1. Purpose and Principles
Orion System Integrators LLC. and its affiliated U.S. entities (collectively, “Orion,” “we,” “us,” and “our”) adhere to the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework published by the U.S. Department of Commerce (“Principles”, “Privacy Shield” or “Privacy Shield Program”).
This Statement outlines the general policies and practices that Orion has adopted towards implementing the Privacy Shield Framework, including details on the types of personal data that the firm gathers, how that information is used, the options available to individuals affected by our use of such information, and the options available to them to correct personal data relating to them. If there is any conflict between what is described in this statement and the Principles, the Principles will govern.
This Statement applies to European Union non-HR and HR data and Swiss non-HR and HR data transferred under the Privacy Shield Framework from member countries of the European Union and Switzerland to Orion’s various operational centers in the U.S. It does not apply to Personal Data that is transferred under other mechanisms, such as Standard Contractual Clauses. To learn more about the Privacy Shield Programs and to view Orion’s certification, please visit:
2. What personal data do we collect?
Orion may collect and process personal data that is provided to us by our own employees and potential employees for administrative and recruitment purposes.
Orion otherwise does not itself knowingly collect personal data. To the extent that Orion obtains any personal data, it has been collected and transferred to us by our clients in connection with the professional services that we provide to our clients.
Consent for collecting, using and disclosing personal data (including sensitive data) may be required from individuals who intend to use our services. Such consent will be obtained through engagement letters, employment agreements, and other similar documents.
For purposes of this statement, “personal data” means information that:
- Pertains to an identified or identifiable natural person who is in the European Union or Switzerland and can be linked either directly or indirectly to that individual; and
- Is transferred from the European Union or Switzerland to the United States under the Privacy Shield Framework.
3. How do we use and share personal data?
- To the extent that we obtain any personal data, we agree to inform people about the type of personal data collected from them, about how we use the data, and about how they can contact us about their privacy concerns.
- We use this statement, as well as our engagement letters or other similar documents, and direct communication with the individuals from whom personal data is collected to pass on this information.
- Following the Privacy Shield Program, we process personal data relating to our own employees and potential employees for administrative and recruitment purposes.
- We process personal data related to our clients and their personnel for the purpose of providing professional services to them.
- We will not disclose personal data to third parties, except under the following circumstances:
- The individual concerned has given us permission to make the disclosure.
- Lawful requests from public authorities in the interest of national security or law enforcement require such disclosure.
- Requirements under law or mandatory professional standards demand such disclosure.
- Sale or disposal of our business in whole or in part requires such disclosure.
- The information in question is already available in the public domain.
- The establishment or defense of legal claims reasonably require such disclosure.
- The disclosure being made is to another Orion entity, or to persons or entities (transferee) that are providing services on behalf of Orion or on behalf of the individual providing the personal information, and is being made consistent with the purpose for which the information was originally obtained, provided that with respect to the information in question, the transferee:
- Is subject to law providing adequate protection to data privacy; or
- Has agreed to provide adequate level of data protection.
- We only disclose personal information with the below third party for payroll processing and legal services for Orion employees in Germany
- Payroll processing – (KBK GmbH Wirtschaftsprüfungsgesellschaft / Steuerberatungsgesellschaft)
- Legal Services – HEUSSEN Rechtsanwaltsgesellschaft mbH
- If the need to do so arises, Orion may transfer personal data from one jurisdiction to another. Privacy laws vary from jurisdiction to jurisdiction, and the level of protection provided may also vary. Orion however, will continue to protect the privacy of personal data as per the Privacy Shield Program irrespective of the jurisdiction where the data resides.
4. How you can see and change your data (Access)?
Under the Privacy Shield Program, individuals have the right to access the personal data that Orion has about them. Individuals wanting to access the data will have to provide identification details such as name, address, date of birth etc. Additional information may be called for, such as a national identifier (e.g. Social Security Number) as a further precautionary measure. Orion may limit or deny access to personal information under circumstances where providing such access would be unreasonably burdensome or overly expensive, or where it would be detrimental to the rights of people other than the individual seeking access.
European Union and Swiss Persons may have the option to select binding arbitration under the Privacy Shield Panel for the resolution of your complaint under certain circumstances. For further information, please see the Privacy Shield website.
Please email us at [email protected] if you feel you need to correct, modify, or delete inaccurate information, or information that has been obtained in contravention of the principles of the Privacy Shield Program. Storage of personal data collected will be as per Orion’s data retention requirements and corporate policies.
5. Data security and integrity
Personal data collected will be processed and used solely for the purpose for which it was originally collected or authorized to be collected by the individual. We will take all reasonable steps to ensure that the data so collected is correct, complete, current and reliable regarding its intended use.
Various physical, logical, and policy measures are used to protect personal data from loss, misuse or unauthorized access, disclosure, alteration or destruction. Personal information displayed on websites will be protected by standard encryption processes.
6. Accountability and enforcement
Orion has put processes and practices in place to monitor compliance with requirements under the Privacy Shield Program, and to address queries and concerns regarding compliance.
- If the dispute relates to personal data collected in the context of an employment relationship, Orion will work with EU Data Protection Authorities, which serves as an Independent Recourse Mechanism for HR data covered by privacy shield. If it is determined that Orion has failed to comply with the terms of the Privacy Shield Program, appropriate steps will be taken to address the fallout of such non-compliance, and to ensure there is no recurrence of the same.
- If the dispute relates to other types of data, individuals are free to approach EU Data Protection Authorities or Swiss Federal Data Protection and Information Commissioner
Personnel working for Orion who violate our privacy policies will face disciplinary action.
7. Accountability for Onward Transfers
Orion does not transfer data to third parties outside of its agents. Orion will obtain assurances from its agents that they will safeguard personal information consistently with this Policy. Examples of appropriate assurances that may be provided by agents include: a contract obligating the agent to provide at least the same level of protection as is required by the relevant EU-US Privacy Shield and Swiss-US Privacy Shield Principles or being subject to another European Commission adequacy finding. Where Orion has knowledge that an agent is using or disclosing personal information in a manner contrary to this Policy, Orion will take reasonable steps to prevent or stop the use or disclosure. Orion is liable for appropriate onward transfers of personal data to third parties who do not comply with the Privacy Shield principles.
Please be aware that Orion may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
8. Recourse, Enforcement, and Liability
Orion participation in the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework is subject to investigation and enforcement by the Federal Trade Commission.
In compliance with the Privacy Shield Principles, Orion commits to resolve complaints about your privacy and our collection or use of your Personal Data. Data Subjects with inquiries or complaints regarding this Privacy Shield Policy should first contact Orion at: [email protected].
Orion will satisfy the requirement of this Principle through the following:
Compliance with legal or regulatory supervisory authorities that provide for handling of individual complaints and dispute resolution; and Commitment to cooperate with (DPA) data protection authorities located in the EU, and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data and non-human resources data transferred from the EU and Switzerland.
Under certain conditions detailed in the Privacy Shield, Data Subjects may be able to invoke binding arbitration before the Privacy Shield Panel to be created by the U.S. Department of Commerce and the European Commission.
Orion agrees to periodically review and verify its compliance with the Privacy Shield Principles, and to remedy any issues arising out of failure to comply with the Privacy Shield Principles. Orion acknowledges that its failure to provide an annual self-certification to the U.S. Department of Commerce will remove it from the Department’s list of Privacy Shield participants.
9. Changes to this Privacy Shield Policy
This Privacy Shield Policy may be amended from time to time consistent with the requirements of the Privacy Shield Program. Appropriate notice will be given regarding such amendments.
For further information or to file a complaint, please contact us.
Orion Global Compliance Department
Orion System Integrators LLC
333 Thornall Street
Edison NJ – 08837