Information Collection and Use
“Personal Information” means information that can be used to identify an individual. We may collect and use Personal Information including your name, telephone number, address and email address, employment information, as well as other identifying information. We may also in limited circumstances and as necessary for the relocation collect and use sensitive information such as health or disability data. We obtain consent from Transferees where required under applicable law for the processing of Personal Information, including sensitive information, in cases where your employer (our client) has not done so on our behalf. We may collect Personal Information about you when you provide it to us through our web site, over the phone or by mailing it to us. We also may collect Personal Information about you from your employer or other third parties such as our suppliers who provide services to you. The Personal Information collected will be used only to communicate with you and to help us provide relocation services to you in accordance with our client agreements. As necessary for these purposes, we may share your Personal Information among the companies within the BGRS family. You have the right to opt out of any use of your Personal Information that is incompatible with the purposes for which we originally collected it or that you subsequently authorized.
We also may disclose Personal Information about you as required or permitted by law. We do not sell Personal Information about you to anyone, nor do we permit any of our suppliers to do so. We will retain your Personal Information only as long as necessary to provide you with our services or as required by our contractual arrangements, data retention policies, or by legal requirements.
Correcting/Updating Your Information
We are committed to keeping your Personal information accurate and up-to-date. If you are a current customer and have registered for online access through one of our web sites, you may be able to update Personal information such as: your address, telephone number, email address, user name, password and secret question online. If you are unable to access or make changes to the information you have provided to us online, you may contact us in order to do so. To request access to your Personal Information and/or to correct or update it, please use the contact information provided in Section V below. We will act in good faith and take reasonable steps to comply with your request.
Transferees resident in the EU should refer to Annex A for information about how to access personal data covered by Privacy Shield that is held by BGRS.
Some of our web sites may make use of “cookie” technology to measure site activity and to customize information to your personal tastes. A cookie is an element of data that a web site can send to your browser which may then store the cookie on your hard drive. Subsequently, when you come back to visit us again, we can tailor information to suit your individual preferences. The goal is to save you time and provide you with a more meaningful visit. Cookies may collect information, including a unique identifier, user preferences, profile information, membership information, general use and volume statistical information, individual web site use data, or provide electronic personalization. Cookies cannot be used to collect sensitive information about your computer or data residing on your computer. Most major web sites use this technology and most browsers are set up to accept them.
When you visit our site, we may collect and store information about your visit. We use this information to measure site activity and to develop ideas for improving our site. This information may include: time and length of your visit; web pages you look at on our site; the web site you visited just before coming to ours and the name of your Internet service provider.
Visitors may disable cookies by visiting their browser settings and adjusting their browser’s cookie settings; however, disabling cookies may interfere with the ability to access and/or view certain content on this site.
Who to Contact
150 Harvester Drive, Suite 201
Burr Ridge, IL 60527
Collection of Personal Information from Children
This site is not directed toward children, including those under the age of 13. We do not knowingly collect or post any information, including Personal Information, from children.
Compliance With The Specific Data Protection Laws
“Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Client” refers to the corporate customer with which BGRS contracts to provide relocation or other services for one or more of its employees (i.e., Transferees).
“Department” means the United States Department of Commerce.
“EU Personal Data” for purposes of this Privacy Shield Policy refers to all data about an identified or identifiable individual that are within the scope of Directive 95/46/EC, received by BGRS in the United States from the European Union, and recorded in any form, and that is subject to the EU-U.S. Privacy Shield Principles.
“Processing” of personal data means any operation or set of operations which is performed upon personal data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
“EU Sensitive Data” includes but may not be limited to EU Personal Data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or information specifying the sex life of the individual, and that is subject to the EU-U.S. Privacy Shield Principles.
Compliance with EU-U.S. Privacy Shield
BGRS complies with the EU-U.S. Privacy Shield Framework Principles and the Supplemental Principles (collectively, the “Principles”), which includes compliance with the specific procedures, obligations, and provisions detailed below. BGRS’s compliance with each of the relevant Principles is confirmed in further detail below.
BGRS’s Collection, Use, and Disclosure of EU Personal Data
Means for Individuals to Limit Use and Disclosure of EU Personal Data
BGRS adheres to the Choice Principle and the Sensitive Data and Choice – Timing of Opt Out Supplemental Principles. BGRS or its Client obtains consent from Transferees to process their EU Personal Data, and BGRS offers Transferees choice regarding the processing of their EU Personal Data, including where relevant EU Sensitive Data, as described in Section III.2 of this Privacy Shield Policy.
Inquiries, Complaints, and Right of Access to EU Personal Data
BGRS has designated JAMS to serve as an independent dispute resolution body to address unresolved complaints regarding BGRS’s adherence to the Principles and provide appropriate recourse at no cost to individuals covered by this Privacy Shield Policy. Please see Section III.7 of this Privacy Shield Policy for more information regarding the process for submitting complaints about BGRS’s EU Personal Data practices.
An individual may also invoke binding arbitration pursuant to the conditions and procedures set out in Annex I to the Principles. Arbitration is available to an individual to determine, for residual claims, whether BGRS has violated its obligations under the Principles as to that individual, and whether any such violation remains fully or partially unremedied. This option is available only for these purposes.
BGRS Is Subject to the Investigatory and Enforcement Powers of the Federal Trade Commission and Complies With Lawful Data Requests
BGRS is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). BGRS may be required to disclose Personal Information and EU Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
BGRS’s Liability In Cases of Onward Transfers
In the context of an onward transfer, BGRS is responsible for the processing of EU Personal Data that it receives and subsequently transfers to a third party agent acting on its behalf. BGRS remains liable under the Principles if its agent processes such EU Personal Data in a manner inconsistent with the Principles, unless BGRS proves that it is not responsible for the event giving rise to the damage.
In cases where BGRS acts as a data controller (or co-controller with its Client), BGRS adheres to the Choice Principle and the Sensitive Data and Choice – Timing of Opt Out Supplemental Principles.
Depending on BGRS’s contractual arrangements with each Client, BGRS may obtain consent directly from Transferees to process their EU Personal Data in connection with the provision of relocation services. For certain other Transferees, BGRS’s Client may obtain consent from the employee of the Client who is to be relocated and then authorizes BGRS to process relevant EU Personal Data, including where relevant EU Sensitive Data, in connection with the provision of relocation services pursuant to a service provider contract.
BGRS offers individuals who are covered by this Privacy Shield Policy the opportunity to choose (“opt out”) whether his or her EU Personal Data is to be disclosed to a third party. BGRS also offers individuals who are covered by this Privacy Shield Policy the opportunity to opt out if BGRS provides notice that it intends to use his or her EU Personal Data for a purpose that is materially different from the purpose(s) for which it was originally collected or authorized by the Transferee in question. Individuals may opt out by sending an email to: email@example.com or by calling: 1.416.380.7564. If opting out, please provide, at a minimum, your name and identify your employer in order to assist BGRS in verifying your identity, and please identify the uses or disclosures of EU Personal Data by BGRS for which you are choosing to opt out. Note that opting out may affect BGRS’s ability to provide some of its relocation services.
With regard to EU Sensitive Data, BGRS or its Client will obtain affirmative express consent (opt in) if EU Sensitive Data is to be disclosed to a third party or is to be used for a purpose other than that for which it was originally collected or subsequently authorized by the individuals through the exercise of opt in choice, unless the information in question is subject to an exception contained in the Sensitive Data Supplemental Principle.
In cases where BGRS is acting as a processor, BGRS will assist its Client in complying with the Choice Principle.
Please see Section III.1.b of this Privacy Shield Policy for more information regarding BGRS’s adherence to the Choice Principle and the Sensitive Data and Choice – Timing of Opt Out Supplemental Principles.
Accountability for Onward Transfer
BGRS adheres to the Accountability for Onward Transfer Principle and the Obligatory Contracts for Onward Transfer Supplemental Principle.[ii]
Data Integrity and Purpose Limitation
BGRS will keep the EU Personal Data of Transferees in accordance with the terms and conditions of the relevant customer agreement in cases where BGRS is acting as a processor or agent. In cases where BGRS is acting as a data controller, BGRS may retain the EU Personal Data of a Transferee for the longer of any of the following: (i) the period during which the Transferee remains an active customer of BGRS; (ii) the period specified in the Transferee’s unambiguous consent to the processing of its data by BGRS for relocation purposes; or (iii) as long as necessary for BGRS to meet any applicable legal requirements or to protect its legitimate interests, including with respect to actual or potential legal claims.
BGRS may limit or deny access as provided in the Principles, including where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated. If BGRS determines that access should be restricted in any particular instance, BGRS will provide as appropriate to the individual requesting access an explanation of why BGRS has made a determination to restrict access and a contact point for any further inquiries. BGRS is not required to provide access unless it is supplied with sufficient information to allow it to confirm the identity of the person making the request. BGRS will respond to all access requests within a reasonable time period, in a reasonable manner, and in a form that is readily intelligible to the individual.
In cases where BGRS is acting as a processor, BGRS will obtain authorization from its Client prior to providing access or refer the requesting individual to the appropriate Client contact.
BGRS may charge a fee for providing access where necessary or appropriate.
Please see Section III.1.c of this Privacy Shield Policy for more information regarding BGRS’s adherence to the Access Principle and Access Supplemental Principle.
Recourse, Enforcement, and Liability
BGRS utilizes JAMS, an alternative dispute resolution provider based in the United States, to investigate and expeditiously resolve complaints and disputes that cannot be resolved internally, at no cost to the individual, by reference to the Principles. Unresolved complaints may be directed to JAMS using the complaint submission form found here. Individuals are encouraged to raise any complaints they have with BGRS before proceeding to JAMS. The JAMS complaint and recourse mechanism described here is available to individuals whose EU Personal Data has been collected or processed by BGRS under the Principles. The JAMS complaint and recourse mechanism is not available to individuals whose personal data has been collected or processed by BGRS under any other EU data transfer adequacy mechanism.
BGRS has implemented a self-assessment procedure to verify that the attestations and assertions that BGRS has made about its Privacy Shield privacy practices are true and that they have been implemented as presented and in accordance with the Principles. BGRS is obligated to remedy problems arising out of any failure to comply with the Principles.
Please see Section III.1.c of this Privacy Shield Policy for more information regarding BGRS’s adherence to the Recourse, Enforcement and Liability Principle and the Verification and Dispute Resolution and Enforcement Supplemental Principles.
Adherence to the Principles
BGRS adheres to or its data practices with respect to EU Personal Data are consistent with the Principles, including those not specifically listed above, such as the Supplemental Principles of: Self-Certification; Travel Information; Public Record and Publicly Available Information; and Access Requests by Public Authorities.
[i] BGRS’s agreements with its corporate clients determine whether personal data that is transferred to points outside the European Union are to be covered by the EU-U.S. Privacy Shield Principles or another EU-approved adequacy mechanism, including the EU Standard Contractual Clauses. In the event that the relevant agreement is silent on this point, this Privacy Shield Policy shall apply to the EU Personal Data covered by the agreement.
[ii] During the nine-month interim period following the date on which BGRS certifies to the Privacy Shield Framework, BGRS will adhere to the requirements set out in the Self-Certification Supplemental Principle for transferring data to third parties during the interim period.