*Effective June 26, 2018
Buchanan is an information technologies services corporation headquartered in the United States. It has two wholly-owned subsidiaries: Buchanan Technologies Ltd., an Ontario corporation, and Buchanan Technologies Europe EAD, a Bulgarian company. The Buchanan Companies (as defined below) share some databases, technological systems, business processes, and management structure, which may result in the transfer of some information across borders. In addition, Buchanan, by itself or through its subsidiaries, may provide customer services that involve the Processing of Personal Data (as such terms are defined below), and such Processing may also result in the transfer of some information across borders.
With respect to the collection, use, and retention of Personal Data (as defined below) received from the European Union (“EU”) in the United States (“US”), Buchanan is committed to, participate in, relies upon, and complies with the EU-U.S. Privacy Shield Framework (the “Framework”) as set forth by the U.S. Department of Commerce. To that end, Buchanan has certified to the U.S. Department of Commerce that Buchanan adheres to the Privacy Shield Principles of Notice; Choice; Accountability for Onward Transfer; Security; Data Integrity; Access, and Recourse, Enforcement; and Liability (hereinafter, the “Principles”). If there is conflict between the Policy and the Principles, the Principles shall govern. To learn more about the Privacy Shield Program, and to view our certification, please visit www.privacyshield.gov.
For the purposes of the Framework, Buchanan is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
This Policy applies to all Personal Data (as defined below) described in this Policy that is collected and transferred by or on behalf of Buchanan Technologies Europe EAD, or its customers, prospects, partners, vendors, or suppliers from countries in the EU to Buchanan in the U.S. This Policy also addresses the collection and use of Personal Data gathered in connection with the Site.
Capitalized terms are defined as set out below, or as otherwise defined throughout this Policy.
“Agent” means a third party that acts or performs on behalf of Buchanan.
“Buchanan Company” means any of Buchanan, Buchanan Technologies Ltd., or Buchanan Technologies Europe EAD, individually, and “Buchanan Companies” means Buchanan, Buchanan Technologies Ltd., or Buchanan Technologies Europe EAD, collectively.
“Business Contact Data” means Personal Data pertaining to or provided by current and prospective customers, partners, vendors, or suppliers of any Buchanan Company.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
“HR Data” means Personal Data from Buchanan’s EU subsidiary pertaining to its prospective, current, and former employees, consultants, contractors, and job applicants.
“Individual” means a natural person in the EU.
“Personal Data” means information that personally identifies, or may be used to personally identify, an Individual, whether by such information alone or in combination with other information.
“Processing” means the performance of any operation or set of operations whether or not by automated means, such as collection, recording, organization, structuring, storage, keeping, adaptation or alteration, updating, retrieval, consultation, use, disclosure by transmission, disclosure, dissemination or otherwise making available, alignment or combination, blocking, restriction, erasure, or destruction.
“Sensitive Data” means Personal Data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or information specifying the sex life of an individual.
“Site” means www.buchanan.com and its related webpages.
Typically, we collect and receive two types of Personal Data: Business Contact Data and HR Data. When we receive such Personal Data, we will use and disclose it only in accordance with the notices provided and the choices, as applicable, made by the Individual to whom such Personal Data relates.
We must disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We do not sell, lease, or rent Personal Data to third parties.
Typically, Business Contact Data consists of names, business titles, and contact information, such as email addresses, telephone numbers, fax numbers, and business and mailing addresses. Business Contact Data may also consist of certain identification information, such as a user ID or code, and may include information related to, as applicable, service requests, including location and equipment. Business Contact Data is collected when such Data is voluntarily provided to us by an individual or in connection with a potential or existing business relationship. We collect, Process, and use Business Contact Data for the following purposes: (1) the provision of services and products, (2) fulfilling our business or contractual obligations to our customers, (3) contract and billing administration, (4) marketing and sales, (5) partner and supply chain management, (6) legal compliance, (7) protecting and defending our rights and property, and (8) other related business activities of which an Individual is informed when their Business Contact Data is collected or as soon as practical thereafter. We may also disclose or transfer Business Contact Data to our employees, agents, suppliers, vendors, and partners for such purposes.
Typically, HR Data consists of name, title, contact information, addresses, telephone numbers, fax numbers, email addresses, personal, employee, and/or tax identification number(s), job descriptions, performance evaluations, resume, qualifications, accolades, disciplinary actions, salary history and information, picture/photo, and Sensitive Data that may relate to an employee’s health or other sensitive matters, such as information pertaining to an employee’s dependents and family members. Buchanan collects, uses, and Processes HR Data only for the following purposes: (1) determining, evaluating, and implementing employment-related actions and obligations; (2) recruiting and hiring job applicants; (3) performing background checks and verifying references; (4) assessing qualifications; (5) designing, evaluating, and administering compensation, benefits, payroll, training, and other human resource programs; (6) development and training programs; (7) monitoring and evaluating employee conduct and performance; (8) implementing security programs and policies; (9) maintaining facility and employee security, health, and safety; (10) maintaining a global directory; (11) other general human resources purposes, including but not limited to team-building; (12) collecting and conducting accounting, auditing, and financial transactions and analyses; (13) collecting and storing information in compliance with contractual and legal obligations; (14) carrying out obligation under employment contracts, and employment, tax, and benefits laws, in connection with working relationships or arrangements; (15) facilitating business communications, negotiations, and transactions, including but not limited to employee communications and employee surveys; (16) fulfilling our business or contractual obligations; (17) managing and operating any Buchanan Company(ies) and its/their functions and activities; (18) cooperating with law enforcement and other governmental agencies; and (19) the purposes stated in the Business Contact Data paragraph above.
EU employees are notified in detail regarding how their HR Data will be Processed and used at the time of their employment. Before using an EU employee’s HR Data for any purpose other than described above, affirmative consent from such employee will be obtained. Such consent may be declined or withdrawn at any time; provided, however, that HR Data will be retained in the manner and for the time-periods required under applicable laws and regulations.
HR Data may be accessed by other employees of any Buchanan Company only as necessary for legitimate human resources or business functions or issues. HR Data will be disclosed to third parties only as follows: (1) to customers, vendors, suppliers, and partners as required to facilitate the operations, management, and business of the Buchanan Companies; (2) to those retained by Buchanan as Agents for the purposes set forth in the paragraph above, including but not limited to, professional advisors such as accountants and lawyers, (3) as required pursuant to an applicable law, governmental or judicial order, or regulation, or to protect the rights or property of Buchanan, (4) as authorized in writing by the EU employee, and (5) where such Data is voluntarily provided by an EU employee in a context that makes it clear that such information will be provided to a third party.
EU employees may, for legitimate HR purposes, disclose Personal Data about their family members. In this event, such Personal Data shall be treated in accordance with this Policy as though such Data is HR Data.
Where HR Data is transferred to the U.S. from the EU in the context of an employment relationship, Buchanan will cooperate with investigations by and comply with the advice of the appropriate EU authorities, as applicable.
Data Provided by an Individual in Connection with the Site
Generally, an Individual can browse the Site without personally identifying themselves. However, an Individual may choose to provide us with Personal Data by completing a web form that requests any Personal Data; accessing our systems, platforms, and networks; requesting or registering to receive information from us; participating in correspondence or live chats with our representatives; participating in interactive features on the Site; choosing to share a page from the Site through one of our platforms; registering to use social media in conjunction with the Site; entering a contest or promotion sponsored by us; signing up for offerings that are co-sponsored between us and third-parties; reporting any problems or issues with the Site; contacting us; completing our surveys; or otherwise generally submitting Personal Data to us in connection to the Website. We will use your Personal Data only in accordance with the terms of this Policy.
Buchanan offers each Individual the opportunity to choose whether their Personal Data is (i) to be disclosed for the first time to a third party; or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the Individual. To exercise their choice, an Individual must first email Buchanan at Privacy@buchanan.com, with the subject line CHOICE REGARDING PERSONAL DATA.
Please note, however, that Buchanan will not provide a “choice” when disclosure is made to an Agent, provided that Buchanan has entered into a contract with such Agent.
For Sensitive Data, Buchanan will request and obtain express consent, otherwise known as an “opt in,” from an Individual if such information is to be (i) disclosed to a non-Agent third party; or (ii) used for a purpose other than those for which it was originally collected or subsequently authorized by the individual through the exercise of opt-in choice. In addition, Buchanan will treat as Sensitive Data any Personal Data received from a third party, where the third party identifies and treats such Personal Data as sensitive.
To transfer Personal Data to a third party acting as a Controller, Buchanan will comply with the Notice and Choice Principles. Buchanan will not transfer Personal Data to any third party Controller without entering into a contract with the same that provides that (i) Personal Data may be Processed only for limited and specified purposes consistent with the consent provided by the individual to whom such Personal Data pertains; (ii) the recipient will provide the same level of protection as the Principles; (iii) the recipient will notify us if it determines that it can no longer provide such level of protection; and (iv) if such a determination is made, the third party controller shall cease Processing or take other reasonable and appropriate steps to remediate.
To transfer Personal Data to a third party acting as an Agent, Buchanan will: (i) transfer such Personal Data only for limited and specified purposes; (ii) ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Principles; (iii) take reasonable and appropriate steps to ensure that the agent effectively Processes the Personal Data transferred in a manner consistent with our obligations under the Principles; (iv) require the agent to notify us if the agent makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles; (v) upon notice, take reasonable and appropriate steps to stop and remediate unauthorized Processing; and (vi) provide a summary or a representative copy of the relevant privacy provisions of Buchanan’s contract with the applicable agent to the U.S. Department of Commerce upon request.
Buchanan will take reasonable and appropriate measures to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into due account the risks involved in the Processing and the nature of the Personal Data.
Buchanan will limit its collection and Processing of Personal Data to only that which is relevant for the purposes set out in the “Notice” section above. Furthermore, we will not Process Personal Data in a way that is incompatible with the purpose(s) for which it has been collected or subsequently authorized by an Individual. We will also take reasonable steps to ensure that Personal Data is reliable for its intended use, accurate, complete, and current, and will adhere to the Principles for as long as Buchanan retains such Personal Data.
Once we’ve collected or Processed Personal Data, we will retain it only for so long as it serves a purpose set out in the “Notice” section above; provided, that, we may retain and Process, subject to the Principles and the EU-U.S. Privacy Shield Framework, Personal Data for longer periods as may be (i) permitted or required by applicable law or (ii) reasonable to serve the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research, and statistical analysis.
An Individual may access his or her Personal Data held by Buchanan and correct, amend, or delete such Personal Data where it is inaccurate or has been Processed in violation of the Principles, except where the burden or expense of providing access would be disproportionate to the risks to the Individual’s privacy in the case in question, or where the rights of persons other than the Individual would be violated.
If you are an Individual and you wish to confirm, correct, amend, or delete your Personal Data, please contact us at Privacy@Buchanan.com.
In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of Personal Data. Individuals with inquiries or complaints regarding this Policy should first contact Buchanan by:
- emailing us at Privacy@buchanan.com, or
- calling (972) 869-3966 and requesting to speak to the Compliance Officer.
We will respond to any inquiry or complaint within 45 days of receipt.
There are readily available independent recourse mechanisms to investigate and expeditiously resolve disputes and complaints if a timely acknowledgment of a complaint is not received from us, or if we have not resolved a complaint. The proper independent recourse mechanism to use depends upon the type of Personal Data at issue:
Business Contact Data
With regard to unresolved Privacy Shield Complaints regarding Business Contact Data, Buchanan has committed to refer those to the American Arbitration Association (AAA)’s International Centre for Dispute Resolution®/AAA Program (the “ICDR/AAA Program”), an alternative dispute resolution provider located in the United States. If timely acknowledgment of a complaint is not received from us, or if we have not resolved a complaint, please contact or visit http://go.adr.org/privacyshield.html for more information or to file a complaint.
The services of ICDR/AAA are provided at no cost to you and by reference to the Principals. Damages may be awarded in accordance with applicable law or private-sector initiatives.
Individuals have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any other Privacy Shield mechanisms. Please visit Annex I for additional information: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
With regard to unresolved Privacy Shield complaints regarding HR Data transferred from the EU in the context of the employment relationship, Buchanan has committed to cooperate with the dispute resolution procedures and the panel established by the EU Data Protection Authorities (DPAs), and to comply with the advice given by the panel.
Buchanan is committed to providing mechanisms for assuring compliance with the Principles. We have procedures to verify that the attestations and assertions we make about our privacy practices are true, and that our privacy practices have been implemented as presented. We routinely perform self-assessments, and may utilize outside assessments, to review our compliance with the Principles.
In cases of onward transfers to third parties, Buchanan has responsibility for the Processing of Personal Data we receive under the Privacy Shield and subsequently transfer to a third party acting as an agent on our behalf. Buchanan shall remain liable under the Principles if its agent Processes such personal information in a manner that is inconsistent with the Principles, unless Buchanan proves that it is not responsible for the event giving rise to the damage.
Cookies are small data files that are written onto an individual computer by a website that stay there unless they expire or are removed. In general, they allow for recognition and make visiting and using a website easier and more efficient. Cookies cannot read data off of a hard drive or read cookie files created by other websites.
Cookies may be “persistent” or “session,” and “first-party” or “third-party.” A persistent cookie remains on a computer or mobile device when it is offline. A session cookie is deleted as soon as a web browser is closed. A first-party cookie is served by the entity that operates the website one is visiting. A third-party cookie is served by an entity other than that which operates the website one is visiting.
All types of cookies are used on the Site. We partner with third-party analytics providers, such as AdWords, AdRoll, and Google Analytics, which set cookies when the is visited Site to assist us in understanding our Site visitors, measuring and optimizing the effectiveness of the Site and marketing efforts, advertising, and identifying areas for improvement.
For questions related to the privacy practices and policies of AdWords, AdRoll, or Google Analytics, please refer to their privacy guidelines, notices, policies, and restrictions, which are available at their websites (as applicable). Note that Google has additional information available about its Remarketing Privacy Guidelines, Policies, and Restrictions.
Pixels are very small graphics that are loaded when a user visits a website or opens an email. They collect browser and device usage, and can set cookies.
Hubspot is a marketing optimization platform that utilized to market services through the website or via email campaigns. Hubspot is utilized as an online subscription service allowing the Site to build marketing webpages on Hubspot servers. These pages are then utilized for visitors to learn more about the company, download content, and provide their contact information and other demographic information. This information, which is stored and managed on the service providers’ servers, is then used so that the visitors can be contacted about their interest in the Buchanan Companies’ goods or services and interact with us. Information provided may be used by any of the Buchanan Companies and/or HubSpot for marketing and lead generation purposes.
In addition to cookies, as with most websites, our Site gathers certain information automatically and stores it in log files. This information includes Internet Protocol (IP) addresses, traffic data, usage patterns, browser types, Internet Service Providers (ISPs), referring/exit pages, operating systems, date/time stamps, movements around the Site, other actions taken while visiting the Site, communications data, and whether an email or link sent by a Buchanan Company has been opened.
We may use local storage. Local storage enables data to be stored in a user’s computer or browser, which then reads such data upon the user’s return. It includes HTML5 local storage and browser cache.
We use these technologies to estimate and evaluate the audience size and usage patterns related to the Site, store and recall information about a visitor’s preferences, speed up searches, authenticate access to and secure various areas of the Site, recognize a computer when the Site is revisited, track responses to our surveys, and conduct marketing and advertising. Ultimately, these uses enable us to compile aggregate data about Site traffic and use, which then allows us to offer better, faster, and safer experiences and content. We may link data collected via these technologies to Personal Data for any of the uses described in this paragraph.
A visitor can manage the above-described uses in several ways.
- A web browser usually can be configured to provide notice when a new cookie is received, or to clear or decline cookies. Consult the browser‘s official web pages to learn more. Note that disabling the creation of cookies or refusing to accept them may prevent the use of features on the Site, the storage of preferences related to the Site, and the proper function of the Site.
- Install https://tools.google.com/dlpage/gaoptout/ to prevent user data from being used by Google Analytics.
- To opt out of Hubspot, please utilize the opt-out feature within the e-mail.
- For information on how our advertising partners allow opt out for receiving ads based on web browsing history, please visit any of the following:
- Network Advertising Initiative (NAI) – http://optout.networkadvertising.org/
- Digital Advertising Alliance (DAA) – http://optout.aboutads.info/
- Digital Advertising Alliance Canada (DAAC) – http://youradchoices.ca/choices
- Digital Advertising Alliance EU (EDAA) – http://www.youronlinechoices.com/
- DAA AppChoices page – http://www.aboutads.info/appchoices
- Personalization can be turned off with the click of a button on Twitter, Linked-In, and on Google’s Ad Settings dashboard. On Facebook, ads can be opted out of based on an individual’s use of websites and apps.
- Check your mobile device for settings that control ads based on your interactions with the applications on your device.
We reserve the right to amend this Policy at any time and for any reason, including, but not limited to, to address changes or modifications in applicable law(s), the EU-U.S. Privacy Shield Framework, or our business procedures. In the event of any change to this Policy, we will post the revised Policy, with the revision date, to this webpage.
ATTN: Privacy Team
1026 Texan Trail, Ste. 200
Grapevine, Texas 70651
Phone: (972) 869-3966
ATTN: Compliance Officer-US
3450 North Rock Road
Building 700, Suite 705
Wichita, KS 67226
Toll Free: (888) 730-2774
ATTN: Compliance Officer-EU
18 Tododr Alexandrov Blvd.
Sofia, Bulgaria 1000
Phone:+359 2 9556414
*For faster response times, please contact us via email or telephone.