Effective Date: December 16, 2021
This Policy applies to all subsidiaries, business units and personal data-processing activities under the responsibility of SmithGroup Companies, Inc.
1. PRIVACY STATEMENT
SmithGroup has created this Policy to demonstrate a commitment to privacy. The following information discloses information gathering and dissemination practices by SmithGroup.
A. EU-U.S. Privacy Shield
SmithGroup participates in and endeavors to comply with the EU-U.S. Privacy Shield Framework (“Framework”). SmithGroup is committed to subjecting all personal data received from European Union (EU) member countries, in reliance on each Framework, to the Framework’s applicable Privacy Shield Principles (“Principles”). To learn more about the Privacy Shield Frameworks, visit the U.S. Department of Commerce’s Privacy Shield List.
SmithGroup is responsible for processing personal data it receives, under each Framework, and subsequently transfers to a third party acting as an agent on its behalf. SmithGroup endeavors to comply with the principles for all transfers of personal data from the EU, including the transfer liability provisions.
With respect to personal data received or transferred pursuant to each Framework, SmithGroup is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain circumstances, SmithGroup may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
SmithGroup commits to cooperate with the panel established by the EU Data Protection Authorities (“DPAs”), as applicable, and comply with the advice given by the authorities, with regard to human resources data transferred from the EU, as applicable in the context of the employment relationship.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact us at Privacy [at] SmithGroup.com.
B. Information Collection and Use
This Policy applies solely to the role SmithGroup plays in collecting, using and storing data.
SmithGroup’s use of information collected shall be limited to the purpose of conducting our normal business operations.
Typically, information collection and usage falls into the following categories: clients, consultants, applicants and employees, as follows:
Clients: During the course of client interaction and project work, a wide range of information may be collected including, but not limited to, a client’s FEIN, financial institution, employee demographics, growth projections, etc. This information may be stored in a range of onsite and third party hosted environments. This information is solely used for the purposes of executing SmithGroup’s contracted services.
Consultants: During the course of project work, a wide range of information may be collected including, but not limited to, a consultant’s contact information, financial institution, prior work examples, etc. This information may be stored in a range of onsite and third party hosted environments. This information is solely used for the purposes of executing SmithGroup’s contracted services.
Applicants: The application process collects personal information (such as, name, work history, home address, etc.). This information is solely used for evaluating and selecting applicants for employment. Applicants may enter personal information directly through the application system and/or indirectly by contacting SmithGroup Human Resources staff. This personal information may be stored in a range of onsite and third party hosted environments.
Employees (current and former): During the course of employment, various personal information may be collected such as social security number, birth date, dependent information, employee performance, etc. This information is solely used for employment purposes and complying with local, state and federal requirements. In addition, during the course of employment, SmithGroup may collect additional information related to employee project work, expertise, geographic location, etc. to improve the quality and efficiency of our projects. This information may be stored in a range of onsite and third party hosted environments.
C. Information Processing
By providing your information to SmithGroup, you acknowledge and agree that the technical processing and transmission of your information, may involve transmissions over various networks, including the transfer of this information to the United States and/or other countries for storage, processing and use by SmithGroup, its affiliates, and their agents.
D. Correction /Updating Personal Information
SmithGroup acknowledges that you have a right to access your information. If you seek to access, change or delete any information, unless otherwise prohibited by law, you may do so by logging into the appropriate system or by contacting SmithGroup at Privacy [at] SmithGroup.com.
E. Data Retention
Subject to Section D above, SmithGroup will retain information for as long as required for our business needs and operations.
The opportunity to 'opt-out' of general mailings and notifications is provided via the Opt-Out mechanism attached to all SmithGroup e-mails.
G. Notification of Changes
SmithGroup may update this Policy to reflect changes to our information practices. If we make any material changes, we may notify you by email (the e-mail address specified in your account) or by means of a notice on this website prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices. Changes to the Policy are posted at www.smithgroup.com.
2. AUTOMATED DATA COLLECTION TECHNOLOGY
A. Information Collection and Use
SmithGroup may collect information about users automatically as they navigate through our online systems.
As is true of most websites, SmithGroup gathers certain information automatically. This information may include Internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the website.
This information is used by SmithGroup for a number of purposes, including authentication, preferences, performance analytics and improving the overall system.
The technologies SmithGroup uses for this automatic data collection may include, without limitation:
- Web Beacons: Pages of our applications and e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs) that permit SmithGroup, for example, to count users who have visited those pages, opened an e-mail or other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity). By disabling browser cookies, unique information associated with web beacons will also be disabled.
3. SECURITY MEASURES
A. Data Security
SmithGroup endeavors to follow best practices relative to data security, including NIST SP 800-171 guidelines.
4. DISCLOUSRE OF INFORMATION FOR LAW ENFORCEMENT
- SmithGroup may disclose information as required by law, such as to comply with a subpoena, or similar legal or security process when we believe in good faith that disclosure is necessary to protect our rights, protect the safety of our users or others, investigate fraud, or respond to a government order or request.
5. OWNERSHIP AND ADMINISTRATION
This Policy is owned and administered by SmithGroup.
To ask questions or comment about this Policy and our privacy practices, contact us at: privacy [at] smithgroup.com.
SmithGroup Companies, Inc.
500 Griswold Street
Detroit, MI 48226 USA
A. This Policy applies to the information gathering and dissemination practices for SmithGroup and supersedes all other policies, procedures, practices, and guidelines relating to the matters set forth herein.