Tenth Revolution Group Privacy Notice

Effective date: May 18, 2020
Last updated: May 15, 2024

Table of Contents

I. Introduction

Your privacy is important. This Privacy Notice (the “Privacy Notice”) together with its addendums, our Terms of Use and any other documents referred to in this Privacy Notice or the Terms of Use explains how we comply with applicable privacy requirements and sets out minimum standards for how we deal with all personal data that we collect from you, or that you provide to us including via this website and any other websites using the tenthrevolution.com domain or Tenth Revolution Group-branded applications of Frank Recruitment Group Services Limited and its Affiliates as defined below (collectively, the “Websites”). The Tenth Revolution Group is a trademark and brand owned by Frank Recruitment Group Services Limited (“Tenth Revolution Group, ” “we” “us” “our” “TRG”). FRG has many affiliates including Nigel Frank International Limited, Mason Frank International Limited, Frank Recruitment Group UK Services Limited, Frank Recruitment Group Services USA Ltd., Frank Recruitment Group Inc., Frank Recruitment Group Services Inc., Frank Recruitment Group Private Limited (Singapore), Frank Consulting Services Private Limited (Singapore), Frank Recruitment Group Pty Limited (Australia), Frank Recruitment Group GmbH (Germany), Frank Recruitment Group K.K. (Japan), Frank Recruitment Group Sp Zo.o. (Poland), Frank Recruitment Group Poland Sp Zo.o. (Poland), Frank Recruitment Group BV (Netherlands), Frank Recruitment Group S.L. (Spain), Frank Consulting Services S.L. (Spain), Frank Recruitment Group Sarl (Switzerland), Frank Recruitment Group Inc. /Groupe de Recrutement Frank Inc. (Canada), Frank Consulting Services SAS (France), and businesses operated by our group under the brand names including Frank Recruitment Group (FRG), Nigel Frank, Mason Frank, Nelson Frank, Jefferson Frank, Revolent, Tenth Revolution Group, Anderson Frank, Washington Frank, FRG Technology Consulting, Digital Revolution Awards, and Dynamic Jobs.

This Privacy Notice sets out the basis on which we collect, store, use and disclose personal data we receive in writing, through our Websites, or through the cloud talent solution services that we provide. It therefore applies to personal data that you provide to TRG telephonically, electronically (including email) and in person.

This information may be updated from time to time, and should be read in the context of any additional specific information such as that provided in privacy policies applicable to specific businesses or local areas as displayed on the relevant Website or distributed to you from time to time.

This Privacy Notice also informs you how we obtain and use information gained by us through your use of the Websites, including by using “cookies” and third party vendors.

Please read the following carefully to understand our views and practices regarding your personal data, how we will treat it and your rights.

This Privacy Notice applies to TRG globally. The first part of the policy is general and applies globally. The second of the Privacy Notice is comprised of country-specific addendums, and where applicable, TRG will handle Personal Data relying on certain exemptions under local law. Please be sure to check the addendums below to see if there is one that applies to your country or local jurisdiction. In the event of a conflict between the general part of this Privacy Notice and an addendum, the addendum prevails.

II. Who are we?

Tenth Revolution Group is the global leader in cloud talent solutions, providing a unified cloud talent pipeline through our portfolio of niche staffing and talent creation brands. We develop and reskill net new cloud talent through our talent creation brand Revolent Group. We deliver permanent and freelance cloud professionals through our award-winning, specialist global recruitment firm Frank Recruitment Group and its niche technology-aligned brands Nigel Frank International, Mason Frank International, Washington Frank International, Anderson Frank, Nelson Frank, FRG Technology Consulting, and Jefferson Frank. If you want to contact TRG or any of its group companies, please click here.

You can contact TRG’s Chief Privacy Officer (“CPO”) by emailing privacy@tenthrevolution.com or by sending written correspondences here:

Frank Recruitment Group Services Limited
The St. Nicholas Building
St. Nicholas Street
Newcastle-Upon-Tyne
Tyne & Wear U.K. NE1 1RF
Attn: Chief Privacy Officer

Given that TRG does business through its three groups as described above, most of your Personal Data is not governed by this Privacy Notice. Rather, and notwithstanding anything to the contrary herein, your Personal Data is governed by its individual group notices as follows:

  1. For Frank Recruitment Group’s privacy notice, click here.
  2. For Revolent Group’s privacy notice, click here.

III. Who does this Privacy Notice protect?

This Privacy Notice protects individuals throughout the world who access our Websites or receive cloud talent solution services from us. This also includes individuals who are employed by an actual, former or prospective TRG client. A TRG “client” is one of (a) a business that TRG has contracted with to provide cloud talent solution services or is in the process of doing so, (b) a business that TRG may solicit with the intention of providing cloud talent solution services or (c) a business to whom TRG may provide relevant IT market information. Additionally, TRG acts as the data controller for Personal Data (as defined below) obtained concerning those protected under this Section III.

IV. What information will we collect?

Some of the data that we collect and receive from you is personal data which means that it is information that could personally identify you (“Personal Data” or “PII”). The Personal Data that we may collect from all users of our Websites and users of our recruitment services may include any of the following:

  • Your name;
  • Your gender;
  • Contact details e.g. email address, cell (or mobile) or home telephone numbers;
  • Job Title;
  • Other information relevant to help us provide cloud talent solution services;
  • Other information you provide to us; and
  • IP address

 

A. For Prospective TRG-Brand Employees Only (individuals who are desire employment with TRG to provide cloud talent solution services to a TRG client (or an TRG client’s client))

In addition to the Personal Data listed above, TRG may collect the following from you:

  • Tax details and proof of payment and submission; and
  • Bank and payment details.

While this information may relate to your company or your employer rather than being your Personal Data, we have listed this information for transparency.

If your provision of Personal Data to TRG is necessary to enter into a contract with your company or your employer, your failure to provide us with accurate Personal Data may result in TRG not being able to offer or render cloud talent solution services to you, your company or your employer.

V. Why do we process your Personal Data?

Generally, we use your Personal Data for our business and activities, and in our efforts to expand and improve our business. Examples include:

A. All users of the Websites and/or our services

  • To provide our cloud talent solution services to you, your employer or your company;
  • To facilitate the cloud talent solution service process, including but not limited to:
    • For clients, negotiating TRG terms of business.
  • Where permitted by applicable law and unless you tell us otherwise, we (or a third party to whom we have provided your Personal Data under part VI below of this Privacy Notice) may send you emails, SMS messages, or text messages (standard SMS or text message rates may apply);
  • To enable you to submit your CV/resume to TRG, apply online (including through the Websites) for jobs or to subscribe to alerts about jobs we think may be of interest to you;
  • To enable us to develop and market other products and services and where you have consented to being contacted for such purposes;
  • To improve our customer service and to make our services more valuable to you (including tailoring the Websites when you log on to enrich your personal online experience);
  • To send you electronically or by post surveys, reports, TRG event details, promotions, offers, networking and client events and general information about relevant industry sectors which we think might be of interest to you, where you have consented to being contacted for such purposes (and we will provide you with an opportunity to opt out);
  • To identify you, and respond to and process your requests for information and provide you with a product or service;
  • To amend records to remove personal information;
  • To use your information on an pseudonymized basis to monitor compliance with our equal opportunities policy, other TRG policies and any legal or compliance requirements;
  • To use your information on a pseudonymized basis to create marketing materials; and

To carry out our obligations arising from any contracts entered into between you and us, and for other everyday business purposes that involve use of Personal Data.

B. Individuals who work for TRG clients (i.e. a “client contact”)

  • To negotiate and fulfill any aspect of your company’s or employer’s contract with TRG;
  • To answer any questions you have about your company’s or employer’s contract with TRG;
  • To resolve any issue with the issuance, payment, collection or enforcement of an TRG invoice;
  • To collect any property owned by TRG;
  • To establish, exercise or defend any legal claims.

VI. Who do we send your Personal Data to?

A. All users of the Websites and/or our services

  • To third parties where we have retained them to provide services that we or you have requested or that TRG clients have requested including to verify the details you have provided from third party sources.
  • To third parties to provide data storage, data cleansing and marketing services to TRG where such third parties have agreed to maintain the confidentiality of, and to protect, your Personal Data in accordance with applicable law.
  • To third parties to assist with credit control and payment management.
  • To third parties, regulatory or law enforcement agencies if we believe in good faith that we are required by law to disclose it in connection with the detection of crime, the collection of taxes or duties, in order to comply with any applicable law or order of a court of competent jurisdiction, in connection with legal proceedings or other similar cause or circumstance.
  • To TRG affiliates, whose locations can be found at https://www.frankgroup.com/contact. These entities will process your Personal Data in accordance with their respective privacy notices as detailed above
  • In the event of a sale, merger, liquidation, receivership or transfer of all or substantially all of the assets, or a controlling interest in the equity, of TRG (or any of its group companies) provided that such counterparty(ies) to any such transaction agrees to adhere to the terms of this Privacy Notice (or a similar document) and applicable law.

 

B. Individuals who work for TRG clients (i.e. a client contact)

  • To third parties where we have retained them to provide services that you have requested.

VII. What will TRG do if my Personal Data is breached?

TRG has put in place reasonable technical, administrative and physical safeguards intended to prevent a breach of your Personal Data. That being said, TRG cannot guarantee that your Personal Data will not be breached.

A breach can take many forms, including, without limitation, the loss of your Personal Data or the unauthorized access to, disclosure, modification, copying and transfer of your Personal Data.

Once TRG becomes aware of the breach, TRG will take reasonable steps to isolate the breach, stop the breach, determine the root cause, determine the Personal Data breached, fix the root cause and determine if notice to you and/or the appropriate government agency(ies) is required. TRG will comply with all applicable law in reacting to, and dealing with, a breach of Personal Data.

If you believe, for any reason, that your Personal Data has been breached while in TRG’s care, custody or control, please email TRG immediately at privacy@tenthrevolution.com.

If TRG obtains your Personal Data from someone other than you, this Privacy Notice includes all information required under applicable law except that TRG shall not provide you with this information if you already possess this information, providing you with such information is against (or not mandatory under) applicable law, is subject to an obligation of professional secrecy, proves impossible, would involve a disproportionate effort or would render impossible or seriously impair the achievement of the objectives of the processing, in which case, TRG shall take appropriate measures to protect your rights, freedoms and legitimate interests. If you have any questions, please contact TRG at privacy@tenthrevolution.com.

VIII. Will my Personal Data be transferred to another country?

Yes, TRG may transfer your Personal Data to the categories of third parties described in this Privacy Notice, some of whom are located outside of the country in which you provided your Personal Data to TRG or the country of collection.

If so, TRG will take reasonable steps to ensure that your Personal Data is protected and treated in accordance with this Privacy Notice and local applicable law. The countries where TRG may transfer your Personal Data will have varying levels of data security practices and laws, some of which may be less stringent or protective than your country. TRG will use all reasonable efforts to require that any of its suppliers and vendors who receive your Personal Data are contractually bound to (a) keep your Personal Data confidential and (b) take, at a minimum, reasonable efforts to maintain the privacy and security of your Personal Data.>

Under certain circumstances, TRG may share your Personal Data with one or more of its group companies who may be located in a country other than yours or other than the country in which TRG collected your Personal Data. In such cases, TRG will comply with applicable laws and its Intercompany Data Processing Agreements (“DPAs”). The DPAs are incorporated by reference into this Privacy Notice.

IX. How long will TRG store my Personal Data for?

We are required by applicable law to store your Personal Data for as long as is necessary to comply with our legal, regulatory and contractual obligations. This period of time will vary based on the law in your country and in the country where TRG stores your Personal Data.

In addition, TRG will keep your Personal Data for the identified purposes until it reasonably believes that it no longer needs it, that there is no reasonable chance that you, your employer or your company will do business with TRG, and there is no reason to believe that we will need the Personal Data for any special circumstances such as the issuance or defence of legal proceedings, audit, investigation or collections.

X. Sending TRG Personal Data over the internet

Your Personal Data is held on servers hosted by us, our internet services providers or third-party vendors with whom TRG has a contract. The transmission of information via the internet is not completely secure. Although we will take the efforts set forth in the Privacy Notice to protect your Personal Data, we cannot guarantee the security of any data transmitted through or to our Websites. Any transmission of data by you to us over the internet is at your own risk.

XI. How we collect and aggregate information about visitors to our Websites

We also collect information about the way job seekers and visitors use the Websites in order to improve our services, to understand our users better, and to determine aggregate trends, most popular pages, etc. By using the Websites, you agree that we may share de-identified aggregate data with selected third parties to assist with these purposes. We may also undertake marketing profiling to help us identify candidates, clients, or jobs which may be of interest to you. We may process Personal Data that you submit to us through the Websites under one or more of the permissible bases for processing Personal Data set forth in the Privacy Notice.

XII. Technology and Tools

Like many companies, we use technology and tools that tell us when a computer or device has visited or accessed our content. Those tools include services from search engines and other companies that help us to tailor our products and services to better suit our customers and potential customers. Search engines provide facilities to allow you to indicate your preferences in relation to the use of those tools in connection with computers and other devices controlled or used by you.

We also set out further information below about Cookies and Web Beacons.

A. What are cookies?

A “cookie” is a piece of information that is stored on your computer’s hard drive and which records your navigation of a website so that, when you revisit that website, it can present tailored options to you based upon the stored information about your last visit. You can normally alter the settings of your browser to prevent acceptance of cookies.
Cookies are used are many, many websites, including TRG’s Websites.

B. How do we use cookies and plug-ins?

We use “cookies” and plug ins to: (1) make the Websites function properly and as a user would normally expect of a commercial website, (2) monitor Website user traffic patterns and Website usage.; and (3) help us to advertise to you jobs we think you, your company or your employer will be interested in. Our use of these tools helps us to understand how our users use our Websites so that we can develop and improve the design, layout and functionality of the Websites and to provide more efficient and relevant services to you.

C. There are different kinds of cookies with different functions.

The cookies we use are explained below:

  • Session cookies: these are only stored on your computer during your web session. They are automatically deleted when the browser is closed. They usually store an anonymous session ID allowing you to browse a website without having to log in to each page. They do not collect any information from your computer.
  • Persistent cookies: a persistent cookie is one stored as a file on your computer, and it remains there when you close your web browser. The cookie can be read by the website that created it when you visit that website again.
  • Strictly necessary cookies: These cookies are essential to enable you to use the Websites effectively and therefore cannot be turned off. Without these cookies, the services available to you on our Websites cannot be provided. These cookies do not gather information about you that could be used for marketing or remembering where you have been on the internet.
  • Performance cookies: These cookies enable us to monitor and improve the performance of our Websites. For example they allow us to count visits, identify traffic sources and see which parts of the Websites are most popular. These cookies do not collect information that identifies a visitor, as all information these cookies collect is anonymous and is only used to improve how our Websites work.
  • Functionality cookies: These cookies allow our Websites to remember choices you make (such as your user name, language or the region you are in) and provide enhanced features. These cookies can also be used to remember changes you have made to text size, font and other pages of our Websites that you can customise. They may also be used to provide services you have requested such as viewing a video or commenting on a blog.
  • Personalisation cookies: The TRG Websites use personalisation cookies to help us to advertise jobs that we think may be of interest to you. These cookies are persistent and mean that when you log in, or return to, the particular TRG Website, you may see advertising for jobs that are similar to jobs that you have previously browsed.
  • Targeting cookies: These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites.

For information on how to reject these cookies, see Section E below.

  1. Cookies and Plug-ins set by TRG or Third Parties used by TRG

Below is a table of the cookies that you may encounter on our Websites and the purpose for which we use each one and the duration that the cookie remains in place (unless you take action to reject the cookie). The TRG may update this table from time to time. Most of the cookies on our Websites are set by third parties. The TRG works with several third parties to provide services which help us to keep the Websites tailored to your needs. Some of these vendors use cookies to help them deliver these services.

Host

Cookie

Description

Type ⇅

Duration

www.facebook.com

 

This domain is owned by Facebook, which is the world’s largest social networking service.  As a third party host provider, it mostly collects data on the interests of users via widgets such as the ‘Like’ button found on many websites.  This is used to serve targeted advertising to its users when logged into its services.  In 2014 it also started serving up behaviourally targeted advertising on other websites, similar to most dedicated online marketing companies.

Targeting Cookies

SESSION

tenthrevolution.com

_gat_UA-155270382-1

This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.

Performance Cookies

0 Days

j.6sc.co

_gd#############

This cookie contains no identifying information and is used for diagnostic purposes by Impact Radius, a service we use to track signup commissions for our affiliate program. We have categorized it under Functionality because it is necessary for the operation of our affiliate program.

Performance Cookies

730 Days

www.tenthrevolution.com

_gd#############

This cookie contains no identifying information and is used for diagnostic purposes by Impact Radius, a service we use to track signup commissions for our affiliate program. We have categorized it under Functionality because it is necessary for the operation of our affiliate program.

Performance Cookies

730 Days

6sc.co

6suuid

 

Performance Cookies

730 Days

doubleclick.net

IDE

This domain is owned by Doubleclick (Google). The main business activity is: Doubleclick is Googles real time bidding advertising exchange

Targeting Cookies

389 Days

linkedin.com

lidc

This domain is owned by LinkedIn, the business networking platform. It typically acts as a third party host where website owners have placed one of its content sharing buttons in their pages, although its content and services can be embedded in other ways. Although such buttons add functionality to the website they are on, cookies are set regardless of whether or not the visitor has an active Linkedin profile, or agreed to their terms and conditions.  For this reason it is classified as a primarily tracking/targeting domain.

Functional Cookies

1 Days

tenthrevolution.com

_ga_3X49VJ0JEZ

_ga

Performance Cookies

729 Days

youtube.com

VISITOR_INFO1_LIVE

This cookie is used as a unique identifier to track viewing of videos

Performance Cookies

180 Days

tenthrevolution.com

_fbp

Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers

Targeting Cookies

90 Days

ads.linkedin.com

lang

This domain is owned by LinkedIn, the business networking platform. This sub-domain is connected with LinkedIn’s marketing services that enable website owners to gain insight into types of users on their site based on LinkedIn profile data, to improve targetng.

Targeting Cookies

SESSION

linkedin.com

lang

This domain is owned by LinkedIn, the business networking platform. It typically acts as a third party host where website owners have placed one of its content sharing buttons in their pages, although its content and services can be embedded in other ways. Although such buttons add functionality to the website they are on, cookies are set regardless of whether or not the visitor has an active Linkedin profile, or agreed to their terms and conditions.  For this reason it is classified as a primarily tracking/targeting domain.

Targeting Cookies

SESSION

cdn-ukwest.onetrust.com

OptanonAlertBoxClosed

 

Strictly Necessary Cookies

362 Days

www.tenthrevolution.com

OptanonAlertBoxClosed

This cookie is set by websites using certain versions of the cookie law compliance solution from OneTrust.  It is set after visitors have seen a cookie information notice and in some cases only when they actively close the notice down.  It enables the website not to show the message more than once to a user.  The cookie has a one year lifespan and contains no personal information.

Strictly Necessary Cookies

362 Days

doubleclick.net

test_cookie

This domain is owned by Doubleclick (Google). The main business activity is: Doubleclick is Googles real time bidding advertising exchange

Targeting Cookies

0 Days

t.co

muc_ads

 

Targeting Cookies

729 Days

linkedin.com

bcookie

This domain is owned by LinkedIn, the business networking platform. It typically acts as a third party host where website owners have placed one of its content sharing buttons in their pages, although its content and services can be embedded in other ways. Although such buttons add functionality to the website they are on, cookies are set regardless of whether or not the visitor has an active Linkedin profile, or agreed to their terms and conditions.  For this reason it is classified as a primarily tracking/targeting domain.

Functional Cookies

731 Days

youtube.com

YSC

YouTube is a Google owned platform for hosting and sharing videos. YouTube collects user data through videos embedded in websites, which is aggregated with profile data from other Google services in order to display targeted advertising to web visitors across a broad range of their own and other websites.

Targeting Cookies

SESSION

twitter.com

personalization_id

This domain is owned by Twitter. The main business activity is: Social Networking Services.  Where twitter acts as a third party host, it collects data through a range of plug-ins and integrations, that is primarily used for tracking and targeting.

Targeting Cookies

730 Days

www.linkedin.com

bscookie

This domain is owned by LinkedIn, the business networking platform. It typically acts as a third party host where website owners have placed one of its content sharing buttons in their pages, although its content and services can be embedded in other ways. Although such buttons add functionality to the website they are on, cookies are set regardless of whether or not the visitor has an active Linkedin profile, or agreed to their terms and conditions.  For this reason it is classified as a primarily tracking/targeting domain.

Functional Cookies

731 Days

j.6sc.co

_an_uid

 

Performance Cookies

7 Days

www.tenthrevolution.com

_an_uid

 

Performance Cookies

7 Days

youtube.com

DEVICE_INFO

YouTube is a Google owned platform for hosting and sharing videos. YouTube collects user data through videos embedded in websites, which is aggregated with profile data from other Google services in order to display targeted advertising to web visitors across a broad range of their own and other websites.

Targeting Cookies

179 Days

www.tenthrevolution.com

OptanonConsent

This cookie is set by the cookie compliance solution from OneTrust. It stores information about the categories of cookies the site uses and whether visitors have given or withdrawn consent for the use of each category. This enables site owners to prevent cookies in each category from being set in the users browser, when consent is not given. The cookie has a normal lifespan of one year, so that returning visitors to the site will have their preferences remembered. It contains no information that can identify the site visitor.

Strictly Necessary Cookies

362 Days

cdn-ukwest.onetrust.com

OptanonConsent

 

Strictly Necessary Cookies

362 Days

linkedin.com

AnalyticsSyncHistory

This domain is owned by LinkedIn, the business networking platform. It typically acts as a third party host where website owners have placed one of its content sharing buttons in their pages, although its content and services can be embedded in other ways. Although such buttons add functionality to the website they are on, cookies are set regardless of whether or not the visitor has an active Linkedin profile, or agreed to their terms and conditions.  For this reason it is classified as a primarily tracking/targeting domain.

Functional Cookies

30 Days

tenthrevolution.com

_gid

This cookie name is associated with Google Universal Analytics. This appears to be a new cookie and as of Spring 2017 no information is available from Google.  It appears to store and update a unique value for each page visited._gid

Performance Cookies

1 Days

youtube.com

CONSENT

YouTube is a Google owned platform for hosting and sharing videos. YouTube collects user data through videos embedded in websites, which is aggregated with profile data from other Google services in order to display targeted advertising to web visitors across a broad range of their own and other websites.

Targeting Cookies

5937 Days

tenthrevolution.com

_ga

This cookie name is associated with Google Universal Analytics – which is a significant update to Google’s more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports.  By default it is set to expire after 2 years, although this is customisable by website owners._ga

Performance Cookies

730 Days

linkedin.com

UserMatchHistory

This domain is owned by LinkedIn, the business networking platform. It typically acts as a third party host where website owners have placed one of its content sharing buttons in their pages, although its content and services can be embedded in other ways. Although such buttons add functionality to the website they are on, cookies are set regardless of whether or not the visitor has an active Linkedin profile, or agreed to their terms and conditions.  For this reason it is classified as a primarily tracking/targeting domain.

Functional Cookies

30 Days

linkedin.com

li_gc

This domain is owned by LinkedIn, the business networking platform. It typically acts as a third party host where website owners have placed one of its content sharing buttons in their pages, although its content and services can be embedded in other ways. Although such buttons add functionality to the website they are on, cookies are set regardless of whether or not the visitor has an active Linkedin profile, or agreed to their terms and conditions.  For this reason it is classified as a primarily tracking/targeting domain.

Performance Cookies

727 Days

E. How to reject cookies

If you don’t wish to receive cookies that are not strictly necessary to perform basic features of our Websites, you may choose to opt out of them by selecting the appropriate box at the bottom of any of the Websites, in a link called “Cookie Preferences.”

Note that most web browsers will accept cookies, but if you would rather that we did not collect data in this way you can choose to accept or reject some or all cookies in your browser’s privacy settings. Rejecting all cookies means that certain features of the Website(s) cannot then be provided to you and accordingly you may not be able to take full advantage of all our Websites’ features. Each browser is different, so check the “Help” menu of your browser to learn how to change your cookie preferences.

For more information generally on cookies, including how to disable them or change cookies’ settings, please refer to aboutcookies.org (http://www.allaboutcookies.org/). You will also find details on how to delete cookies from your computer. Find out how to manage cookies on popular browsers:

 

To find information relating to other browsers, visit the browser developer’s website.

To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.

F. Web Beacons

TRG may use or include web beacons in emails or other electronic communications that TRG sends to you. We use web beacons to help us analyze the effectiveness of our communications to you. For example, we may use web beacons to understand when and if you opened our email, how many times you opened the email, if you have forwarded the email to another email address, or if you clicked on a link in an email that we sent to you. The web beacons do not collect or give us your PII but they do provide information to us about your actions after receiving a communication from us. If you would like to stop receiving emails with web beacons from us, you may unsubscribe by clicking the “Unsubscribe” link in the email. However, you may receive auto generated emails from TRG after you create an account on the Websites or take some other affirmative action on the Websites which contain web beacons but do not contain an “Unsubscribe” link. In those cases, just simply email privacy@tenthrevolution.com if you would like to stop receiving emails from TRG with web beacons.

Also, TRG works with third parties to help manage online advertising who embed web beacons in online job postings and job advertisements that TRG requests these third parties to post online. One such third party that we use is Broadbean. These web beacons allow Broadbean to obtain information such as the IP address of the computer that downloaded the page on which the beacon appears, the URL of the page on which the beacon appears, the time the page containing the beacon was viewed, the type of browser used to view the page, and the information in cookies set by a third party that Broadbean uses such as Google Analytics. These files enable Google Analytics to recognize a unique cookie on your web browser, which in turn enables Broadbean to learn which advertisements bring users to our Websites or websites on which Broadbean placed our advertisements. The cookie on your web browser was placed by Broadbean, or by another advertiser who works with Google Analytics. With both cookies and web beacon technology, the information that Google Analytics (either directly, see cookie/plug-in chart above) or Broadbean collects and shares with us is anonymous and not personally identifiable. It does not contain your name, address, telephone number, or email address. For more information about Google Analytics, including information about how to opt out of these technologies, go to www.google-analytics.com. For more information about web beacons and cookies placed by Broadbean, please click https://www.broadbean.com/uk/privacy-policy/.

XIII. Links to other websites

Please note that clicking on links and banner advertisements and RSS (Rich Site Summary) feeds may result in your transfer to another website, where data privacy practices may be different than described in this Privacy Notice. It is your responsibility to check other website privacy notices and policies to ensure that you are happy for your personal information, including Personal Data, to be used in accordance with those third parties’ privacy notices and policies. We accept no responsibility for, and have no control over, third party websites, links, adverts or RSS feeds or information that is submitted to or collected by third parties.

XIV. Changes to our Privacy Notice

We reserve the right to change this Privacy Notice from time to time by updating this Privacy Notice on our website. Any changes to this Privacy Notice or any of its addendums will be posted on this Website so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. We encourage you to check this Website frequently for updates. Your continued use of this Website or any TRG services shall constitute your acceptance of the revised Privacy Notice.

TRG will interpret and enforce this Privacy Notice in accordance with all applicable law.

The effective date of this Privacy Notice is May 18, 2020. This Privacy Notice was updated on May 18, 2020; July 21, 2020; October 26, 2020; February 18, 2021; May 14, 2021, June 21, 2021, July, 17, 2021, July 12, 2023 and March 4, 2024, and April 18, 2024.

This Privacy Notice was last updated on May 15, 2024.

United Kingdom Addendum

I. Who is TRG’s Supervisory Authority for Data Protection Purposes?

TRG has designated the UK Information Commissioner’s Office (“ICO”) as the supervisory authority for purposes of Data Protection Act of 2018 (“DPA 2018”) and Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of Section 3 of the European Union (Withdrawal) Act 2018, as amended by Section 2 of the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019, SI 2019/419, commonly known as the United Kingdom General Data Protection Regulation (“UK GDPR”)

II. How do we lawfully process your data?

In order to process your Personal Data lawfully TRG must have a legal basis to do so. TRG relies on three main legal basis for processing your Personal Data:

  • where we obtain your affirmative consent to use your Personal Data in this way;
  • where we have a legitimate interest in processing your Personal Data, which we have balanced against your rights and freedoms and concluded that our processing is justifiable; or
  • where our handling of your Personal Data is necessary for us to perform the obligations under your company’s or employer’s contract with TRG (inapplicable to candidates for permanent hire).

We may rely on one or more legal bases to process your Personal Data

A. All users of the Websites and/or our services

Legitimate Interests: TRG uses Personal Data that we collect for the following general purposes in the performance of our legitimate interests as a business: to provide the services to our candidates and clients; to enhance their experience, to improve our services and to contact candidates and clients.

B. Individuals who work for TRG clients/vendors (i.e. a client or vendor contact)

Consent: If you would like to receive general marketing and other communications from us, you will have the option to affirmatively check a box consenting to TRG processing your Personal Data for this purpose. TRG may also ask you via email, text message or SMS (standard SMS or text message rates may apply), or telephone for your affirmative consent to receive marketing and other communications from us.

Legitimate Interest: TRG has a legitimate interest in processing your Personal Data in order to provide you with products and services relevant to your company or employer and to market its products and services to you in order to grow our business, to demonstrate our knowledge of the marketplace and relevant technologies and to enhance the standing and recognition of our brands. TRG also has legitimate interest to process your Personal Data if you seek or obtain further information about TRG.

Necessary for the performance of a contract: TRG can process your Personal Data in the performance of its contract with your company or employer.

With respect to actual or prospective client contacts and candidates, if TRG obtains your Personal Data from someone other than you, TRG shall inform you of the identity and contact details of the person or entity from whom TRG obtained your Personal Data, whether TRG obtained your Personal Data from publicly available sources, the categories of Personal Data that TRG obtained and, if TRG is processing your Personal Data based on its legitimate interest (see Section III below), the nature of TRG’s legitimate interest. TRG shall provide you with the information listed in this paragraph by the earlier of (1) one month after TRG obtains your Personal Data or (2) if TRG uses your Personal Data to communicate with you, the first time that TRG communicates with you.

TRG shall not provide you with the information described in the paragraph immediately above if you already possess this information, providing you with such information is against applicable law, is subject to an obligation of professional secrecy, proves impossible, would involve a disproportionate effort or would render impossible or seriously impair the achievement of the objectives of the processing, in which case, TRG shall take appropriate measures to protect your rights, freedoms and legitimate interests.

III. Your Special Rights under Data Protection Laws

A. Do I have a right to be erased (forgotten)?

Yes. You have the right to request that TRG deletes or removes your Personal Data where there is no compelling reason for us to continue to process it. You can exercise this right, free of charge, by sending an email to TRG at privacy@tenthrevolution.com.

Please note that your right to erasure is not absolute. TRG will remove your Personal Data when:

  1. the Personal Data is no longer necessary in relation to the purpose for which TRG originally collected and/or processed it;
  2. if TRG is processing your Personal Data on the basis of your consent and you withdraw consent;
  3. you object to the processing of your Personal Data and there is no overriding legitimate interest for us to continue to process it;
  4. the Personal Data was unlawfully processed; and
  5. the Personal Data must be erased to comply with a legal obligation.

TRG can refuse to comply with an erasure request in the following limited circumstances:

(a) to exercise TRG’s right of freedom of expression and information;

(b) to comply with a legal obligation or for the performance of a public interest task;

(c) for archiving purposes in the public interest, scientific research, historical research or statistical purposes; or

(d) for the establishment, exercise or defence of legal claims.

If we remove your Personal Data per your request for erasure, then we will confirm this with you.

If we have disclosed any of your Personal Data to a third party and you submit an erasure request to us, then we will inform (1) you about the recipients and (2) any such third parties of your erasure request unless doing so is impossible or involves disproportionate efforts.

We will respond to your erasure request without undue delay. Please note that, for your and TRG’s protection, we cannot respond to an erasure request until we have verified the identity of the person making the request. This verification process may extend the response timeframes set forth in this paragraph.

B. Do I have a right of access to a copy of my Personal Data?

Yes. You have the right to:

  • obtain confirmation that your Personal Data is being processed;
  • a copy of your Personal Data being processed;
  • the purposes of the processing;
  • the categories of personal data being processed;
  • the recipients or categories of recipients to whom TRG has disclosed your Personal Data; and
  • the criteria TRG uses to determine how long it will store your Personal Data.

You can exercise this right by sending an email to TRG at privacy@tenthrevolution.com.

This right is in place to ensure that you are aware of and can verify the lawfulness of the processing. In most cases, we will provide you with a copy of your Personal Data free of charge. However, we may charge you a reasonable fee if your request is manifestly unfounded, excessive or repetitive. With respect to unfounded, excessive or repetitive requests, in rare cases, TRG may refuse to respond to your request but will explain the reason(s) for its refusal to you without undue delay and within one month of its receipt of your request. If TRG so refuses, you have the right to file a complaint with the ICO and to seek a judicial remedy.

If you submit your access request to TRG electronically, TRG will provide you with its response, and a copy of your Personal Data (if applicable) via email or other commonly used electronic form.

If TRG did not collect your Personal Data from you, TRG will inform you about the source from which it obtained your Personal Data. Your right of access does not adversely affect your right of erasure (forgotten) and right of rectification, both of which are described in this Privacy Notice.

Generally, TRG will provide you with a copy of your Personal Data without undue delay and within one month of its receipt of your request, provided that TRG may extend this time period for up to two additional months if your request is complex or numerous. If TRG exercises this extension of time, TRG will inform you of its decision to exercise the extension within one month of its receipt of your request, and will explain the reason(s) for the extension. If your request is large or complex, TRG may ask you to specify the particular information or category of information you seek.

Please note that, for your and TRG’s protection, TRG cannot respond to an access request until it verifies the identity of the person making the request for your Personal Data. This verification process may extend the response timeframes set forth in the paragraph above.

C. Do I have a right to object to the processing of my Personal Data, including the processing of my Personal Data by TRG for direct marketing?

Yes, you have a right to object to the processing of your Personal Data where:

  • TRG’s processing is based on its legitimate interest; or
  • where TRG is using your Personal Data to directly market to you.

You can exercise this right, free of charge, by sending an email to TRG at privacy@tenthrevolution.com.

If TRG receives an objection request from you for reasons unrelated to direct marketing, TRG will stop processing your Personal Data unless we can show compelling legitimate ground(s) for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of any legal claims.

If TRG receives an objection request from you for reasons related to direct marketing, we will stop processing your Personal Data.

If you receive a direct marketing communication from TRG and you do not wish to receive future direct marketing communications from TRG, you may request to unsubscribe from future marketing communications by sending TRG an email at privacy@tenthrevolution.com. In addition, if the direct marketing communication you received was via email, you can click the “Unsubscribe” link at the bottom of the email, fill out the required form and TRG will process your unsubscribe request. Please allow up to ten (10) business days for your unsubscribe request to take effect.

D. Do I have a right to restrict processing of my Personal Data?

Yes, you have a right to restrict, the processing of your Personal Data. You can exercise this right, free of charge, by sending an email to TRG at privacy@tenthrevolution.com. When you exercise this right, TRG may continue to store your Personal Data but cannot further process it. TRG will cease processing your Personal Data in the following circumstances:

  1. when you file a rectification request with TRG (see the “Do I have a right to have any inaccurate or incomplete Personal Data rectified?” section below) in accordance with this Privacy Notice and applicable law. The restriction shall remain in place until such time as TRG has verified the accuracy of the Personal Data that is the subject of your rectification request;
  2. where TRG is processing your Personal Data based on its legitimate interest and you file a notice with TRG objecting to the processing of your Personal Data (see the “Do I have a right to object to the processing of my Personal Data?” section above) in accordance with this Privacy Notice and applicable law, TRG will cease processing your Personal Data until such time as TRG has made a determination as to whether its legitimate grounds for continued processing override your reasons for objecting to the processing;
  3. when the processing is unlawful and you do not seek or want erasure and you file a restriction request with TRG in accordance with this Privacy Notice and applicable law instead; and
  4. if TRG no longer needs the Personal Data and you require the data to establish, exercise or defend a legal claim.

While the processing of your Personal Data is restricted, TRG may continue to process such data by storing it, processing it with your consent or processing it for the establishment, exercise or defence of legal claims.

TRG will inform you if it decides to lift a restriction on processing.

If TRG has disclosed any of your Personal Data to a third party and you submit a request to restrict processing, TRG will inform (1) you about the recipients if you so request and (2) any such third parties of your restriction request unless doing so is impossible or involves disproportionate efforts.

TRG will act on your restriction request in accordance with this Privacy Notice without undue delay. Please note that, for your and TRG’s protection, TRG cannot act on a restriction request until it verifies the identity of the person making the request. This verification process may extend the timeframe in which TRG acts on your restriction request.

E. Do I have a right to Personal Data portability?

YesYou can exercise this right, free of charge, by sending an email to TRG at privacy@tenthrevolution.com. This right exists to allow you to obtain and use your Personal Data for your own purposes across different services. Under this right, you can move, copy or transfer your Personal Data from TRG to another data controller.

This right applies where TRG is processing your Personal Data with your consent or for the performance of a contract. It also applies if we process your Personal Data by automated means. If your portability request concerns someone other than you, TRG will have to consider whether providing or porting the Personal Data would prejudice the other person’s or people’s rights.

Generally, TRG will respond to your portability request without undue delay and within one month of its receipt of your request, provided that TRG may extend this time period for up to two additional months if your request is complex or numerous. If TRG exercises this extension of time, TRG will inform you of its decision to exercise the extension within one month of its receipt of your request, and will explain the reason(s) for the extension. Where technically feasible, you may request that TRG transmit your Personal Data to another data controller.

F. Do I have a right to object to decision been taken by automated means?

If TRG uses automated (i.e. non-human) methods to process your Personal Data to make decisions that could potentially have a damaging legal or similarly significant effect on you (each, an “Automated Decision”), you have the right not to be subject to the Automated Decision. This right is inapplicable to any Automated Decision made by TRG that is necessary for entering into or the performance of a contract between you and TRG, is authorized by law or is based on your explicit consent.

If TRG makes any Automated Decisions to which this right applies, TRG will ensure that you are able to obtain human intervention, express your point of view and obtain an explanation of the decision and challenge it.

If TRG engages in “profiling” by automated means, TRG will ensure that appropriate safeguards are in place including (1) ensuring that the processing is fair and transparent by providing you with meaningful information about the logic involved and the significance and consequences of the outcome of the decision, (2) using appropriate mathematical or statistical procedures for the profiling, (3) implementing appropriate technical and organizational measures to enable inaccuracies to be corrected and minimize the risk of errors and (4) securing the Personal Data in a way that is proportionate to the risk to your interests and rights and prevents discriminatory effects.

G. Do I have a right to have any inaccurate or incomplete Personal Data rectified?

YesYou can exercise this right, free of charge, by sending an email to TRG at privacy@tenthrevolution.com.

Generally, TRG will respond to your rectification request within one month of its receipt of your request, provided that TRG may extend this time period for up to two additional months if your request is complex. In rare cases, TRG may refuse to respond to your request but will explain the reason(s) for its refusal to you within one month of its receipt of your request. If TRG so refuses, you have the right to file a complaint with the ICO and to seek a judicial remedy.

If TRG has disclosed any of your Personal Data to a third party and you submit a rectification request to TRG that TRG is going to honor, TRG will inform (1) you about the recipients and (2) any such third parties of your rectification request as well as any corrected Personal Data, unless doing so is impossible or involves disproportionate efforts.

We will use reasonable endeavours to ensure that your Personal Data is maintained and up to date.

H. What are my rights if the Security of my Personal Data is breached?

A breach of Personal Data (a “Breach”) means a breach of security leading to the destruction, loss, alteration, unauthorized disclosure of, or access to, your Personal Data for which we are responsible under applicable law.

If the Breach is likely to have a significant detrimental effect on your rights and freedoms (such as resulting in discrimination, damage to reputation or financial loss), TRG will notify the ICO without undue delay, and if feasible, within 72 hours of TRG’s becoming aware of the Breach. TRG will assess the determination of “significant detrimental effect” on a case by case basis.

If the Breach is likely to result in a “high risk” to your rights and freedoms, TRG will notify you without undue delay. To be clear, the threshold requiring TRG to notify you of a Breach is higher than the threshold requiring TRG to notify the ICO of a Breach so it is possible that TRG will notify the ICO of a Breach but not you. TRG will assess the determination of “high risk” on a case by case basis.

Any Breach notice issued by TRG will contain, where possible, (1) the categories and approximate number of individuals and Personal Data records effected by the Breach, (2) the name and contact details of the ISM (or other TRG contact representative if TRG does not have a ISM at the time that TRG issues the Breach notice), (3) a description of the likely consequences of the Breach, (4) a description of the measures that TRG has taken, and may take, to stop the Breach and, where appropriate, to mitigate the adverse effects of the Breach and (5) recommendations on actions you can take to protect yourself in light of the Breach.

I. Will my Personal Data be transferred outside the UK?

TRG may transfer your Personal Data to third parties described in this Privacy Notice who are located outside of the UK. If so, TRG will take reasonable steps to ensure that your Personal Data is protected and treated in accordance with this Privacy Notice and local applicable law. Some of the countries outside the UK where your Personal Data may be transferred will be on the ICO’s list of countries that it has deemed to have adequate security controls in place (the “Approved List”). Given the UK’s adherence to the decision by the European Court of Justice’s decision in Data Protection Commissioner v. Facebook Ireland and Maximilian Schrems, Case C-311/18 (July 16, 2020) (“Schrems II”), and absent consent from the Data Subject (or any other reason provided in UK GDPR Article 49(1)(b)-(f) as may be amended from time to time), if TRG transfers your Personal Data to processors (which could be external third party vendors or suppliers) that store, transfer, process, or control your Personal Data in a country not on the Approved List or not part of the UK (“Third Countries”), then TRG shall determine whether each processor (and each subprocessor that a processor has provided TRG formal notice of) can store, transfer, process, or control the Personal Data solely within the UK or a country on the Approved List.

(a) If TRG determines that the processor (and each subprocessor that a processor has provided TRG formal notice of) can store, transfer, process, or control the Personal Data solely within a country on the Approved List or in the UK, we will require such processor (and will require the processor to require each of its applicable subprocessors) to do so.

(b) If TRG determines that the processor (and each subprocessor that a processor has provided TRG formal notice of) cannot store, transfer, process, or control the Personal Data in a country on the Approved List or in the UK, then:

(i) TRG will require such processor (and will require the processor to require each of its applicable subprocessors) to be bound by the model clauses promulgated by (i) the European Commission as provided here so long as the ICO continues to use it: https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32010D0087 (or any updated link which the European Commission from time to time); or (ii) the ICO’s model clauses once promulgated (collectively, the “UK Model Clauses”). When relying on the UK Model Clauses, TRG shall (a) monitor the laws and regulations of Third Countries for the adequate protections of UK, Data Subjects as required by the UK GDPR or other local laws and regulations; and (b) terminate the storage, transfer, processing , or control of Personal Data by a processor (or a subprocessor where the process has informed TRG of the country in which such subprocessor is processing your Personal Data) when (i) such laws and regulations of Third Countries are incompatible with the UK GDPR or other local laws and regulations, or (ii) access to Personal Data is requested by the public authorities of Third Countries and such access is lawful under the laws of the Third Countries but is prohibited under the UK GDPR or other local laws and regulations. If the events described in III(I)(b)(1)(b)(i) or (ii) occur, TRG will confer with the appropriate supervisory authority regarding appropriate actions to safeguard your Personal Data.

(c) TRG shall also require the processor (and will require each processor to require its applicable subprocessors) to determine whether each processor or subprocessor can store, transfer, process, or control the Personal Data solely within the UK or a country on the Approved List.

(i) If processor (or its applicable subprocessors) can store, transfer, process, or control the Personal Data solely within the UK or a country on the Approved List, then TRG shall contractually require the processors (and require processor to require its subprocessors to) do so.

(ii) If processor (or its applicable subprocessors) must store, transfer, process, or control the Personal Data in a Third Country, then TRG shall require its processors (and require processor to require its subprocessors to) to be bound by the UK Model Clauses. When relying on the UK Model Clauses, TRG shall contractually require such processors (and shall also require processors to require their subprocessors) to agree to (a) monitor the laws and regulations of Third Countries for the adequate protections of UK Data Subjects as required by the UK GDPR or other local laws and regulations; and (b) terminate the transfer, processing, or control of Personal Data when (i) such laws and regulations of Third Countries are incompatible with the UK GDPR or other local laws and regulations, or (ii) access to Personal Data is requested by the public authorities of Third Countries and such access is lawful under the laws of the Third Countries but is prohibited under the UK GDPR or other local laws and regulations. If the events described in III(I)(c)(ii)(b)(i) or (ii) occur with respect to your Personal Data (and if TRG has formal notice that the events described in III(I)(c)(ii)(b)(i) or (ii) have occurred), TRG will confer with the ICO regarding appropriate actions to safeguard your Personal Data.

Under certain circumstances, TRG may share your Personal Data with one or more of its group companies who may be located in a Third Country. In such cases, TRG will comply with its DPAs. The DPAs are incorporated by reference into this Addendum

J. How long will TRG store my Personal Data for?

We are required by law to store your Personal Data for as long as is necessary to comply with our legal, regulatory and contractual obligations.

With respect to UK GDPR (and similar laws), we will store and process your Personal Data that we obtain via: (i) your consent, until the earlier of (a) the purpose for which we obtained such information has been fully accomplished or (b) you inform us that you have withdrawn your consent; (ii) our legitimate interest until the earlier of (a) your Personal data is no longer necessary for the purpose for which it is being processed, or (b) TRG concludes that your rights and freedoms outweigh our right to process your Personal Data; and (iii) our necessity for the performance of a contract, until the termination or expiration of the contract including the termination or expiration of TRG’s and your employer’s or company’s duties or obligations that survive any such termination or expiration.

Furthermore, we will store your Personal Data in special circumstances related to the issuance or defense of legal proceedings, outstanding invoices or in connection with any investigation by or of a government authority.

K. What Protections do I have if TRG transfers my Personal Data to the U.S.?

If FRG transferred any of your personal data to the U.S., you have the protections of the Model Clauses and the UK Extension to the EU-U.S. Data Privacy Framework. Frank Recruitment Group Inc., a Delaware corporation, is TRG’s primary affiliate and operating company in the United States (“FRG US Parent”). FRG US Parent has a subsidiary, Frank Recruitment Group Services Inc., also a Delaware corporation (“FRG US Sub,” collectively with FRG US Parent, “FRG US”). FRG US and FRG US Sub participates in the UK Extension to the EU-U.S. Data Privacy Framework (“UK Ext. DPF”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the United Kingdom, as applicable to the United States in reliance on UK Ext. DPF. FRG US and FRG US Sub has certified to the Department of Commerce that it adheres to the UK Ext. DPF Principles with respect to such information. If there is any conflict between the terms in this Privacy Notice and the UK Ext. DPF Principles, the UK Ext. DPF Principles shall govern.  To learn more about the UK Ext. DPF program, and to view evidence of our participation, please visit the U.S. Department of Commerce’s Data Privacy Framework website.

This Privacy Notice only applies to Personal Data within the scope of the FRG US’s UK Ext. DPF participation. FRG US’s contractual clauses for its clients are in the  below.

FRG US’s UK Ext. DPF participation covers Personal Data regarding:

(1) current, former, and prospective employees in connection with the employment relationship which is covered by a separate, employee only, Privacy Notice that has been made available to TRG US employees;

(2) Personal Data regarding client contacts, such as the sale and delivery of cloud talent solution services and the administration of the client relationship; and

(3) Personal Data regarding third parties (such as service providers and independent contractors) and their personnel and employees, in connection with cloud talent solution services and the provision and performance of technical professional services to client and, where applicable, their end customers and the management and administration of the business relationships with such third parties.

Our participation does not cover any disclosure of an individual’s Personal Data to a third party who processes the Personal Data for its own purposes when the disclosure is made at the request of the individual.

TRG US disclose Personal Data to third party service providers in connection with the operation of their respective businesses, including their provision of services to clients and candidates. TRG US ascertain that these third party service providers provide at least the same level of privacy protection as is required by the UK Ext. DPF Principles. TRG US may be liable if both (a) third parties fail to meet these obligations and (b) TRG US is responsible for the event giving rise to the damage.

TRG US are subject to the investigatory and enforcement powers of the United States Federal Trade Commission. TRG US may be required to disclose Personal Data to law enforcement, regulatory or other government agencies, or to other third parties, in each case to comply with legal, regulatory, or national security obligations or requests.

Any questions or complaints concerning TRG US’s UK Ext. DPF compliance, or requests to access, correct, amend, delete, or limit the use or disclosure of Personal Data (opt out) may be directed to privacy@tenthrevolution.com. If TRG US has not been able to satisfactorily resolve the issue, then you may raise it with the Information Commissioner’s Office. Under certain conditions, individuals may have the possibility to engage in binding arbitration through the UK Ext. DPF Panel. To find out more about individual binding arbitration, please visit the U.S. Department of Commerce’s Data Privacy Framework Annex 1.

Should your complaint relate to TRG US’s failure to comply with its UK Ext. DPF commitments and remains unresolved and you reside in the UK, then you should contact the Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF Tel: 0303 123 1113 (local rate) Fax: 0162 552 4510 Or via below link : https://ico.org.uk/make-a-complaint/

ICO regional offices

Scotland

The Information Commissioner’s Office – Scotland
Queen Elizabeth House
Sibbald Walk
Edinburgh
EH8 8FT

Telephone: 0303 123 1115

Email: Scotland@ico.org.uk

Wales

Information Commissioner’s Office – Wales
2nd Floor, Churchill House
Churchill Way
Cardiff
CF10 2HH

Telephone: phone 0330 414 6421

Email: wales@ico.org.uk

Northern Ireland

The Information Commissioner’s Office – Northern Ireland
10th Floor, Causeway Tower
9 James Street South
Belfast
BT2 8DN

Telephone: 0303 123 1114

Email: ni@ico.org.uk

European Economic Area & Swiss Addendum

This Addendum applies to the European Economic Area (“EEA”) and Swiss residents.

I. Who is TRG’s Supervisory Authority for Data Protection Purposes?

Until December 31, 2020, TRG has designated the UK Information Commissioner’s Office (“ICO”) as the supervisory authority for purposes of Data Protection Act of 2018 (“DPA2018”) and General Data Protection Regulation (“GDPR”). After December 31, 2020, TRG’s supervisory authority in the European Economic Area (“EEA”) and Switzerland is whichever EEA or Swiss supervisory authority (for this Addendum, the “SAs”) in which you are a resident. This Addendum applies to both Swiss and European Economic Area residents.

II. How do we lawfully process your data?

In order to process your Personal Data lawfully TRG must have a legal basis to do so. TRG relies on three main legal basis for processing your Personal Data:

  • where we obtain your affirmative consent to use your Personal Data in this way;
  • where we have a legitimate interest in processing your Personal Data, which we have balanced against your rights and freedoms and concluded that our processing is justifiable; or
  • where our handling of your Personal Data is necessary for us to perform the obligations under your company’s or employer’s contract with TRG (inapplicable to candidates for permanent hire).

We may rely on one or more legal bases to process your Personal Data

A. All users of the Websites and/or our services

Legitimate Interests: TRG uses Personal Data that we collect for the following general purposes in the performance of our legitimate interests as a business: to provide the services to our candidates and clients; to enhance their experience, to improve our services and to contact candidates and clients.

B. Actual or Prospective TRG Employees

Consent: If you would like to receive general marketing and other communications from us, you will have the option to affirmatively check a box consenting to TRG processing your Personal Data for this purpose. TRG may also ask you via email, text message or SMS (standard SMS or text message rates may apply), or telephone for your affirmative consent to receive marketing and other communications from us.

Legitimate interest: TRG has a legitimate interest in processing your Personal Data in order to fill a job, to provide you with other products and services to help you in your career and to market its products and services to you in order to grow our business, to demonstrate our knowledge of the marketplace and relevant technologies and to enhance the standing and recognition of our brands. TRG also has legitimate interest to process your Personal Data if you apply for, or seek further information about, a job posted on one of the Websites or a job advertised by TRG on a job board, social media site or other forums.

Necessary for the performance of a contract: TRG can process your Personal Data in the performance of its contract with you.

C. Individuals who work for TRG clients (i.e. a client contact)

Consent: If you would like to receive general marketing and other communications from us, you will have the option to affirmatively check a box consenting to TRG processing your Personal Data for this purpose. TRG may also ask you via email, text message or SMS (standard SMS or text message rates may apply), or telephone for your affirmative consent to receive marketing and other communications from us.

Legitimate Interest: TRG has a legitimate interest in processing your Personal Data in order to fill a temporary vacancy at your company or employer, and provide you with other products and services relevant to your company or employer and to market its products and services to you in order to grow our business, to demonstrate our knowledge of the marketplace and relevant technologies and to enhance the standing and recognition of our brands. TRG also has legitimate interest to process your Personal Data if you seek or obtain further information about TRG.

Necessary for the performance of a contract: TRG can process your Personal Data in the performance of its contract with your company or employer.

With respect to actual or prospective client contacts and candidates, if TRG obtains your Personal Data from someone other than you, TRG shall inform you of the identity and contact details of the person or entity from whom TRG obtained your Personal Data, whether TRG obtained your Personal Data from publicly available sources, the categories of Personal Data that TRG obtained and, if TRG is processing your Personal Data based on its legitimate interest (see Section III below), the nature of TRG’s legitimate interest. TRG shall provide you with the information listed in this paragraph by the earlier of (1) one month after TRG obtains your Personal Data or (2) if TRG uses your Personal Data to communicate with you, the first time that TRG communicates with you.

TRG shall not provide you with the information described in the paragraph immediately above if you already possess this information, providing you with such information is against applicable law, is subject to an obligation of professional secrecy, proves impossible, would involve a disproportionate effort or would render impossible or seriously impair the achievement of the objectives of the processing, in which case, TRG shall take appropriate measures to protect your rights, freedoms and legitimate interests.

III. Your Special Rights under Data Protection Laws

A. Do I have a right to be erased (forgotten)?

Yes. You have the right to request that TRG deletes or removes your Personal Data where there is no compelling reason for us to continue to process it. You can exercise this right, free of charge, by sending an email to TRG at privacy@tenthrevolution.com.

Please note that your right to erasure is not absolute. TRG will remove your Personal Data when:

  1. the Personal Data is no longer necessary in relation to the purpose for which TRG originally collected and/or processed it;
  2. if TRG is processing your Personal Data on the basis of your consent and you withdraw consent;
  3. you object to the processing of your Personal Data and there is no overriding legitimate interest for us to continue to process it;
  4. the Personal Data was unlawfully processed; and
  5. the Personal Data must be erased to comply with a legal obligation.

TRG can refuse to comply with an erasure request in the following limited circumstances:

(a) to exercise TRG’s right of freedom of expression and information;

(b) to comply with a legal obligation or for the performance of a public interest task;

(c) for archiving purposes in the public interest, scientific research, historical research or statistical purposes; or

(d) for the establishment, exercise or defence of legal claims.

If we remove your Personal Data per your request for erasure, then we will confirm this with you.

If we have disclosed any of your Personal Data to a third party and you submit an erasure request to us, then we will inform (1) you about the recipients and (2) any such third parties of your erasure request unless doing so is impossible or involves disproportionate efforts.

We will respond to your erasure request without undue delay. Please note that, for your and TRG’s protection, we cannot respond to an erasure request until we have verified the identity of the person making the request. This verification process may extend the response timeframes set forth in this paragraph.

B. Do I have a right of access to a copy of my Personal Data?

Yes. You have the right to:

  • obtain confirmation that your Personal Data is being processed;
  • a copy of your Personal Data being processed;
  • the purposes of the processing;
  • the categories of personal data being processed;
  • the recipients or categories of recipients to whom TRG has disclosed your Personal Data; and
  • the criteria TRG uses to determine how long it will store your Personal Data.

You can exercise this right by sending an email to TRG at privacy@tenthrevolution.com.

This right is in place to ensure that you are aware of and can verify the lawfulness of the processing. In most cases, we will provide you with a copy of your Personal Data free of charge. However, we may charge you a reasonable fee if your request is manifestly unfounded, excessive or repetitive. With respect to unfounded, excessive or repetitive requests, in rare cases, TRG may refuse to respond to your request but will explain the reason(s) for its refusal to you without undue delay and within one month of its receipt of your request. If TRG so refuses, you have the right to file a complaint with the ICO and to seek a judicial remedy.

If you submit your access request to TRG electronically, TRG will provide you with its response, and a copy of your Personal Data (if applicable) via email or other commonly used electronic form.

If TRG did not collect your Personal Data from you, TRG will inform you about the source from which it obtained your Personal Data. Your right of access does not adversely affect your right of erasure (forgotten) and right of rectification, both of which are described in this Privacy Notice.

Generally, TRG will provide you with a copy of your Personal Data without undue delay and within one month of its receipt of your request, provided that TRG may extend this time period for up to two additional months if your request is complex or numerous. If TRG exercises this extension of time, TRG will inform you of its decision to exercise the extension within one month of its receipt of your request, and will explain the reason(s) for the extension. If your request is large or complex, TRG may ask you to specify the particular information or category of information you seek.

Please note that, for your and TRG’s protection, TRG cannot respond to an access request until it verifies the identity of the person making the request for your Personal Data. This verification process may extend the response timeframes set forth in the paragraph above.

C. Do I have a right to object to the processing of my Personal Data, including the processing of my Personal Data by TRG for direct marketing?

Yes, you have a right to object to the processing of your Personal Data where:

  • TRG’s processing is based on its legitimate interest; or
  • where TRG is using your Personal Data to directly market to you.

You can exercise this right, free of charge, by sending an email to TRG at privacy@tenthrevolution.com.

If TRG receives an objection request from you for reasons unrelated to direct marketing, TRG will stop processing your Personal Data unless we can show compelling legitimate ground(s) for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of any legal claims.

If TRG receives an objection request from you for reasons related to direct marketing, we will stop processing your Personal Data.

If you receive a direct marketing communication from TRG and you do not wish to receive future direct marketing communications from TRG, you may request to unsubscribe from future marketing communications by sending TRG an email at privacy@tenthrevolution.com In addition, if the direct marketing communication you received was via email, you can click the “Unsubscribe” link at the bottom of the email, fill out the required form and TRG will process your unsubscribe request. Please allow up to ten (10) business days for your unsubscribe request to take effect.

D. Do I have a right to restrict processing of my Personal Data?

Yes, you have a right to restrict, the processing of your Personal Data. You can exercise this right, free of charge, by sending an email to TRG at privacy@tenthrevolution.com. When you exercise this right, TRG may continue to store your Personal Data but cannot further process it. TRG will cease processing your Personal Data in the following circumstances:

  1. when you file a rectification request with TRG (see the “Do I have a right to have any inaccurate or incomplete Personal Data rectified?” section below) in accordance with this Privacy Notice and applicable law. The restriction shall remain in place until such time as TRG has verified the accuracy of the Personal Data that is the subject of your rectification request;
  2. where TRG is processing your Personal Data based on its legitimate interest and you file a notice with TRG objecting to the processing of your Personal Data (see the “Do I have a right to object to the processing of my Personal Data?” section above) in accordance with this Privacy Notice and applicable law, TRG will cease processing your Personal Data until such time as TRG has made a determination as to whether its legitimate grounds for continued processing override your reasons for objecting to the processing;
  3. when the processing is unlawful and you do not seek or want erasure and you file a restriction request with TRG in accordance with this Privacy Notice and applicable law instead; and
  4. if TRG no longer needs the Personal Data and you require the data to establish, exercise or defend a legal claim.

While the processing of your Personal Data is restricted, TRG may continue to process such data by storing it, processing it with your consent or processing it for the establishment, exercise or defence of legal claims.

TRG will inform you if it decides to lift a restriction on processing.

If TRG has disclosed any of your Personal Data to a third party and you submit a request to restrict processing, TRG will inform (1) you about the recipients if you so request and (2) any such third parties of your restriction request unless doing so is impossible or involves disproportionate efforts.

TRG will act on your restriction request in accordance with this Privacy Notice without undue delay. Please note that, for your and TRG’s protection, TRG cannot act on a restriction request until it verifies the identity of the person making the request. This verification process may extend the timeframe in which TRG acts on your restriction request.

E. Do I have a right to Personal Data portability?

YesYou can exercise this right, free of charge, by sending an email to TRG at privacy@tenthrevolution.com. This right exists to allow you to obtain and use your Personal Data for your own purposes across different services. Under this right, you can move, copy or transfer your Personal Data from TRG to another data controller.

This right applies where TRG is processing your Personal Data with your consent or for the performance of a contract. It also applies if we process your Personal Data by automated means. If your portability request concerns someone other than you, TRG will have to consider whether providing or porting the Personal Data would prejudice the other person’s or people’s rights.

Generally, TRG will respond to your portability request without undue delay and within one month of its receipt of your request, provided that TRG may extend this time period for up to two additional months if your request is complex or numerous. If TRG exercises this extension of time, TRG will inform you of its decision to exercise the extension within one month of its receipt of your request, and will explain the reason(s) for the extension. Where technically feasible, you may request that TRG transmit your Personal Data to another data controller.

F. Do I have a right to object to decision been taken by automated means?

If TRG uses automated (i.e. non-human) methods to process your Personal Data to make decisions that could potentially have a damaging legal or similarly significant effect on you (each, an “Automated Decision”), you have the right not to be subject to the Automated Decision. This right is inapplicable to any Automated Decision made by TRG that is necessary for entering into or the performance of a contract between you and TRG, is authorized by law or is based on your explicit consent.

If TRG makes any Automated Decisions to which this right applies, TRG will ensure that you are able to obtain human intervention, express your point of view and obtain an explanation of the decision and challenge it.

If TRG engages in “profiling” by automated means, TRG will ensure that appropriate safeguards are in place including (1) ensuring that the processing is fair and transparent by providing you with meaningful information about the logic involved and the significance and consequences of the outcome of the decision, (2) using appropriate mathematical or statistical procedures for the profiling, (3) implementing appropriate technical and organizational measures to enable inaccuracies to be corrected and minimize the risk of errors and (4) securing the Personal Data in a way that is proportionate to the risk to your interests and rights and prevents discriminatory effects.

G. Do I have a right to have any inaccurate or incomplete Personal Data rectified?

YesYou can exercise this right, free of charge, by sending an email to TRG at privacy@tenthrevolution.com.

Generally, TRG will respond to your rectification request within one month of its receipt of your request, provided that TRG may extend this time period for up to two additional months if your request is complex. In rare cases, TRG may refuse to respond to your request but will explain the reason(s) for its refusal to you within one month of its receipt of your request. If TRG so refuses, you have the right to file a complaint with the ICO and to seek a judicial remedy.

If TRG has disclosed any of your Personal Data to a third party and you submit a rectification request to TRG that TRG is going to honor, TRG will inform (1) you about the recipients and (2) any such third parties of your rectification request as well as any corrected Personal Data, unless doing so is impossible or involves disproportionate efforts.

We will use reasonable endeavours to ensure that your Personal Data is maintained and up to date.

H. What are my rights if the Security of my Personal Data is breached?

A breach of Personal Data (a “Breach”) means a breach of security leading to the destruction, loss, alteration, unauthorized disclosure of, or access to, your Personal Data for which we are responsible under applicable law.

If the Breach is likely to have a significant detrimental effect on your rights and freedoms (such as resulting in discrimination, damage to reputation or financial loss), TRG will notify the ICO or other SAs without undue delay, and if feasible, within 72 hours of TRG’s becoming aware of the Breach. TRG will assess the determination of “significant detrimental effect” on a case by case basis.

If the Breach is likely to result in a “high risk” to your rights and freedoms, TRG will notify you without undue delay. To be clear, the threshold requiring TRG to notify you of a Breach is higher than the threshold requiring TRG to notify the ICO of a Breach so it is possible that TRG will notify the ICO or other SAs of a Breach but not you. TRG will assess the determination of “high risk” on a case by case basis.

Any Breach notice issued by TRG will contain, where possible, (1) the categories and approximate number of individuals and Personal Data records effected by the Breach, (2) the name and contact details of the ISM (or other TRG contact representative if TRG does not have a ISM at the time that TRG issues the Breach notice), (3) a description of the likely consequences of the Breach, (4) a description of the measures that TRG has taken, and may take, to stop the Breach and, where appropriate, to mitigate the adverse effects of the Breach and (5) recommendations on actions you can take to protect yourself in light of the Breach.

I. Will my Personal Data be transferred outside the EEA, or Switzerland?

TRG may transfer your Personal Data to third parties described in this Privacy Notice who are located outside of the Switzerland or the EEA. If so, TRG will take reasonable steps to ensure that your Personal Data is protected and treated in accordance with this Privacy Notice and local applicable law. Some of the countries outside the Switzerland or the EEA where your Personal Data may be transferred will be on the EU Commission’s or Swiss Federal Data Protection and Information Commission’s list of countries that it has deemed to have adequate security controls in place (the “Approved List”). Given the European Court of Justice’s decision in Data Protection Commissioner v. Facebook Ireland and Maximilian Schrems, Case C-311/18 (July 16, 2020) (“Schrems II”) as well as the September 8, 2020 Swiss Federal Data Protection and Information Commissioner’s Policy paper on the transfer of personal data to the USA and other countries lacking an adequate level of data protection within the meaning of Art. 6 Para. 1 Swiss Federal Act on Data Protection, and absent consent from the Data Subject (or any other reason provided in GDPR Article 49(1)(b)-(f) or Swiss law as may be amended from time to time), if TRG transfers your Personal Data to processors (which could be external third party vendors or suppliers) that store, transfer, process, or control your Personal Data in a country not on the Approved List Switzerland, or the EEA (“Third Countries”), then TRG shall determine whether each processor (and each subprocessor that a processor has provided TRG formal notice of) can store, transfer, process, or control the Personal Data solely within Switzerland, the EEA, or a country on the Approved List.

(a) If TRG determines that the processor (and each subprocessor that a processor has provided TRG formal notice of) can store, transfer, process, or control the Personal Data solely within a country on the Approved List or in Switzerland or the EEA, we will require such processor (and will require the processor to require each of its applicable subprocessors) to do so.

(b) If TRG determines that the processor (and each subprocessor that a processor has provided TRG formal notice of) cannot store, transfer, process, or control the Personal Data in a country on the Approved List or in Switzerland or the EEA, then:

(i) TRG will require such processor (and will require the processor to require each of its applicable subprocessors) to be bound by the model clauses promulgated by the European Commission as provided here (or any updated link which the European Commission from time to time) (“Model Clauses”). When relying on the Model Clauses, TRG shall (a) monitor the laws and regulations of Third Countries for the adequate protections of Swiss and EEA Data Subjects as required by the GDPR or other local laws and regulations; and (b) terminate the storage, transfer, processing , or control of Personal Data by a processor (or a subprocessor where the process has informed TRG of the country in which such subprocessor is processing your Personal Data) when (i) such laws and regulations of Third Countries are incompatible with the GDPR or other local laws and regulations, or (ii) access to Personal Data is requested by the public authorities of Third Countries and such access is lawful under the laws of the Third Countries but is prohibited under the GDPR or other local laws and regulations. If the events described in III(I)(b)(1)(b)(i) or (ii) occur, TRG will confer with the appropriate supervisory authority regarding appropriate actions to safeguard your Personal Data.

(c) TRG shall also require the processor (and will require each processor to require its applicable subprocessors) to determine whether each processor or subprocessor can store, transfer, process, or control the Personal Data solely within Switzerland, the EEA, or a country on the Approved List.

  • If processor (or its applicable subprocessors) can store, transfer, process, or control the Personal Data solely within the Switzerland, the EEA, or a country on the Approved List, then TRG shall contractually require the processors (and require processor to require its subprocessors to) do so.
  • If processor (or its applicable subprocessors) must store, transfer, process, or control the Personal Data in a Third Country, then TRG shall require its processors (and require processor to require its subprocessors to) to be bound by the Model Clauses. When relying on the Model Clauses, TRG shall contractually require such processors (and shall also require processors to require their subprocessors) to agree to (a) monitor the laws and regulations of Third Countries for the adequate protections of Swiss or EEA Data Subjects as required by the GDPR or other local laws and regulations; and (b) terminate the transfer, processing, or control of Personal Data when (i) such laws and regulations of Third Countries are incompatible with the GDPR or other local laws and regulations, or (ii) access to Personal Data is requested by the public authorities of Third Countries and such access is lawful under the laws of the Third Countries but is prohibited under the GDPR or other local laws and regulations. If the events described in III(I)(c)(ii)(b)(i) or (ii) occur with respect to your Personal Data (and if TRG has formal notice that the events described in III(I)(c)(ii)(b)(i) or (ii) have occurred), TRG will confer with the appropriate supervisory authority regarding appropriate actions to safeguard your Personal Data.

Under certain circumstances, TRG may share your Personal Data with one or more of its group companies who may be located in a Third Country. In such cases, TRG will comply with its DPAs. The DPAs are incorporated by reference into this Addendum

J. How long will TRG store my Personal Data for?

We are required by law to store your Personal Data for as long as is necessary to comply with our legal, regulatory and contractual obligations.

With respect to GDPR (and similar laws), we will store and process your Personal Data that we obtain via: (i) your consent, until the earlier of (a) the purpose for which we obtained such information has been fully accomplished or (b) you inform us that you have withdrawn your consent; (ii) our legitimate interest until the earlier of (a) your Personal data is no longer necessary for the purpose for which it is being processed, or (b) TRG concludes that your rights and freedoms outweigh our right to process your Personal Data; and (iii) our necessity for the performance of a contract, until the termination or expiration of the contract including the termination or expiration of TRG’s and your employer’s or company’s duties or obligations that survive any such termination or expiration.

Furthermore, we will store your Personal Data in special circumstances related to the issuance or defense of legal proceedings, outstanding invoices or in connection with any investigation by or of a government authority.

K. What Protections do I have if TRG transfers my Personal Data to the U.S.?

If FRG transferred any of your personal data to the U.S., you have the protections of the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework as defined below and the Model Clauses as defined above. Frank Recruitment Group Inc., a Delaware corporation, is TRG’s primary affiliate and operating company in the United States (“FRG US Parent”). FRG US Parent has a subsidiary, Frank Recruitment Group Services Inc., also a Delaware corporation (“FRG US Sub,” collectively with FRG US Parent, “TRG US”).

TRG US and FRG US Sub participates in the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework(s) (“DPF”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, EEA, and/or Switzerland, as applicable to the United States in reliance on DPF. TRG US and FRG US Sub has certified to the Department of Commerce that it adheres to the DPF Principles with respect to such information. If there is any conflict between the terms in this Privacy Notice and the DPF Principles, the DPF Principles shall govern. To learn more about the DPF program, and to view evidence of our participation, please visit the U.S. Department of Commerce’s Data Privacy Framework website.

This Privacy Notice only applies to Personal Data within the scope of the TRG US’s DPF participation.

TRG US’s contractual clauses for its clients are in the below.

TRG US’s DPF participation covers Personal Data regarding:

(1) current, former, and prospective employees in connection with the employment relationship which is covered by a separate, employee only, privacy policy that has been made available to TRG US employees;

(2) Personal Data regarding client contacts and candidates (temp and perm), such as the sale and delivery of cloud talent solution services and the administration of the client and candidate relationship; and

(3) Personal Data regarding third parties (such as service providers and independent contractors) and their personnel and employees, in connection with cloud talent solution services and the provision and performance of technical professional services to client and, where applicable, their end customers and the management and administration of the business relationships with such third parties.

Our certifications do not cover any disclosure of an individual’s Personal Data to a third party who processes the Personal Data for its own purposes when the disclosure is made at the request of the individual.

TRG US disclose Personal Data to third party service providers in connection with the operation of their respective businesses, including their provision of services to clients and candidates. TRG US ascertain that these third party service providers provide at least the same level of privacy protection as is required by the DPF Principles. TRG US may be liable if both (a) third parties fail to meet these obligations and (b) TRG US is responsible for the event giving rise to the damage.

TRG US are subject to the investigatory and enforcement powers of the United States Federal Trade Commission. TRG US may be required to disclose Personal Data to law enforcement, regulatory or other government agencies, or to other third parties, in each case to comply with legal, regulatory, or national security obligations or requests.

Any questions or complaints concerning TRG US’s DPF participation, or requests to access, correct, amend, delete, or limit the use or disclosure of Personal Data (opt out) may be directed to privacy@tenthrevolution.com. If TRG US has not been able to satisfactorily resolve the issue, then you may raise it with (1) your data protection authority (see paragraph immediately below) or (2) the International Centre for Dispute Resolution/American Arbitration Association (“ICDR/AAA“) for non-HR related recourse, which can be contacted at https://go.adr.org/dpf_irm.html. Under certain conditions, individuals may have the possibility to engage in binding arbitration through the DPF Panel. To find out more about individual binding arbitration, please visit U.S. Department of Commerce’s Data Privacy Framework Annex 1.

L. EEA residents. Should your complaint relate to TRG US’s failure to comply with its DPF commitments and remains unresolved and you reside in the EEA, then you should contact the EEA Supervisory Authorities (for this Addendum, the “SAs”) who act as an independent recourse mechanism to settle all such disputes. Such complaints can be directed either the EEA DPAs panel secretariat or individual EEA SAs.

Currently, the contact information relevant to the submission of the standard complaint form is as follows: Commission Européenne, Directorate General Justice, Directorate C (Fundamental Rights and Union Citizenship) of the European Commission, Data Protection Panel, B-1049 Brussels, Belgium, Telephone: (32-2) 299 11 11, Fax: (32-2) 298.80.94, email: ec-dppanel-secr@ec.europa.eu.

You can find the standard compliant form at https://edps.europa.eu/data-protection/our-role-supervisor/complaints/edps-complaint-form_en.

The contact information for individual EU SAs can be found at: http://ec.europa.eu/justice/data-protection/bodies/authorities/eu/index_en.htm

M. Swiss residents. Should your complaint relate to TRG US’s failing to comply with our DPF commitments and remains unresolved and you reside in Switzerland, then you should contact the Federal Data Protection and Information Commissioner (FDPIC) of Switzerland with whom TRG US has agreed to cooperate regarding such disputes.

The contact information for the Swiss FDPIC can be found at: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/links/data-protection—switzerland.html.

Under the EU-U.S. DPF, the following independent dispute resolution bodies designated to address complaints will provide appropriate recourse free of charge to the individual: (1) the panel established by SAs, (2) an alternative dispute resolution provider based in the EU, or (3) an alternative dispute resolution provider based in the United States.

Also, under the Swiss-U.S. DPF, the following independent dispute resolution bodies designated to address complaints will provide appropriate recourse free of charge to the individual: (1) the Commissioner of the FDPIC, (2) an alternative dispute resolution provider based in Switzerland, or (3) an alternative dispute resolution provider based in the United States.

Singapore Addendum

This Singapore Addendum shall prevail in the event of inconsistency between the principles stated herein and those as described under the Privacy Statement.

1. Introduction To The Personal Data Protection Act 2012 as amended by the Personal Data Protection Act Amendment 2020 (collectively, “PDPA”)

 1.1 “Personal Data” is defined under the PDPA to mean data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which an organisation has or is likely to have access.

1.2 We will collect your Personal Data in accordance with the PDPA. In general, before we collect any Personal Data from you, we will notify you of the purposes for which your Personal Data may be collected, used and/or disclosed, as well as obtain your consent for the collection, use and/or disclosure of your Personal Data for the intended purposes.

1.3 Your Personal Data may also be collected, used or disclosed if we have assessed that to do so would be in our legitimate interests and beneficial to the public. Before doing so, we will take steps to ensure that any adverse effects that might arise for you have already been identified and eliminated, reduced or mitigated.

2. Purposes For Collection, Use & Disclosure Of Personal Data

2.1 The Personal Data which we collect from you may be collected, used and/or disclosed for the following purposes:

(a) facilitating, processing, dealing with, administering, and/or managing your employment with FRG;

(b) processing and/or administering any consultations, negotiations, and an a suitable placement within FRG;

(c) processing and/or administering requests for access and/or correction of your Personal Data;

(d) processing your registration and/or participation for seminars, exhibitions, and other events organized or co-organized by FRG;

(e) carrying out your instructions or responding to any enquiry given by (or purported to be given by) you or on your behalf;

(f) conducting employee due diligence or other screening and personal identification in accordance with laws, regulations or our risk management procedures that may be required by law or that may have been put in place by us;

(g) to prevent or investigate any fraud, unlawful activity or omission or misconduct, whether or not there is any suspicion of the aforementioned;

(h) complying with or as required by any applicable law, governmental or regulatory requirements of any relevant jurisdiction, including meeting the requirements to make disclosure under the requirements of any law binding on us and/or for the purposes of any guidelines issued by regulatory or other authorities, whether in Singapore or elsewhere, with which we are expected to comply;

(i) complying with or as required by any request or direction of any governmental authority, or responding to requests for information from public agencies, ministries, statutory boards or other similar authorities. For the avoidance of doubt, this means that we may/will disclose your Personal Data to the aforementioned parties upon their request or direction; etc.

(collectively, the “Purposes”).

2.2 To conduct our business operations more smoothly, we may also be disclosing the Personal Data you have provided to us to our third-party service providers, agents and/or our affiliates or related corporations, which may be sited outside of Singapore, for one or more of the above-stated Purposes. This is because such third-party service providers, agents and/or affiliates or related corporations would be processing your Personal Data on our behalf for one or more of the above-stated Purposes.

3. Disclosure Of Your Personal Data To A Third Party

3.1 We respect the confidentiality of the Personal Data you have provided to us.

3.2 In that regard, we will not disclose any of your Personal Data to any third parties without first obtaining your express consent permitting us to do so. However, please note that we may disclose your Personal Data to third parties without first obtaining your consent in certain situations, including, without limitation, the following:

(a) cases in which the disclosure is required based on the applicable laws and/or regulations;

(b) cases in which the purpose of such disclosure is clearly in your interests, and if consent cannot be obtained in a timely way, provided that we shall, as soon as may be practicable, notify you of the disclosure and the purposes of the disclosure;

(c) cases in which the disclosure is necessary to respond to an emergency that threatens the life, health or safety of yourself or another individual;

(d) cases in which there are reasonable grounds to believe that the health or safety of yourself or another individual will be seriously affected and consent for the disclosure of the data cannot be obtained in a timely way, provided that we shall, as soon as may be practicable, notify you of the disclosure and the purposes of the disclosure;

(e) cases in which the disclosure is necessary for any investigation or proceedings;

(f) cases in which the Personal Data is disclosed to any officer of a prescribed law enforcement agency, upon production of written authorization signed by the head or director of that law enforcement agency or a person of a similar rank, certifying that the Personal Data is necessary for the purposes of the functions or duties of the officer; and/or

(g) cases in which the disclosure is to a public agency and such disclosure is necessary in the public interest.

3.3 The instances listed above at paragraph 3.2 are not intended to be exhaustive. For an exhaustive list of exceptions, you are encouraged to peruse the First and Second Schedules of the PDPA which is publicly available at https://sso.agc.gov.sg/ .

3.4 In all other instances of disclosure of Personal Data to third parties with your express consent, we will endeavour to provide adequate supervision over the handling and administration of your Personal Data by such third parties, as well as to provide for adequate forms of protection over such Personal Data.

3.5 Where Personal Data is transferred by us to any third parties outside of Singapore, we will ensure that such transfers are compliant with the requirements under the PDPA. In this regard, we will take such necessary measures to ensure that such overseas recipients are bound by legally enforceable obligations to ensure that these overseas recipients provide a standard of protection to the Personal Data so transferred that is comparable to the protection under the PDPA.

4. Request For Access And/Or Correction Of Your Personal Data

Access Request

4.1 An individual may request for us to provide access to Personal Data about the individual that is in our possession or under our control as well as information about the ways in which the Personal Data has been used or disclosed by us within a year before the date of the request.

4.2 Unless an exception to the access request applies, we will respond to your access request as soon as reasonably possible from the time the access request is received. If we are unable to respond to an access request within thirty (30) days after receiving the request, we shall inform you in writing within the thirty (30) day period, of the reasonably soonest time in which we will respond.

Correction Request

4.3 An individual may also request for us to correct Personal Data that is in our possession or under our control. Unless an exception to the correction request applies, or we are satisfied on reasonable grounds that a correction should not be made, we will endeavour to correct the Personal Data as soon as practicable and send the corrected Personal Data to every other organisation to which the Personal Data was disclosed by us within a year before the date the correction was made. This is unless that other organisation does not need the corrected Personal Data for any legal or business purpose.

4.4 Where we are unable to respond to a correction request within thirty (30) days after receiving the request, we shall inform you in writing within the thirty (30) day period, of the reasonably soonest time in which we will respond.

4.5 You may submit your access or correction request to the contact details listed at paragraph 7.2 of this Singapore Addendum.

5. Request To Withdraw Consent

5.1 You may withdraw your consent for the collection, use and/or disclosure of your Personal Data in our possession or under our control at any time by submitting your request to the contact details listed at paragraph 7.2 of this Singapore Addendum.

5.2 We will process your request as soon as practicable such a request for withdrawal of consent being made, and will thereafter refrain from collecting, using and/or disclosing your Personal Data in the manner stated in your request.

6. Administration And Management Of Personal Data

6.1 We will take appropriate measures to keep your Personal Data accurate, complete and updated.

6.2 We will also take commercially reasonable efforts to take appropriate precautions and preventive measures to ensure that your Personal Data is adequately protected and secured. Appropriate security arrangements will be taken to prevent any unauthorized access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration of your Personal Data. However, we cannot assume responsibility for any unauthorized use of your Personal Data by third parties which are wholly attributable to factors beyond our control.

6.3 We will also take commercially reasonably efforts to ensure that the Personal Data in our possession or under our control is destroyed and/or anonymized as soon as it is reasonable to assume that (i) the purpose for which that Personal Data was collected is no longer being served by the retention of such Personal Data; and (ii) retention is no longer necessary for any other legal or business purposes.

7. Complaint Process

7.1 If you have any complaint or grievance regarding about how we are handling your Personal Data or about how we are complying with the PDPA, we welcome you to contact us with your complaint or grievance.

7.2 The contact details of Frank Recruitment Group’s Chief Privacy Officer (“CPO”) are:

Frank Recruitment Group Services Limited

The St. Nicholas Building

St. Nicholas Street

Newcastle-Upon-Tyne

Tyne & Wear UK NE1 1RF

Attn: Chief Privacy Officer

Email: privacy@tenthrevolution.com

7.3 Where it is an email or a letter through which you are submitting a complaint, your indication at the subject header that it is a PDPA complaint would assist us in attending to your complaint speedily by passing it on to the relevant department within FRG to handle. For example, you could insert the subject header as “PDPA Complaint”.

7.4 We will certainly strive to deal with any complaint or grievance that you may have speedily and fairly.

United States of America Addendum

I. If you would like a copy of TRG’s US comprehensive information security program, please email TRG’s CPO at privacy@tenthrevolution.com.

If TRG receives a “Do Not Track” signal or request from a web browser, TRG will not honor such request or signal. TRG has taken this position in part to provide you with a personalized and efficient experience on the Websites.

As discussed in this Privacy Notice, there are third parties who conduct tracking on the Websites.

Information about web beacons used by TRG and third parties with whom it contracts can be found in Section XII.F of the Privacy Notice above.

II. For information on TRG US’s UK Extension, EU-U.S. and Swiss-U.S. Data Privacy Frameworks, see the sections titled “What Protections do I have if FRG transfers my Personal Data to the U.S.?” in the United Kingdom Addendum and the European Economic Area and Switzerland Addendum above.

Additionally, U.S. law requires certain contracts entered into by TRG US contain the rights, obligations and requirements set forth in Sections II(A) through II(C) inclusive below (collectively, the “DPF Terms”). Accordingly, the following DPF Terms, to which TRG reserves the right to revise from time to time without notice, shall be incorporated by reference where these DPF Terms are required in client contracts:

(A). In the event TRG US transfers to client or any of its affiliates, or provides client or any of its affiliates with access to any Personal Data (as defined for this Section II below) of European Union or Switzerland residents, including employees of TRG or its affiliates and actual or prospective TRG clients contacts or candidates, and client maintains, receives, has access to, stores, uses or processes such Personal Data in the United States, client shall comply with data protection, data security and confidentiality requirements at least as strong as those set forth in the DPF Principles issued by the U.S. Department of Commerce, as revised from time to time (collectively, the “Principles”) During the term of such contracts and while client creates, receives, maintains, stores, uses, processes or disseminates any Personal Data, client shall:

  1. use the Personal Data only for the specific and limited purposes intended in the client contract including for recruitment purposes;
  2. provide immediate written notice to either FRG US Parent or FRG US Sub as applicable if (a) client determines that it can no longer meet its obligation to provide the same level of protection of the Personal Data as is required by the Principles, and in such case client shall cease processing the Personal Data or (b) client becomes aware of any accidental or unlawful destruction of, or accidental loss or alternation of or unauthorized disclosure or access to, any Personal Data (a “Breach”) which notice shall include a description of the quantity of Personal Data subject to the Breach, the approximate length and duration of the Breach, the data subjects whose Personal Data was subject to the Breach and a Breach remediation plan;
  3. at its cost, employ its best efforts to stop, limit and remediate the Breach, perform a “root cause” analysis of the Breach, employ its best efforts to prevent the same or a similar Breach from reoccurring and keep TRG up to date on all its efforts under this subsection II(A)(3);
  4. implement appropriate technical and organizational measures to protect Personal Data against a Breach;
  5. not transfer any Personal Data to third parties without the data subject’s prior written or email consent (which either FRG US Parent or FRG US Sub as applicable shall attempt to obtain after receiving notice from client of its need to transfer Personal Data to a third party);
  6. assist TRG US in responding to data subjects exercising their rights under the Principles;
  7. act only on instructions from TRG US; and
  8. either have in place an independent recourse mechanism to handle data subject complaints that complies with the requirements of the Principles or make available an equivalent mechanism.

 

(B) Upon the termination or expiration of the applicable client contract, client shall, at TRG US’s option, return all Personal Data to either FRG US Parent or FRG US Sub as applicable or permanently destroy all Personal Data (and all copies and derivative works thereof) in its care, custody or control except for any Personal Data that applicable law, if any, requires client to maintain (“Archival Personal Data”). With respect to any Archival Personal Data, client’s obligations and requirements under this Section II shall remain in full force and effect for as long as such Archival Personal Data remains in client’s care, custody or control.

(C) If client forwards or gives access to any of the Personal Data to any third party at any time, including any subprocessor or controller of client, client shall ensure that its written contract with such third party contains the Data Privacy Framework Terms.

(D) For purposes of this Section II, the term “Personal Data” shall have the same meaning ascribed to that term as in the Principles which can be found at the EU-U.S. Data Privacy Framework as revised from time to time.

California Consumer Privacy Act, California Privacy Rights Act, Colorado Privacy Act, Connecticut Act Concerning Personal Data Privacy and Online Monitoring, Iowa Consumer Data Protection Act, Utah Consumer Privacy Act, and the Virginia Consumer Data Protection Act Disclosures

Our goal is to enable individuals and organizations to comply as easily as possible with the  California Consumer Privacy Act, California Privacy Rights Act, Colorado Privacy Act, Connecticut Act Concerning Personal Data Privacy and Online Monitoring, Iowa Consumer Data Protection Act, Utah Consumer Privacy Act, and the Virginia Consumer Data Protection Act Disclosures (all collectively, the “US State Data Privacy Laws”) requirement to protect the privacy and data of consumers. As a recruitment service, we respect and protect your privacy and security and are committed to following best practices to support this principle. Our US State Data Privacy Laws Disclosures for FRG are located Our FRG and Revolent California Do Not Sell Our Personal Information page is located here. Our California Consumer Privacy Act Disclosures for the Revolent Group are located here.

 

Australia and New Zealand Addendum

I. For users accessing the Websites or using our services in Australia or New Zealand, we comply with Australian and New Zealand privacy requirements including for Australia: the Privacy Act 1988 (Cth), Privacy Principles, the Spam Act 2003 (Cth) and Regulations 2021, and the Do Not Call Register Act 2006(Cth); for New Zealand, the Privacy Act 2020, the Privacy Regulations 2020, Information Privacy Principles, and Unsolicited Electronic Messages Act 2007; and for Australia and New Zealand, any other applicable state/territory privacy laws or industry codes (collectively, the “AUSNZ Privacy Laws”).

II. We will deal with your Personal Data (which has the same meaning as “Personal Information” under the AUSNZ Privacy Laws in accordance with those laws, namely any information from which your identity is apparent or can be reasonably ascertained.

III. Residents of Australia or New Zealand accessing and using the Websites or services are notified that:

A. in addition to your respective countries, your Personal Data will be held and/or processed overseas including in the United States, Canada, United Kingdom, Netherlands, Germany, France, Switzerland, Italy, Spain, Japan or Singapore where our offices are located and other countries in which we may open offices in the future. We may also disclose your personal information to others, like our consultants, agents, contractors and service providers, and those that act as data processors, auditors or external advisers, and may be held and processed in other countries including without limitation those listed at the beginning of this subsection “A”;

B. If we use your Personal Data to contact you and you would prefer us not to, or if you indicate a preference for a method of communication, please let us know and we will do our best to respect your preference. When your choice is to continue to deal with us, we take it that you agree to and consent to us using your Personal Information in these ways, providing we follow the system and approach we explain in this Privacy Notice and comply with the applicable law. Where we do not have your Personal Information, we are not able to contact you, process your requests or provide our services to you; and

C. the governing law for the purposes of the Terms of Use and Privacy Notice, and any matters relating to them, including all disputes, will be governed, for Australia by the laws of New South Wales, Australia, and for New Zealand, for the law of New Zealand. You unconditionally submit to the non-exclusive jurisdiction of the courts having jurisdiction there.

IV. You may wish to contact us to request access to your Personal Information, to seek to correct it or to make a complaint about privacy. Our contact details for Australia and New Zealand are set out below:

Frank Recruitment Group Pty Ltd
Suite 5, Level 3
350 Collins Street
Melbourne VICTORIA 3000
Australia

Email: privacy@tenthrevolution.com

We will respond to your request for access to Personal Information we hold about you as soon as we reasonably can, including if we are unable to provide you with access (such as when we no longer hold the information).

We do not impose any charge for a request for access, but we may charge you a reasonable fee for our costs associated with providing you with access and retrieval costs.

For complaints about privacy, we will establish in consultation with you a reasonable process, including timeframes, for seeking to resolve your complaint.

Canada Addendum

I. Introduction

This Canada Addendum (“Canada Addendum”), in addition to the forgoing Privacy Notice, sets out the basis on which all “Personal Information” (“Personal Information” means information about an identifiable individual, including but not limited to sensitive Personal Information), that Frank Recruitment Group Inc. / Group de Recruitement Frank Inc. and its affiliated entities and their respective representatives trading under the TRG brand (collectively for the purposes of this Canada Addendum, “TRG,” “we,” “our,” or “us”) collects from you, or that you provide to us via the Websites (as defined elsewhere in the Privacy Notice) will be processed by us in Canada. If there is a conflict between the Privacy Notice and this Canada Addendum, the Canada Addendum controls with respect to Canadian users of our Websites. Please read the following carefully to understand our views and practices regarding your Personal Information in Canada and how we will treat it. All capitalized/defined terms not defined herein are defined elsewhere in the Privacy Notice.

 II. Canadian Privacy Law and Privacy Principles

TRG is committed to maintaining the confidentiality, security, and accuracy of your Personal Information in accordance with applicable Canadian federal and provincial law, including but not limited to the Canadian Personal Information Protection and Electronic Documents Act (“PIPEDA”), Canada’s Anti-Spam Legislation, SC 2010 c 23 (“CASL”), and the data privacy laws of Canada’s provincial counterparts including but not limited to the British Columbia Personal Information Protection Act, SBC 2003 c 63 (“BC PIPA”), Alberta Personal Information Protection Act, SA 2003 c P-6.5 (“AB PIPA”), and Quebec Act respecting the Protection of Personal Information in the Private Sector, CQLR c P-39.1 (“Quebec Private Sector Act”) to govern our activities as they relate to the use of your Personal Information. As part of this commitment, we follow the ten privacy principals established under the PIPEDA. These principals are as follows:

Principle One: Accountability

TRG is responsible for the Personal Information it controls. TRG has designated its Chief Privacy Officer (privacy@tenthrevolution.com) as responsible and accountable for compliance with the Canadian Privacy Principles and other applicable Canadian data privacy law.

• Principle Two: Identifying Purpose

TRG must identify the purposes for which Personal Information is used, collected, and disclosed before or at the time we collect Personal Information. TRG demonstrates its compliance by making the Privacy Notice and this Canada Addendum available to individuals, among other actions.

Principle Three: Consent

Your knowledge and consent are required for the collection, use or disclosure of your Personal Information, except where inappropriate or permitted by Canadian law. Depending on the level of sensitivity of the Personal Information, this consent may be implied or expressed; however, wherever commercially feasible, TRG shall attempt to obtain express consent. Consent to our use of your Personal Information can be withdrawn at any time by sending an email requesting same to privacy@tenthrevolution.com.

• Principle Four: Limited Collection

TRG must collect Personal Information by fair and lawful means and limit its collection of Personal Information to those details reasonably necessary for the purposes identified. Accordingly, TRG does not collect your race, ethnicity, or health Personal Information nor do we use Canadian Social Insurance Numbers (or a foreign equivalent) to identify or organize the information we hold, and will not record it if you submit it.

Principle Five: Limiting Use, Disclosure and Retention

We may only use or disclose Personal Information for the purpose for which it was collected unless you have otherwise consented, or when it is required or permitted by law. We may only retain your Personal Information for the period of time required to fulfill the purpose for which it was collected (taking into account our statutory and contractual obligations to retain information).

Principle Six: Accuracy

We shall maintain your Personal Information in as complete, accurate and up-to-date form as is necessary to fulfill the purpose for which we are to use it. Please inform us if any of your information changes by contacting us at privacy@tenthrevolution.com so that we can make any necessary changes.

Principle Seven: Safeguarding Information

We must protect your Personal Information by following security safeguards that are appropriate to the sensitivity level of the Personal Information. For example, we have a document minimization process in our office to prevent inadvertent disclosures of your Personal Information. We also physically lock our offices after business hours to avoid/prevent unauthorized access.

Principle Eight: Openness

We are required to make information available to you that is specific and easy-to-understand concerning TRG’s policies and practices that apply to the management of your Personal Information. A key method of making such information available is via this Canada Addendum, via our website.

Principle Nine: Access

Upon request to privacy@tenthrevolution.com, we shall inform you of the use, disclosure, and existence of your Personal Information, and shall give you access to it. You may verify the completeness and accuracy of your Personal Information, and may request amendments to your Personal Information for these reasons, if appropriate. Contact us at the email address above. We will attempt to respond to requests for summary information within 30 days of receipt. If you send us a more detailed request (typically these require archival or other retrieval costs), we may take longer to respond and you may be subject to our normal disbursement and professional fees to the highest extent permitted by applicable law.

Principle Ten: Challenging Compliance

Direct any complaints, suggestions, enquiries or questions respecting our privacy practices, compliance, or these principles by contacting privacy@tenthrevolution.com.

III. May We Deny Access To Your Personal Information?

Your right to access your Personal Information is not absolute. We may deny access to your Personal Information when:

  • required by applicable law;
  • such Personal Information relates to existing or anticipated legal proceedings against you or was generated as a result of a dispute resolution mechanism (whether arbitration, mediation, court cases, or similar proceedings);
  • when granting you access would have an unreasonable impact on other people’s privacy, security or proprietary information;
  • to protect our rights and property; or
  • where the request is frivolous or vexatious or generates costs which are prohibitively expensive.

 

We shall explain to you in writing why we deny a request for access to, or refuse a request to correct your Personal Information.

 

IV. How To Ask A Question Or File A Complaint

TRG has a Chief Privacy Officer who may be contacted to answer any comments or questions about this Canada Addendum, including where to file a complaint. Please forward your communications to:

E-mail: privacy@tenthrevolution.com
Telephone: +44 20 733 0865

Address:
Frank Recruitment Group Inc. / Group de Recruitement Frank Inc.
d/b/a TRG
The St. Nicholas Building
St. Nicholas Street
Newcastle-Upon-Tyne
Tyne & Wear U.K. NE1 1RF
Attn: Chief Privacy Officer
Attention: Chief Privacy Officer

V. Sending Us Information Over The Internet

With respect to CASL, by using our Websites or Services, you hereby expressly consent to receiving, during and after our business relationship, electronic messages from TRG, including via emails and through social media, providing information to you including newsletters, updates, alerts, other publications, news and communications, other information of interest to you and/or information on our services. You can withdraw this consent or modify your preferences as to the types of electronic messages which you wish to receive from us, at any time, simply by notifying us at privacy@tenthrevolution.com or by using the unsubscribe mechanism on any of our electronic messages.

VI. Location of Personal Information and Transfers of Personal Information Outside Canada

Your Personal Information is stored on various servers, including our own, and those maintained by our third party service providers who help us provide our services to you. These servers may be located outside of Canada. Accordingly, by providing us Your Personal information, you explicitly consent to our transfer of your Personal Information to countries outside of Canada. If you do not wish for your Personal Data to be transferred outside of Canada, do not provide your Personal Information to us. You have rights to access and rectification of your Personal Information, among other rights, which you may invoke as otherwise described in this Canada Addendum or this Privacy Notice. When we transfer your Personal Information outside of Canada, we take commercially reasonable and legally required measures with data importers as is reasonably necessary for the protection of such Personal Information, which may include entering into contractual clauses or data protection/security agreements as appropriate. As required by the Quebec Private Sector Act, in general, our server is located in the United Kingdom; our customer relationship database provider keeps its main server in Germany and its disaster recovery server in United Kingdom; our word processing and office program, email, and cloud storage provider has its main servers in the United Kingdom and the European Union; and another cloud storage provider has its main server in Ireland. For more details about your specific Personal Information and where it is located, please contact privacy@tenthrevolution.com. 

VII. What If I Do Not Agree With This Canada Addendum?

Please do not submit any Personal Information to us if you do not agree to our processing of your Personal Information as described herein in this Canada Addendum.

VIII. Changes to this Canada Addendum

We reserve the right to change this Canada Addendum and Privacy Notice from time to time by updating this Canada Addendum on our website or updating the Privacy Notice as described above. Any changes to this Canada Addendum and Privacy Notice will be posted on this Website so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. We encourage you to check this Website frequently for updates. Your continued use of this Website or any TRG services shall constitute your acceptance of the revised Canada Addendum.

TRG will interpret and enforce this Canada Addendum in accordance with all applicable law.

This Canada Addendum was last updated on July 16, 2021.

Japan Addendum

Frank Recruitment Group 株式会社(以下「当社」といいます)は、個人情報保護法および当社の個人情報保護体制に則り、登録者の個人情報の適切な管理に努めます。

Frank Recruitment Group K.K (hereinafter referred to as “TRG“) will endeavor to properly manage the handling of personal information of registrants based on the Act on the Protection of Personal Information and the Company’s personal information protection framework.

ここでいう個人情報とは、当社に提供する個人(以下「本人」という)に関する情報で、氏名、住所、生年月日、電話番号、メールアドレス、その他の記述の組み合わせにより本人を特定できる情報をいいます。

Personal information is the information of the individual (hereinafter referred to as “person“) provided to and, which is the information received by the person who entered the name, entry, date of birth, telephone number, email address, and other versions.

個人情報の収集・利用目的

皆さまからお預かりした個人情報は、以下の目的にのみ利用いたします。

Purpose of collection and use of personal information

Personal information entrusted to you will be used only for the following purposes.

  1. 人材派遣又は有料職業紹介等における最適な仕事のご案内・仕事に関するご連絡、及び契約締結に関する業務。

Guidance on optimal work in contract or perm, contact for introduce job details and work related to contract conclusion.

  1. 提供していただいた本人の個人情報は、就職や転職のために、第三者である求人企業に提供するため。

To provide the personal information of the person provided to a third-party to company for applied to company.

  1. 当社のサービス向上を目的として、意見、要望、情報の提供をお願いするために、個人情報を利用する場合。

We may use personal information to request opinions, requests, and information for the purpose of improving our service.

上記以外の目的で利用する場合は、事前にお知らせし同意を得たうえで利用いたします。

If we use it for purposes other than the above, we will inform you in advance and obtain your consent before using it.

 

個人情報の利用、提供について

About the use and provision of personal information

当社は収集目的の範囲内で個人情報を委託する場合があります。

We may entrust personal information within the scope of the purpose of collection.

また、以下の場合を除き、本人の同意を得ずに第三者に提供をすることはいたしません。

In addition, except in the following cases, we will not provide it to a third party without the consent of the person.

・ 人の生命、身体又は財産の保護のために必要がある場合であり、本人の同意を得ることが困難な時。

・ 公衆衛生の向上又は児童の健全な育成の推進のために特に必要のある場合であり、本人の同意を得ることが困難な時。

・ 国の機関若しくは地方公共団体又はその委託を受けた者が法令の定める事務を遂行することに対して協力する必要があり、本人の同意を得ることにより当該事務の遂行に支障を及ぼすおれがある時。

・ 法令に基づく場合。

・ 合併その他の事由による事業の承継に伴って個人情報の提供が必要な場合。

・ When it is necessary to protect the life, body or property of a person and it is difficult to obtain the consent of the person.

・ When it is particularly necessary to improve public health or promote the sound development of children, and it is difficult to obtain the consent of the person.

・ It is necessary for a national institution or a local public body or a person entrusted with it to cooperate in carrying out the affairs stipulated by laws and regulations, and obtaining the consent of the person will hinder the performance of the affairs. At one point.

・ When required by law.

・ When it is necessary to provide personal information due to business succession due to merger or other reasons.

 

個人情報の取り扱いについて

Handling of personal information

ご提供いただいた個人情報は、適切に取り扱います。

またご本人は、当社に個人情報を提供することは任意ですが、もしご提供をいただけなかった場合は、当社はご登録やサービスをお断りする場合がございます。

We will handle the personal information you provide appropriately.

In addition, the person is voluntary to provide personal information to us, but if we do not provide it, we may refuse registration or service.

個人情報に関する苦情・相談 に関する苦情・相談及び開示等の請求について 及び開示等の請求についてお預かりした個人情報に関する苦情・相談につきましては、速やかに対応させていただきます。

Complaints about personal information / complaints about consultations / requests for consultations and disclosures, etc. and requests for disclosures, etc. We will promptly respond to complaints / consultations regarding personal information that we have received.

お預かりした個人情報につきまして、利用目的の通知、開示、訂正、追加、削除、利用停止をご希望の場合は、ご本人であることを確認させていただいた上で速やかに対応いたします。

If you wish to notify, disclose, correct, add, delete, or suspend the use of your personal information, we will promptly respond after confirming your identity.

お気軽にお問い合わせください

Please feel free to contact us on:

Tenth Revolution Group株式会社への個人情報に関するお問い合わせ窓口

TEL:03-4571-1146

E メール privacy@tenthrevolution.com

 

※本同意書の効力、適用、解釈にあたっては、日本国法が適用されるものとします。

制定日 2024年04月03日

Skip to content