the contract including the termination or expiration of DRA’s and your employer’s or company’s duties or obligations that survive any such termination or expiration.

Furthermore, we will store your Personal Data in special circumstances related to the issuance or defense of legal proceedings, outstanding invoices or in connection with any investigation by or of a government authority.

K. What Protections do I have if DRA transfers my Personal Data to the U.S.?

In short, you have the protections of the Privacy Shield and the Model Clauses, each defined below. Frank Recruitment Group Inc., a Delaware corporation, is DRA’s primary affiliate and operating company in the United States (“DRA US Parent”). DRA US Parent has a subsidiary, Frank Recruitment Group Services Inc., also a Delaware corporation (“DRA US Sub,” collectively with DRA US Parent, “DRA US”).

DRA US and DRA US Sub complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework(s) (“Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, EEA, and the United Kingdom and/or Switzerland, as applicable to the United States in reliance on Privacy Shield.  DRA US and DRA US Sub has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such information.  If there is any conflict between the terms in this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/ . This Privacy Notice only applies to Personal Data within the scope of the DRA US’s Privacy Shield certifications.

DRA US’s contractual clauses for its clients are in the United States of America Addendum below.

DRA US’s Privacy Shield certifications cover Personal Data regarding:

(1) current, former, and prospective employees in connection with the employment relationship which is covered by a separate, employee only, Privacy Notice that has been made available to DRA US employees;

(2) Personal Data regarding awards participants and nominees; and

(3) Personal Data regarding third parties (such as service providers and independent contractors) and their personnel and employees, in connection with our awards services.

Our certifications do not cover any disclosure of an individual’s Personal Data to a third party who processes the Personal Data for its own purposes when the disclosure is made at the request of the individual.

DRA US disclose Personal Data to third party service providers in connection with the operation of their respective businesses, including their provision of services to awards participants and nominees. DRA US ascertain that these third party service providers provide at least the same level of privacy protection as is required by the Privacy Shield Principles. DRA US may be liable if both (a) third parties fail to meet these obligations and (b) DRA US is responsible for the event giving rise to the damage.

DRA US are subject to the investigatory and enforcement powers of the United States Federal Trade Commission. DRA US may be required to disclose Personal Data to law enforcement, regulatory or other government agencies, or to other third parties, in each case to comply with legal, regulatory, or national security obligations or requests.

Any questions or complaints concerning DRA US’s Privacy Shield compliance, or requests to access, correct, amend, delete, or limit the use or disclosure of Personal Data (opt out) may be directed to privacy@frankgroup.com. If DRA US has not been able to satisfactorily resolve the issue, then you may raise it with (1) your data protection authority (see paragraph immediately below) or (2) the International Centre for Dispute Resolution/American Arbitration Association (“ICDR/AAA“) for non-HR related recourse, which can be contacted at http://go.adr.org/privacyshield.html. Under certain conditions, individuals may have the possibility to engage in binding arbitration through the Privacy Shield Panel. To find out more about individual binding arbitration, please visit https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

L. UK/EEA residents. Should your complaint relate to DRA US’s failure to comply with its Privacy Shield commitments and remains unresolved and you reside in the UK/EEA, then you should contact the EEA/UK Supervisory Authorities (the “SAs”) who act as an independent recourse mechanism to settle all such disputes. Such complaints can be directed either to the EEA/UK SAs panel secretariat or individual EEA/UK SAs.

Currently, the contact information relevant to the submission of the standard complaint form is as follows: Commission Européenne, Directorate General Justice, Directorate C (Fundamental Rights and Union Citizenship) of the European Commission, Data Protection Panel, B-1049 Brussels, Belgium, Telephone: (32-2) 299 11 11, Fax: (32-2) 298.80.94, email: ec-dppanel-secr@ec.europa.eu.

You can find the standard compliant form at https://edps.europa.eu/data-protection/our-role-supervisor/complaints/edps-complaint-form_en.

The contact information for individual EU SAs can be found at: http://ec.europa.eu/justice/data-protection/bodies/authorities/eu/index_en.htm

M. Swiss residents. Should your complaint relate to DRA US’s failing to comply with our Privacy Shield  commitments and remains unresolved and you reside in Switzerland, then you should contact the Federal Data Protection and Information Commissioner (FDPIC) of Switzerland with whom DRA US has agreed to cooperate regarding such disputes.

The contact information for the Swiss FDPIC can be found at: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/links/data-protection—switzerland.html.

Under the EU-U.S. Privacy Shield, the following independent dispute resolution bodies designated to address complaints will provide appropriate recourse free of charge to the individual: (1) the panel established by SAs, (2) an alternative dispute resolution provider based in the EU, or (3) an alternative dispute resolution provider based in the United States.

Also, under the Swiss-U.S. Privacy Shield, the following independent dispute resolution bodies designated to address complaints will provide appropriate recourse free of charge to the individual: (1) the Commissioner of the FDPIC, (2) an alternative dispute resolution provider based in Switzerland, or (3) an alternative dispute resolution provider based in the United States.

SINGAPORE ADDENDUM

DRA’s Data Protection Officer is Adel Maruf.  You can email the Data Protection Officer at privacy@frankgroup.com.

UNITED STATES OF AMERICA ADDENDUM

  1. If you would like a copy of DRA’s US comprehensive information security program, please email DRA’s CPO at privacy@frankgroup.com.

If DRA receives a “Do Not Track” signal or request from a web browser, DRA will not honor such request or signal. DRA has taken this position in part to provide you with a personalized and efficient experience on the Websites.

As discussed in this Privacy Notice, there are third parties who conduct tracking on the Websites.

Information about web beacons used by DRA and third parties with whom it contracts can be found in Section XII.F of the Privacy Notice above.

  1. For information on DRA US’s compliance with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, see the section entitled “What Protections do I have if DRA transfers my Personal Data to the U.S.?” of the United Kingdom and the European Economic Area Addendum above. Additionally, U.S. law requires certain contracts entered into by DRA US contain the rights, obligations and requirements set forth in Sections II(A) through II(C) inclusive below (collectively, the “Privacy Shield Terms”). Accordingly, the following Privacy Shield Terms, to which DRA reserves the right to revise from time to time without notice, shall be incorporated by reference where these Privacy Shield Terms are required:

(A). In the event DRA US transfers to client or any of its affiliates, or provides client or any of its affiliates with access to any Personal Data (as defined for this Section II below) of European Union or Switzerland residents, including employees of DRA or its affiliates and actual or prospective DRA nominees or awards participants, and client maintains, receives, has access to, stores, uses or processes such Personal Data in the United States, client shall comply with data protection, data security and confidentiality requirements at least as strong as those set forth in the Privacy Shield Principles issued by the U.S. Department of Commerce, as revised from time to time (collectively, the “Principles”) During the term of such contracts and while client creates, receives, maintains, stores, uses, processes or disseminates any Personal Data, client shall:

  1. use the Personal Data only for the specific and limited purposes intended the DRATC, including for awards participation and nomination purposes;
  2. provide immediate written notice to either DRA US Parent or DRA US Sub as applicable if (a) client determines that it can no longer meet its obligation to provide the same level of protection of the Personal Data as is required by the Principles, and in such case client shall cease processing the Personal Data or (b) client becomes aware of any accidental or unlawful destruction of, or accidental loss or alternation of or unauthorized disclosure or access to, any Personal Data (a “Breach”) which notice shall include a description of the quantity of Personal Data subject to the Breach, the approximate length and duration of the Breach, the data subjects whose Personal Data was subject to the Breach and a Breach remediation plan;
  3. at its cost, employ its best efforts to stop, limit and remediate the Breach, perform a “root cause” analysis of the Breach, employ its best efforts to prevent the same or a similar Breach from reoccurring and keep DRA up to date on all its efforts under this subsection II(A)(3);
  4. implement appropriate technical and organizational measures to protect Personal Data against a Breach;
  5. not transfer any Personal Data to third parties without the data subject’s prior written or email consent (which either DRA US Parent or DRA US Sub as applicable shall attempt to obtain after receiving notice from client of its need to transfer Personal Data to a third party);
  6. assist DRA US in responding to data subjects exercising their rights under the Principles;
  7. act only on instructions from DRA US; and
  8. either have in place an independent recourse mechanism to handle data subject complaints that complies with the requirements of the Principles or make available an equivalent mechanism.

(B) Upon the termination or expiration of the applicable client contract, client shall, at DRA US’s option, return all Personal Data to either DRA US Parent or DRA US Sub as applicable or permanently destroy all Personal Data (and all copies and derivative works thereof) in its care, custody or control except for any Personal Data that applicable law, if any, requires client to maintain (“Archival Personal Data”). With respect to any Archival Personal Data, client’s obligations and requirements under this Section II shall remain in full force and effect for as long as such Archival Personal Data remains in client’s care, custody or control.

(C) If client forwards or gives access to any of the Personal Data to any third party at any time, including any subprocessor or controller of client, client shall ensure that its written contract with such third party contains the Privacy Shield Terms.

(D) For purposes of this Section II, the term “Personal Data” shall have the same meaning ascribed to that term as in the Principles which can be found at https://www.privacyshield.gov/servlet/servlet.FileDownload?file=015t00000004qAg as revised from time to time.

CALIFORNIA CONSUMER PRIVACY ACT DISCLOSURES

Our goal is to enable individuals and organizations to comply as easily as possible with the California Consumer Privacy Act’s requirement to protect the privacy and data of consumers. As a recruitment service, we respect and protect your privacy and security and are committed to following best practices to support this principle.

Thanks for using DRA. Our goal is to enable individuals and organizations to comply as easily as possible with the California Consumer Privacy Act’s requirement to protect the privacy and data of consumers. As a awards service, we respect and protect your privacy and security and are committed to following best practices to support this principle.

We – meaning Frank Recruitment Group Services Limited and its subsidiaries, including without limitation, Nigel Frank International Limited, Mason Frank International Limited, Frank Recruitment Group UK Services Limited, Frank Recruitment Group Services USA Ltd., Rebura Limited, Frank Recruitment Group Inc., Frank Recruitment Group Services Inc., Frank Recruitment Group Private Limited (Singapore), Frank Recruitment Group Pty Limited (Australia), Frank Recruitment Group GmbH (Germany), Frank Recruitment Group K.K. (Japan), Frank Recruitment Group Sp Zo.o. (Poland), Frank Recruitment Group BV (Netherlands), Frank Recruitment Group S.L. (Spain), Frank Consulting Services S.L. (Spain), and businesses operated by our group under the brand names including Nigel Frank, Mason Frank, Nelson Frank, Jefferson Frank, The Revolent Group, The Tenth Revolution Group, Anderson Frank, Pearson Frank, Washington Frank, DRA Technology Consulting, Gulfjob Market, Rebura, Digital Revolution Awards, and Dynamic Jobs (collectively, “we,” “us,” “our,” or “DRA”)–prepared this Privacy Addendum to help you understand our practices regarding the collection, use, and disclosure of information we collect from you through DRA’s web applications, our websites that link to this Privacy Addendum, and any other services we provide to our customers (collectively, “Services”).

By accessing or using the Services, you agree to this Privacy Addendum, our Do Not Sell NoticePrivacy Notice, the Terms of Use.

I. Information from Children

DRA is not directed to children under the age of 13 and we do not knowingly collect personally identifiable information from children under the age of 13. If we learn that we have collected personally identifiable information of a child under the age 13, we will take reasonable steps to delete such information from our files as soon as is practicable. Please contact us at privacy@frankgroup.com, or give us a call at 1-866-I-OPT-OUT (1-866-467-8688) and enter Service Code 717 if you believe we have any information from or about a child under the age of 13.

II. California Consumer Privacy Act Disclosures

The California Consumer Privacy Act, or CCPA, requires businesses subject to this law to provide consumers residing in California with certain rights regarding their personal information.

At this time, we may sell your personal information, so the opt-out or opt-in choices may apply. For more information, visit www.frankgroup.com/donotsell.

Here’s a summary of rights for California consumers under the CCPA:

A. Your Right to Opt Out. You have the right to tell businesses that do sell your personal information to third parties (i.e. not us) not to sell it at any time. Businesses that sell your personal information to third parties must also ensure that the third parties do not resell it unless the business notified you explicitly and provided you with a chance to opt out of resales. These opt-out rights apply to businesses that do not know your age, or know you are older than 16. Businesses must also respect opt outs made by your authorized agent if such authorized agent provides signed written permission from you to do so.

B. Your Right to Opt In. If a business has actual knowledge that you are between ages 13 and 16 (e.g., based information the business collects), businesses cannot sell or allow resales of your personal information without your affirmative authorization. If a business has actual knowledge that you are younger than 13, it may not sell or allow resales of your personal information without your parent or guardian’s affirmative authorization. This is your right to opt in.

C. Your Right to Disclosures. You have the right to know:

1. A link to DRA’s “Do Not Sell My Personal Information” notice.

a) Please visit frankgroup.com/donotsell.

2. A description of a consumer’s rights pursuant to CCPA Section 1798.120:

(a) Your Right to Opt Out. If you’re a consumer residing in California and we sell your information to third parties, you can tell us at any time not to sell your personal information. This right to opt-out applies if we do not know your age or if we know you are older than age 16. Businesses must also respect opt outs made by your authorized agent if such authorized agent provides signed written permission from you to do so.

(b) Your Right to Opt In. If we have actual knowledge that you are between ages 13 and 16 (e.g., based information we collect, or because someone informed us), we will never sell your personal information without your affirmative authorization. If we have actual knowledge that you are younger than 13, we will never sell your personal information without your parent or guardian’s affirmative authorization. This is your right to opt in.

(c) Do We Sell Your Personal Information? At this time, we may sell your personal information and you can opt out at any time. If you opt out, or for children 16 and younger, if you have not opted in, we will not sell your personal information to third parties unless you expressly authorize us to do so.

3. A description of a consumer’s rights pursuant to CCPA Section 1798.110: California consumers have the right to request that we disclose to you:

(a) The categories of personal information it has collected about you.

(b) Personal information is information that identifies or relates to a particular consumer or household including name, postal address, email address, IP address, social security number, personal property records, purchasing histories, biometric information, internet activity such as browsing or search history, geolocation data, employment information, education information and inferences drawn from this information, in so far as it is not publicly available information. In addition to the above types of personal information that we may collect, DRA may collect personal information. Personal information also includes any of the following:

(i) Your name;

(ii) Your age;

(iii) Your gender;

(iv) Contact details e.g. street address (including your residence and/or your place of employment), email address, cell (or mobile), work or home telephone numbers;

(v) Work Experience;

(vi) Job Title;

(vii) Professional Certifications;

(viii) Education & Qualifications;

(ix) Skills;

(x) Career History;

(xi) Images (including your image and likenesses);

(xii) Your voice;

(xiii) Citizenship;

(xiv) References from past employers; and

(xv) IP address.

4. The categories of third parties with whom the business shares personal information.

(a) All users of the websites and/or our services

(i) To third parties where we have retained them to provide services that we or you have requested.

(ii) To third parties to provide data storage, data cleansing and marketing (via email & SMS, standard SMS and text rates may apply) services to DRA where such third parties have agreed to maintain the confidentiality of, and to protect, your personal information in accordance with applicable law.

(iii) To third parties to assist with credit control and payment management.

(iv) To third parties, regulatory or law enforcement agencies if we believe in good faith that we are required by law to disclose it in connection with the detection of crime, the collection of taxes or duties, in order to comply with any applicable law or order of a court of competent jurisdiction, in connection with legal proceedings or other similar cause or circumstance.

(v) To DRA affiliates, whose locations can be found at https://www.frankgroup.com/contact. These entities will process your personal information in accordance with the Privacy Addendum.

(vi) In the event of a sale, merger, liquidation, receivership or transfer of all or substantially all of the assets, or a controlling interest in the equity, of DRA (or any of its group companies) provided that such counterparty(ies) to any such transaction agrees to adhere to the terms of the Privacy Addendum (or a similar document) and applicable law.

5. The categories of sources from which the personal information is collected.

(i) We collect personal information from you actively when you enter it into our services (e.g., your name, your nomination).

(ii) We collect personal information passively when you access our services, to the extent your web browser provides this information to our servers (e.g., your operating system) and also based on your service usage (e.g., when and from what IP address you log on to our services).

(iii) We collect personal information when it is provided to us by either yourself or a third party (for example, nominators).

6. The business or commercial purpose for collecting or selling personal information.

(a) Why do we process your personal information?

(i) Generally, we use your personal information for our business and activities, and in our efforts to expand and improve our business. Examples include:

1. All users of the Websites and/or our services 

(a) To provide our awards services to you, your employer or your company;

(b) To third party vendors to assist us in hosting, managing and operating our websites;

(c) To third party vendors who provide data analysis and data updating services to us;

(i) To third party vendors who provide email and other communications related services to us

(f) To enable you to submit the nomination to DRA, apply online (including through the Websites) for the awards we think may be of interest to you;

(g) To enable us to develop and market other products and services and where you have consented to being contacted for such purposes;

(h) To improve our customer service and to make our services more valuable to you (including tailoring the Websites when you log on to enrich your personal online experience);

(i) To send you electronically or by post surveys, reports, DRA event details, promotions, offers, networking and client events and general information about relevant industry sectors which we think might be of interest to you, where you have consented to being contacted for such purposes (and we will provide you with an opportunity to opt out);

(j) To identify you, and respond to and process your requests for information and provide you with a product or service;

(k) To amend records to remove personal information;

(l) To use your information on an anonymized basis to monitor compliance with our equal opportunities policy, other DRA policies and any legal or compliance requirements;

(m) To use your information on an anonymized basis to create marketing materials such as an awards survey; and

(n) To carry out our obligations arising from any contracts entered into between you and us, and for other everyday business purposes that involve use of personal information.

3. The specific pieces of personal information it has collected about that consumer.

(a) Please email us at privacy@frankgroup.com, or call us toll free at 1-866-I-OPT-OUT (1-866-467-8688) and enter Service Code 717 to request this information. Before we can respond to your request, we’ll need to verify your identity.

4. A description of a consumer’s rights pursuant to CCPA Section 1798.115:

(a) If we sell your personal information or disclose it for a business purpose, you have the right to know:

(i) The categories of personal information that the business collected about the consumer.

(aa) See Section II(C)(3) above (e.g., web log data, registration data,  etc.).

(ii) The categories of personal information that the business sold about the consumer and the categories of third parties to whom the personal information was sold, by category or categories of personal information for each third party to whom the personal information was sold.

(aa) See Sections II(C)(3)-(5) above.

(iii) The categories of personal information that the business disclosed about the consumer for a business purpose.

(aa) See Sections II(C)(3)-(6) above.

(b) If we sell your personal information or disclose it for a business purpose, you have the right to request that we disclose to you (1) the categories of personal information that we collected about you, (2) the categories of personal information we sold about you and the categories of third parties to whom we sold it, by category of personal information for each third party to whom we sold your personal information and (3) the categories of personal information that the business disclosed about the consumer for a business purpose. We are required to verify your identity before providing you with this information if the information would constitute your personal information. To exercise these important rights, please: mail us at privacy@frankgroup.com or call us toll free at 1-866-I-OPT-OUT (1-866-467-8688) and enter Service Code 717 to request this information. Before we can respond to your request, we’ll need to verify your identity.

(c) If we sell your personal information to a third party or disclose it for a business purpose, we are required to disclose:

(i) The category or categories of consumers’ personal information we sold, or if we have not sold your personal information, we shall disclose that fact.

(aa) If we sell your personal information, it will be in the form of your nomination, anonymized or pseudonymized.

(ii) The category or categories of consumers’ personal information it has disclosed for a business purpose, or if the business has not disclosed the consumers’ personal information for a business purpose, it shall disclose that fact.

(aa) We rely on vendors to operate our infrastructure, and accordingly for each category of personal information that we disclosed above as a category that we collect, we disclose it to one of our third-party vendors for a business purpose (i.e. to develop, market, provide and support our business services). Those categories are: web log data, registration data, payment data, service usage data, customer content, consumer content and marketing data.

(d) If we sell your personal information to a third party, it is not allowed to resell it unless we notified you explicitly and provided you with a chance to opt out.

(aa) We do not allow third parties to whom we sell your personal information to resell the personal information, so no opt-out choices apply. See https://www.frankgroup.com/privacy-notice/#ccpa for details.

5. A description of a consumer’s rights pursuant to CCPA Section 1798.125:

(a) Businesses, including us, may not discriminate against you because you exercised any of your consumer privacy rights such as by: (1) denying you goods or services; (2) charging you different prices or rates for goods or services, including via discounts or other benefits or penalties; (3) providing you a different level or quality of goods or services or (4) suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services. Businesses may however discriminate where any difference is reasonably related to the value provided to you by your data.

(b) Businesses, including us, may offer you financial incentives, including payments as compensation, for the collection, sale or deletion of your personal information. If we offer any incentives we will (1) notify you about them in our privacy policy and in any California-specific descriptions of consumer privacy rights we post and (2) only enroll you in them with you opt-in consent after disclosing all material incentive program terms to you. Incentive programs may never be unjust, unreasonable, coercive, or usurious.

(i) We do not currently offer any financial incentives.

6. A description of a consumer’s rights pursuant to CCPA Section 1798.105:

(a) You have the right to request that we delete any personal information about you that we have collected. Before we delete any information, we’ll need to verify your identity. If we delete your information, we’ll also instruct our vendors (aka service providers) to delete it. The CCPA does not obligate us to delete information under all circumstances, including where we need the information to provide our services to you, to detect security incidents, to identify errors in our services, or to comply with legal obligations. If you request that we delete information, we’ll let you know if we are deleting it or if we are not deleting it based on exemptions provided by the CCPA.

7. One or more designated methods for submitting requests (at minimum, a toll-free telephone number):

(a) You may submit any consumer privacy requests by emailing us at privacy@frankgroup.com, or by calling us toll free at 1-866-I-OPT-OUT (1-866-467-8688) and entering Service Code 717. Before we can respond to your request, we’ll need to verify your identity.

III. Your Right to Data Deletion. You have the right to request that we delete any personal information about you that we have collected. Before we delete any information, we’ll need to verify your identity. If we delete your information, we’ll also instruct our vendors (aka service providers) to delete it. The CCPA does not obligate us to delete information under all circumstances, including where we need the information to provide our services to you, to detect security incidents, to identify errors in our services, or to comply with legal obligations. If you request that we delete information, we’ll let you know if we are deleting it or if we are not deleting it based on exemptions provided by the CCPA. You may also delete personal information by using our services dashboard as described above.

IV. Your Anti-Discrimination Rights. Businesses may not discriminate against you exercising any of your consumer privacy rights such as by: (1) denying you goods or services; (2) charging you different prices or rates for goods or services, including via discounts or other benefits or penalties; (3) providing you a different level or quality of goods or services or (4) suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services. Businesses may however discriminate where any difference is reasonably related to the value provided to you by your data. We will not discriminate against you in any way for exercising your privacy rights.

V.  Your Rights Regarding Financial Incentives. Businesses may offer you financial incentives, including payments as compensation for the collection, sale or deletion of your personal information. In this case a business must: (1) notify you about the incentives in its Privacy Addendum and in any California-specific descriptions of consumer privacy rights it posts and (2) only enroll you in them only with your opt-in consent after disclosing all material incentive program terms. Incentive programs may never be unjust, unreasonable, coercive, or usurious. We do not currently offer any financial incentives.

VI. Designated methods for submitting requests. We offer two ways to express your privacy preferences: our email at privacy@frankgroup.com, and the toll free phone number below.

1-866-I-OPT-OUT (1-866-467-8688) and enter Service Code 717#.

VII. Changes to Privacy Addendum

Any information that we collect is subject to the Privacy Addendum in effect at the time such information is collected. We may, however, revise the Privacy Addendum from time to time. If a revision is material, as determined solely by us, we will notify you, for example via email. The current version will always be posted to our Privacy Addendum.

If you have any questions about this Privacy Addendum, or wish to exercise any of your privacy rights, please contact us at privacy@frankgroup.com or at any of the methods described above.

AUSTRALIA ADDENDUM

I. For users accessing the Websites or using our services in Australia, we comply with Australian privacy requirements including the Privacy Act 1988 (Cth) and Australian Privacy Principles, the Spam Act 2003 (Cth), the Do Not Call Register Act 2006 (Cth) and any applicable state/territory privacy laws or industry codes.

II. We will deal with your Personal Data (which has the same meaning as “Personal Information” under the Privacy Act 1988 (Cth)) in accordance with those laws, namely any information from which your identity is apparent or can be reasonably ascertained.

III. Residents of Australia accessing and using the Websites or services are notified that:

A. your Personal Data will be held and processed overseas including in the United States, United Kingdom, Berlin, Germany or Singapore where our offices are located and other countries in which we may open offices in the future. We may also disclose your personal information to others, like our consultants, agents, contractors and service providers, and those that act as data processors, auditors or external advisers, and may be held and processed in other countries including without limitation those listed at the beginning of this subsection “A”;

B. If we use your Personal Data to contact you and you would prefer us not to, or if you indicate a preference for a method of communication, please let us know and we will do our best to respect your preference. When your choice is to continue to deal with us, we take it that you agree to and consent to us using your Personal Information in these ways, providing we follow the system and approach we explain in this Privacy Notice and comply with the applicable law. Where we do not have your Personal Information, we are not able to contact you, process your requests or provide our services to you; and

C. the governing law for the purposes of the Terms of Use and Privacy Notice, and any matters relating to them, including all disputes, will be governed by the laws of New South Wales, Australia.  You unconditionally submit to the non-exclusive jurisdiction of the courts having jurisdiction there.

IV. You may wish to contact us to request access to your Personal Information, to seek to correct it or to make a complaint about privacy.  Our contact details are set out below:

Frank Recruitment Group Pty Ltd
222 Exhibition St

Melbourne VIC 3000
Australia

Email: privacy@frankgroup.com

We will respond to your request for access to Personal Information we hold about you as soon as we reasonably can, including if we are unable to provide you with access (such as when we no longer hold the information).

We do not impose any charge for a request for access, but we may charge you a reasonable fee for our costs associated with providing you with access and retrieval costs.

For complaints about privacy, we will establish in consultation with you a reasonable process, including timeframes, for seeking to resolve your complaint.