Data Privacy and Website Policy
Effective Date: 5th of June 2013, Amended 17th of January 2019
What is this Policy?
Newton Consulting, LLC and its affiliates (collectively, “Newton”) respect the importance of protecting the privacy of personal data (“Personal Data”) collected by us. Newton collects and uses Personal Data to provide world-class services for our employees, clients and partners. This Policy is designed to set forth how Newton will handle Personal Data that it collects in the normal course of business. Newton strives to be global and consistent in how it handles personal data.
All individuals who provide personal information, such as consumers, customers, research subjects, business partners, members, job applicants, employees, retirees and others; All locations where we operate, even where local regulations do not exist; and All methods of contact, including in person, written, via the Internet, direct mail, telephone, or facsimile.
This Policy does not necessarily describe how local management may handle personal data in order to comply with local privacy laws. Local management in conjunction with the responsible human resources manager(s) will be responsible for accessing and complying with local/unique laws and/or rules regarding the processing of personal information in that particular locale.
This Policy is also designed to inform all employees about their obligation to protect the privacy of all individuals (whether co-employees, independent contractors, or sub-contractors) and the security of their personal information. The violation of this Policy, whether negligent or intentional, may be subject to disciplinary action by Newton.
This is a Global Policy. Newton will extend the protection of the Privacy Shield Principles to all personal data originating outside of the United States, which is transferred to Newton facilities in the United States. Outside of the United States, Newton facilities are required to comply with this Policy as well as the privacy laws in force in their local jurisdictions.
Our affiliates who may receive Personal Data as described within this Policy are: Newton Talent; Newton Institute, LLC; Aspirant; Aspirant, Ltd.
Each of those affiliates is committed to complying with the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Framework Principles, including the Supplemental Principles.
Personal Data: Information that (1) is transferred from the EU to the United States; (2) is recorded in any form; (3) is about, or pertains to a specific individual; and (4) can be linked to that individual.
Sensitive Data: Information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership or that information that concerns an individual’s health. For purposes of the Swiss-U.S. Privacy Shield Framework this definition shall also include ideological views or activities, information on social security measures, or administrative or criminal proceedings and sanctions, which are treated outside pending proceedings.
Privacy Shield Principles (the “Principles”): The seven principles (notice; choice; accountability for onward transfer; data security; data integrity and purpose limitation; access; and resource, enforcement, and liability) issued by the Department of Commerce to diminish data privacy uncertainty and provide a more predictable framework for data transfers.
To ensure the privacy of Personal Data, Newton has implemented measures to address the Principles.
Excluding our Employee Information, which is detailed below, Newton processes and uses your Personal Data only as part of our business relationship with you and/or your company; including contract and billing administration; fulfilling business obligations to you and/or your company; marketing communications; and other business-related activities of which you are informed of at the time your Personal Data is collected or as soon thereafter as is practical. We may be required to disclose Personal Data to our agents, contractors, vendors, and business partners or to protect and defend the rights or property of Newton. Newton must reply to lawful requests from public authorities, including national security or law enforcement, for disclosure of Personal Data.
Newton does not sell, lease or rent Personal Data to third parties.
Newton collects Employee Data from prospective and present employees only for legitimate business purposes, including the administration of insurance benefits. Our European Union employees, at the time of their employment, are notified in detail how their Personal Data will be used. Employee Data on health, performance evaluations, and disciplinary actions, as well as other sensitive employee matters, is accessible by other Newton employees or third party agents only if necessary with respect to legitimate human resource functions or issues.
An employee may choose to provide a picture and other Personal Data to be placed on the Newton intranet. New employees may decline to provide this consent, and all employees may withdraw their consent to such publications at any time.
For legitimate human resource purposes, employees may choose to voluntarily disclose Personal Data about family members. If an employee chooses to do so, their family member’s Personal Data shall be treated, for the purposes of this Policy, the same as an employee’s Personal Data. Unless otherwise noted or excluded by context, “Employee Data” is included within the definition of “Personal Data” for the purposes of this Policy. Employee Data is never sold, leased, or rented to a third party. Employee Data will never be disclosed to third parties, except as follows: (1) to those retained by Newton for processing only for the purposes set forth above; (2) where required pursuant to an applicable law, governmental, or judicial order, law or regulation, or to protect the rights or property of Newton; (3) where authorized in writing by the Employee; (4) where the Employee voluntarily provides Personal Data and the context makes it clear that Employee Data will be provided to a third party; and/or (5) Employee resumes/bios may be provided to Clients or prospective Clients.
Newton may require certain Employees and applicants to maintain a resume or bio, including name, title, education, and areas of expertise. These resumes or bios may be provided to Clients or prospective Clients of Newton in support of Newton’s efforts to secure new and/or continuing business. Where Personal Data is transferred from the EU to the US in the context of the employment relationship, we will cooperate in investigations by and to comply with the advice of the competent EU Authorities.
Newton will offer individuals the opportunity to choose (opt out) whether their Personal Data is (1) disclosed to a third party (other than a Newton agent) or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Although, we do not anticipate disclosing Sensitive Data to a non-agent third party, Newton will give individuals the opportunity to affirmatively or explicitly (opt out) consent to the disclosure of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. The only exception to this choice for both sensitive and non-sensitive Personal Data would be a situation where we are required to disclose Personal Data pursuant to governmental or judicial order, law, or regulation.
At a minimum, you will be able to opt-out from receiving marketing materials. If we determine that applicable national law requires more stringent requirements (opt-in), those will be applied.
Newton will not transfer Personal Data originating in the EU or Switzerland to a third-party agent, unless the agent has entered into an agreement with Newton requiring that Personal Data be protected in accordance with the Principles. Personal Data will only be transferred for limited and specific purposes. We acknowledge our liability for such data transfers to third parties.
Transfer of Personal Data originating in countries outside the EU or Switzerland will be conducted according to the laws of the countries from which the Personal Data is being transferred.
Newton shall take reasonable steps to protect information from loss, misuse and unauthorized access, disclosure, alteration and destruction. Newton has put in place appropriate physical, electronic and managerial procedures to safeguard and secure information from loss, misuse, unauthorized access or disclosure, alteration or destruction. Newton cannot guarantee the security of information on or transmitted via the internet.
Newton shall only process Personal Data in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, Newton shall take reasonable steps to ensure that Personal Data is accurate, complete, current and reliable for its intended use.
If you wish to access, amend, or confirm that Newton has Personal Data relating to you, or if you wish to correct or delete your Personal Data if it is inaccurate, please notify us at: firstname.lastname@example.org. We will respond to your request within a reasonable time.
Employees may review their personnel files and any Personal Data concerning them upon request.
Newton is subject to the investigatory and enforcement powers of the Federal Trade Commission.
In compliance with the Privacy Shield Principles, we encourage EU and Swiss individuals to raise any concerns and we will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of Personal Data in accordance with the Principles. Please contact us at email@example.com - we will investigate your compliant, take appropriate action and report back to you within forty-five (45) business days.
For the EU-U.S. Privacy Shield - If a complaint or dispute cannot be resolved through our internal process, Newton has designed JAMS as our Dispute Resolution provider, pursuant to the Principles for non-human resources data. JAMS can be contacted: https://www.jamsadr.com/eu-us-privacy-shield.
If a complaint or dispute cannot be resolved through our internal process, Newton has further committed to participate in the dispute resolution procedures of the panel established by the EU data protection authorities (“DPA’s”) to resolve disputes for complaints concerning human resources data transferred from the EU in the context of the employment relationship, pursuant to the Principles. The EU DPA’s may be contacted directly via the information provided at http://ec.europa.eu/justice/data-protection/bodies/authorities/eu/index_en.htm. Newton will cooperate with the appropriate EU Data Protection Authorities during investigation and resolution of complaints brought under the EU-U.S. Privacy Shield.
For the Swiss-U.S. Privacy Shield - If a complaint or dispute cannot be resolved through our internal process, Newton has designed JAMS as our Dispute Resolution provider, pursuant to the Principles. JAMS can be contacted directly: https://www.jamsadr.com/eu-us-privacy-shield.
If you do not receive timely acknowledgement of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU DPAs or Swiss Federal Data Protection and Information Commissioner, as applicable, for more information or to file a complaint. These recourse mechanisms are available at no cost to you. Damages may be awarded in accordance with applicable law. Under certain conditions, if you are not satisfied with the above recourse mechanism, you may be able to invoke binding arbitration.
We may amend this Policy at any time by posting the amended terms on the Newton Site. All amended terms shall be effective immediately upon posting. We encourage you to periodically review this page for the latest information on our privacy practices. In case of the sale of the company, acquisition or merger, bankruptcy, or other change in corporate status, this Policy could change. In addition, other company policies and statements may supplement this Policy.