Prophet is a diverse, global consultancy with offices across the United States, and in London, Berlin, Zurich, Hong Kong and Shanghai. Our business practices and processes are shared between our global offices, which means that our client and employee data is shared between our US, European and other international offices. Prophet is fully committed to the proper handling and privacy of the personal information that it collects or uses for all individuals within the European Union and Switzerland. To protect the individual’s information, Prophet complies with both the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework designed by the U.S. Department of Commerce, the European Commission and the Swiss Administration.
Prophet is under the jurisdiction of the U.S. Federal Trade Commission for investigations and enforcement related to compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. All of Prophet’s privacy practices comply with the following Privacy Shield Principles, as detailed in the policy section of this document:
- Accountability for Onward Transfer
- Data Integrity and Purpose Limitation
- Recourse, Enforcement and Liability
Scope and Applicability
Adherence to this policy applies to all employees who work for Prophet, or one of its subsidiary companies in the United States, United Kingdom, Germany, Switzerland, Singapore and China.
Prophet collects, handles and processes your personal information only for business purposes with you and/or your company. If your personal information is collected and used, Prophet will notify you, usually at the time of collection or as soon as possible after the information is collected. Prophet may disclose your personal information to comply with any lawful requests from public authorities, law enforcement, or matters of national security.
Prophet does not sell or rent your personally identifiable information to anyone. Prophet may disclose your personal data to third parties for legitimate business purposes. The types of third parties that may be used by Prophet, and the purposes for disclosing personal information, include but are not limited to:
- Vendors that assist with payroll, benefits and HR support for employees
- Vendors that supply Software as a Service (SaaS) for internal communications and sales tracking
- Credit card companies that have employee credit card information
- Travel expense vendors who manage employee travel expense information
- Vendors who provide project support or project management support
- Vendors who provide analytics services for projects
- Vendors who provide backup or storage services for data
In addition to your personal and demographic information, when you visit a Prophet website your web browser software may automatically provide us with information such as the browser name and version, your computer type, operating system and the previous website you visited if you clicked a link to our site from another website. We also automatically determine your internet IP address or your internet service provider’s IP address. Any of this information may be recorded in our system logs or securely collected on our behalf via third-party services. This information will only be used internally in anonymous, aggregate reporting.
Our website contains links to other sites. Prophet does not share your personal information with these sites, nor do we have any control over the privacy policies of those sites. We encourage you to learn about the privacy policies of the companies responsible for those sites.
We collect and use employee information only for business purposes, and our employees’ personal information is never sold or rented to third parties. Data may be collected and stored from potential candidates for hire with Prophet, which includes direct employees and contractors. Employee information, including personally identifiable information (PII), performance and disciplinary information, health-related information or other sensitive employee information is only accessible by Prophet employees who have legitimate human resource purposes, and/or a business need to know.
European Union and Swiss employees are notified at the time of their employment how their personal information will be used. Prophet will comply with any investigations from EU or Swiss Authorities, as applicable by law.
Prophet will provide you with the opportunity to opt-out of having your personal information (1) disclosed to a third party who is not currently working for Prophet, and (2) used for a purpose that is different from the original use purpose when it was collected or authorized for use by you. The only exception to this choice is the requirement of disclosure of personal information by government or judicial order, or other legal requirements.
You can choose to opt-out of marketing materials from Prophet at any time. To exercise your rights to limit how your data is used as described above, contact us at firstname.lastname@example.org with instructions on which opt-out options you would like applied to your personal data. Prophet system administrators will manually apply the appropriate control measures to any records that contain your personal information.
In addition, to opting out of how your information is used for marketing purposes, you have the right to request that your data be forgotten (known as the right of erasure), and removed in the following circumstances:
- when your personal data is no longer necessary to achieve the purposes for which it is collected or processed
- when you have withdrawn your consent
- where you object to the processing of your personal data
- where consent is provided by a child who is not fully aware of the risks involved by the processing, and later wants to remove such personal data, especially on the internet
- where the processing of personal data does not otherwise comply with the GDPR
The right to erasure does not apply where personal data is necessary for compliance with legal or regulatory requirements, legal claims, if the data is required for the good of public health or public interest, or if the data is needed for scientific or historical archival purposes. To exercise your right to be forgotten, contact us at email@example.com and we will respond to your request as quickly as possible. Prophet system administrators will manually remove your personal data where possible and contact you when the data has been successfully removed. Prophet is required to comply with your request unless the data is impossible to remove or requires a disproportionate cost or effort to remove, in which case Prophet will respond with information concerning where your data could and could not be removed.
Under the Privacy Shield Program, organizations do not have to obtain express consent (opt-in) with respect to sensitive data under the following processing conditions – If the data processing is in the vital interest of the data subject or another person, if it is necessary for the establishment of legal claims or defenses, if it is required to provide medical care or diagnosis, if the data processing is carried out in the course of legitimate activities by a foundation, association or any other non-profit body with a political, philosophical, religious or trade-union aim and on condition that the processing relates solely to the members of the body or to the persons who have regular contact with it in connection with its purposes and that the data are not disclosed to a third party without the consent of the data subjects, if it is necessary to carry out an organization’s obligations in the field of employment law, or if it is related to data that has been made public by the individual.
Accountability for Onward Transfer of Personal Data
Prophet will not transfer personal information originating in the EU or Switzerland to third parties unless such third parties have entered into an agreement in writing that requires them to provide at least the same level of privacy protection to your personal information as required by the Principles of the EU-US Privacy Shield Framework or the Swiss-US Privacy Shield Framework. Prophet only transfers data to agents or third-party service providers who have a legitimate need to the information in order to provide services on behalf of Prophet. Prophet will be liable for these data transfers to third parties.
Prophet is committed to protecting the personal information that it collects and stores, and we have implemented technical, operational, and administrative security measures to prevent the loss, misuse, disclosure, alteration, theft, or destruction of such information.
Data Integrity and Purpose Limitation
Prophet only collects and retains personal information that is relevant to the purposes for which it is collected. Personal information will not be used in a way that is incompatible with such purposes, unless such use as been explicitly authorized by you. Prophet will take reasonable steps to preserve the integrity of your personal information and to ensure that it is reliable for its intended use, accurate, complete, and current. Prophet may contact you to verify that the data we have is accurate and current.
Per Privacy Shield Supplemental Principle 2, personal information that is gathered for publication, broadcast, or other forms of public communication of journalistic material, whether used or not, as well as information found in previously published material disseminated from media archives, is not subject to the requirements of the Privacy Shield Principles.
You have the right to access and correct your personal information data that is used by Prophet. You can correct, amend, or request that information is deleted if it is inaccurate or has been processed in violation of the Privacy Shield Principles. The only exception to an access request for personal information is where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated. To confirm that Prophet has personal data relating to you, or to make any other access or correction requests, contact us at firstname.lastname@example.org or call us at +1 415 677 0909. Prophet Employees may request and review their personal information by emailing email@example.com.
Recourse, Enforcement and Liability
In compliance with the Privacy Shield Principles, Prophet commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Prophet at: firstname.lastname@example.org or call us at +1 415 677 0909.
If you are not satisfied with Prophet’s response to your complaint, we will provide an additional recourse mechanism at no cost to you. Prophet cooperates and complies with the EU data protection authorities (DPAs) under the EU-U.S. Privacy Shield Framework, and with the Swiss Federal Data Protection and Information Commissioner (FDPIC) under the Swiss-U.S. Privacy Shield Framework and complies with the advice given by such authorities with regard to human resources and non-human resources data transferred from the EU and Switzerland. Contact information for the EU DPA and the Swiss Federal Data Protection Information Commissioner are as follows:
European Data Protection Supervisor
Swiss Federal Data Protection and Information Commissioner
Verantwortliche Person Adrian Lobsiger
Adresse Feldeggweg 1, 3003 Bern
Telefonnummer +41 (0)58 462 43 95 (Mo. bis Fr., 10.00 bis 12.00 Uhr)
Additional lists of more specific DPAs by country, city or region can be found here- http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm and here- https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/links/data-protection—switzerland.html.
Under certain conditions, if you are not satisfied with the recourse mechanisms provide by Prophet or Prophet’s compliance with the Privacy Shield Principles, you may be able to invoke binding arbitration to address your complaint.
Regarding onward transfers of personal data, Prophet is responsible for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. Prophet shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless Prophet proves that it is not responsible for the event giving rise to the damage.
Right to Change Policy
Prophet Employee Policy Adherence and Enforcement
It is the responsibility of all Prophet employees to read and adhere to this policy, and by signing this policy each employee agrees to abide by its contents. Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.