This Privacy Statement applies to Louis Berger entities within the United States, including Berger Group Holdings, Inc., The Louis Berger Group, Inc., Louis Berger Services, Inc., Louis Berger U.S., Inc., Louis Berger International, Inc., and any of their closely held subsidiaries (collectively, “Louis Berger U.S. Entities”), excepting Louis Berger International, Inc. entities inside the jurisdiction of the European Union. This Privacy Statement is intended to complement, to the greatest extent possible, the similar statement adopted by Louis Berger International, Inc., in compliance with the EU General Data Protection Regulation.
This Privacy Statement sets out the basis on which Louis Berger U.S. Entities will handle personal information, which may be collected or provided to Louis Berger U.S. Entities in the course of business. This Privacy Statement is intended to meet the requirements of the EU-U.S. Shield Framework for data protection when transferring personal data between the United States and the European Union. This Privacy Statement does not include information about or from an individual that is professional in nature, such as education, licensing, professional experience and employment history, and which is typically submitted in proposals to public and commercial clients. On the basis of the type of business it pursues, Louis Berger U.S. Entities have little need for personal information of non-employees (which include the employees of Louis Berger International, Inc., entities inside the jurisdiction of the European Union) except as described above.
Berger Group Holdings, Inc., and its wholly-owned subsidiaries comply with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Berger Group Holdings, Inc., and its wholly-owned subsidiaries have certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit www.privacyshield.gov.
In compliance with the Privacy Shield Principles, Berger Group Holdings, Inc., and its wholly-owned subsidiaries commit to resolve complaints about our collection or use of your personal information. Individuals with inquiries or complaints regarding our Privacy Shield Privacy Statement should first contact Berger Group Holdings, Inc., at firstname.lastname@example.org. Alternatively, the firm’s ethics and compliance officer is available through a secure and confidential Hotline either though www.louisberger.ethicspoint.com in the United States; by phone 877-315-9932 or collect internationally 503-726-3996; or email to Berger’s Corporate Ethics Officer at email@example.com. Berger Group Holdings, Inc., has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of the employment relationship.
REGARDING PERSONAL INFORMATION ABOUT PERSONS NOT EMPLOYED BY LOUIS BERGER U.S. ENTITIES:
1 How do Louis Berger U.S. Entities collect personal information of non-employees?
1.1 Louis Berger U.S. Entities may obtain personal information of non-employees from its staff, service providers, agencies/ authorities and service users during the normal course of its business.
1.2 Louis Berger U.S. Entities may obtain personal information of non-employees from potential business partners and business intermediaries through due diligence checks as part of its procurement process.
1.3 Louis Berger U.S. Entities may collect personal information of non-employees that is available in the public domain, including but not limited to: newspaper or online media items, publicly available posts on LinkedIn or social media or other information sources.
1.4 Louis Berger U.S. Entities may obtain personal information from a non-employee individual when that individual inquires about Louis Berger U.S. Entities activities, registers with it, sends or receives an email, asks a question or otherwise voluntarily provides personal information.
1.5 Louis Berger U.S. Entities may see, but not necessarily retain, personal information about a non-employee individual in RFP-required forms submitted by our subcontractor partners as part of the proposal process.
1.6 Louis Berger U.S. Entities may receive personal information about a non-employee individual from third parties that introduce the individual to the Louis Berger U.S. Entities, for example from service providers or partner organizations who provides the individual’s information.
1.7 Louis Berger U.S. Entities may obtain personal information from a non-employee individual through “likes” on Facebook, followings on Twitter or connections through LinkedIn (‘social media platforms’). Louis Berger U.S. Entities would only have access to individual information to the extent that the individual has made it public on social media platforms.
2 What information do Louis Berger U.S. Entities collect of non-employees?
2.1 Louis Berger U.S. Entities rarely need to see or retain personal information of non-employee individuals who are not employees. Louis Berger U.S. Entities have no obligation to conduct due diligence on the accuracy of personal information provided to it.
2.2 The personal information seen or received by Louis Berger U.S. Entities will vary with the situation. In general, Louis Berger U.S. Entities may receive name, email address, possibly residential postal address, telephone number(s), and rarely, date of birth and social security numbers of non-employees who are not applying for positions at the firm.
2.3 From employees of a subcontractor or a joint venture partner, Louis Berger U.S. Entities may see, but rarely need to retain or U.S.e, personal information relating to age, gender, race/ethnic information, trade union membership, etc. when requested by RFP-required questionnaires, which become part of proposal or contract submittals to public and commercial clients.
2.4 Louis Berger U.S. Entities may collect personal information, on rare occasions and only to the extent necessary, to comply with U.S. employment law obligations or for government security purposes in proposal or contract settings, or as otherwise permitted by law.
3 How do Louis Berger U.S. Entities use this personal information of non-employees?
3.1 In the rare occasions when non-employee individual’s personal information is disclosed to it, Louis Berger U.S. Entities take appropriate measures to keep it secure and keep it only for so long as is necessary for the purposes for which it is used.
3.2 Except in rare situations, Louis Berger U.S. Entities do not actively collect and do not need to use non-employee personal information. However, such information may be collected and used in anti-corruption and compliance reviews as part of our vetting of potential business partners or vendors.
4 With whom do Louis Berger U.S. Entities share personal information of non-employees?
4.1 Louis Berger U.S. Entities may share non-employee individual’s personal information with other members of the Louis Berger companies, for the purposes listed above, generally related to the professional services or business operations of Louis Berger U.S. Entities. This information transfer may require transfers of such information to other countries outside the United States including Louis Berger entities in the European Economic Area or offices in other countries. Louis Berger U.S. Entities make such transfers to the extent permitted under jurisdictional data protection legislation.
4.2 On rare very occasions, Louis Berger U.S. Entities may also need to disclose individual personal information of non-employees in its possession if required by law to, for example, federal state and local government bodies through integrity questionnaires and law enforcement agencies through subpoenas.
5 For how long do Louis Berger U.S. Entities keep personal information of non-employees?
5.1 Louis Berger U.S. Entities keep individual personal information of non-employees for no longer than is necessary, or for a period required by law. Where Louis Berger U.S. Entities are not under a legal obligation to retain such information, Louis Berger U.S. Entities will determine what is necessary by reference to the lawful basis for processing set out above and our legitimate interests.
6 How do Louis Berger U.S. Entities protect personal information of non-employees?
6.1 Louis Berger U.S. Entities take appropriate technical and organizational measures to protect disclosed personal information and hold only for so long as is necessary for the purposes for which it is used.
7 Non-employee individual’s rights regarding personal information
7.1 A non-employee individual may request confirmation, using contact information provided above, that Louis Berger U.S. Entities are processing his/her personal information, and to request access to this information (‘right of access’).
7.2 A non-employee individual may be informed of the safeguards that Louis Berger U.S. Entities use in transfers of his/her personal information to another country or to an international organization.
7.3 A non-employee individual, using contact information provided above, may ask to rectify personal information he/she thinks is inaccurate, to remove information which is inaccurate, or complete information which is incomplete (‘right to rectification’). If data is rectified, removed or modified, Louis Berger U.S. Entities will inform relevant third parties with whom Louis Berger U.S. Entities have shared such data so they may update their own records.
7.4 An individual may ask Louis Berger U.S. Entities to restrict processing of his/her information (‘right to restriction’) if:
7.4.1 The data is not accurate;
7.4.2 The processing is unlawful and you ask Louis Berger U.S. Entities to restrict use of it instead of erasing it;
7.4.3 Louis Berger U.S. Entities no longer need the information for the purpose of processing, but the individual requires a litigation hold on it.
7.5 A non-employee individual has a right to obtain his/her personal data from Louis Berger U.S. Entities and reuse it for his/her own purposes, without hindering the usability of the data (‘right of portability’). This right does not apply where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in Louis Berger U.S. Entities.
7.6 An individual has a right to seek the erasure of his/her data (often referred to as the ‘right to be forgotten’). Louis Berger U.S. Entities are entitled to and reserve the right to retain such data for statistical purposes or may need to continue processing such information, for example, to comply with legal obligations.
7.7 To exercise these rights, contact the company through: firstname.lastname@example.org.
8 Additional Information
8.1 Louis Berger U.S. Entities are subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
8.2 Louis Berger U.S. Entities recognize its potential liability in cases of onward transfers to third parties not in compliance with the Privacy Shield requirements.
9.1 Louis Berger U.S. Entities may change the terms of this Privacy Statement from time to time. Where such changes affect the purposes for which Louis Berger U.S. Entities use individual personal information Louis Berger U.S. Entities will let you know.
REGARDING PERSONAL INFORMATION OF PERSONS EMPLOYED BY LOUIS BERGER U.S. ENTITIES:
1 Employee Personal Information held by Louis Berger U.S. Entities
1.1 A personnel file containing personal information about an employee may include (but is not limited to):
1.1.1 Employee and family contact details, home address and details of next of kin;
1.1.2 Employee date of birth and social security number;
1.1.3 Employee’s CV and details relating to their recruitment;
1.1.4 Employee’s holiday and sickness absence records;
1.1.5 Employee medical information including doctor’s notes and self-certification;
1.1.6 Employee appraisal and performance records;
1.1.7 Information relating to any disciplinary or grievance procedures, including the outcome of such procedures and, if applicable, warnings issued to Employee;
1.1.8 Information on gender and ethnicity; and
1.1.9 Employee financial information such as bank account, salary and benefits.
1.2 Louis Berger U.S. Entities will securely store paper and electronic forms of Employee personal information, subject to access controls where necessary.
1.3 Employee’s personal information also may be located within Louis Berger U.S. Entities’ systems, for example in a manager's company email inbox or computer; within payroll systems; or within other documents stored in relevant business systems.
1.4 Use of Employee personal information is in the reasonable and legitimate interest of conducting the business in accordance with good practice, and managing the relationship with Employees.
1.5 Louis Berger U.S. Entities project management may utilize Employee compensation information to assess labor costs and manage successful projects; in project management systems; and with project accountants via Louis Berger U.S. Entities’ project management databases.
1.6 Louis Berger U.S. Entities may process the Employee personal information for administrative, legal, management and personnel purposes and for all purposes relating to employment.
1.7 Louis Berger U.S. Entities provide training on personal information protection issues to staff who handle Employee personal information in the course of their duties at work. Louis Berger U.S. Entities provide refresher training on a periodic basis via the Berger Learn portal.
2 Monitoring of Employees
2.1 Louis Berger U.S. Entities may monitor Employees by various means including, but not limited to, recording Employee movement by CCTV in its facilities’ public work spaces, such as work activity rooms, warehouses, and parking garages for security and safety purposes
2.2 Where practical, Louis Berger U.S. Entities will inform Employees that monitoring is taking place, how data is being collected, how the data will be securely processed and the purpose for which the data will be used. Louis Berger U.S. Entities will not retain such monitoring data for any longer than is absolutely necessary.
2.3 In exceptional circumstances, Louis Berger U.S. Entities may use monitoring covertly, as appropriate, where there is, or could potentially be, damage caused to Louis Berger U.S. Entities by the activity being monitored (for example, where an employee is suspected of stealing property belonging to Louis Berger U.S. Entities or a third party, or misusing Louis Berger U.S. Entities systems or resources or is engaged in fraudulent or criminal activity) and where it is not practical to procure the information by non-intrusive means.