Global Privacy Policy

Scope of this Policy

ExtensisHR, Extensis Group LLC; Extensis, Inc.; Extensis II, Inc.; Extensis III, Inc.; Extensis IV, Inc.; Extensis HRO, LLC; Extensis VI, LLC; Extensis VIII, Inc.; Extensis IX, LLC; and Extensis Holding, LLC (“ExtensisHR;” the “Company,” “our,” “us,” or “we”) has developed this privacy policy out of respect for the privacy of our customers, visitors to our website, job applicants, and independent contractors. This policy describes the personal information we collect, use, and disclose about individual consumers, applicants, and contractors who visit or interact with this website, visit any of our offices, stores, facilities, or locations, purchase or inquire about any of our products or services, contract with us to provide services, apply for a position of employment, or otherwise interact or do business with us.

This privacy policy applies to any personal information that we may process of individuals residing in the European Economic Area (EEA) (collectively, “Designated Countries”). When we offer goods and services to, or otherwise process personal information about, individuals in the EEA, we are subject to the EU General Data Protection Regulation (EU GDPR). Whenever you visit our website, we will collect some information from you automatically simply by you visiting and navigating through this site, and some voluntarily when you submit information using a form on the website, utilize the Live Chat feature on our website, type text in the Search bar to search the website, enroll in or subscribe to our newsletter or marketing communications, request information, or use any of the other interactive portions of our website. Through this website, we will collect information that can identify you and/or your activity.

Additionally, whenever you communicate, interact, or do business with us, we will be collecting personal information from you or about you in the course of our interaction or dealings with you, whether online or at any of our physical locations or facilities.

The meaning of “personal information” may be defined based on your country or state of residence: in this policy, it means any information that can reasonably be used to identify an individual.

For the purposes of the GDPR and other applicable privacy laws, ExtensisHR is a data controller (a “Controller”) in relation to the personal data of the representatives of our members, partners, vendors and website visitors. In relation to the processing of the personal data of our members’ employees in connection with services provided, ExtensisHR is a data processor (a “Processor”). Therefore, when processing our members’ employees, we are doing so on behalf of our members who are Controllers of such data, and such processing is governed by agreements with our members.

This policy does not apply to our current and former employees and their family members, dependents, and beneficiaries. If you are a California resident (who is a current or former employee of the Company or a family member, dependent, or beneficiary of any of our current or former employees), you may request access to our Employee Privacy Policy by sending an email to PrivacyPolicy@ExtensisHR.com.

This policy likewise does not apply to information collected from or about any current or former worksite employees of our customers (or the family members, dependents, and beneficiaries of such worksite employees) where the Company provides professional employer organization (PEO) services to the customer. If you are a current or former worksite employee of any of our customers or a family member, dependent, or beneficiary of such worksite employee, you may request access to our Worksite Employee Privacy Policy by sending an email to PrivacyPolicy@extensishr.com.

Consent to Terms and Conditions

By using this website, you consent to all terms and conditions expressed in this Privacy Policy. You also consent to the collection and processing of your Sensitive Personal Information. 

Participation in Data Privacy Framework Program

ExtensisHR complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce. ExtensisHR has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Consent to Share Personal Information When Using Chat Function

By using the Live Chat feature, you consent to our collection and analysis of all personal information provided. The Live Chat feature does not use any chatbot or artificial intelligence technology. Rather, each chat takes place with a live representative of the Company. We utilize a vendor called Drift.com and (“Chat Vendors”) to process, analyze, and store the contents of the chat on our behalf. The Chat Vendor “will not sell this data or share it besides back to the Company or another vendor engaged to assist in the services provided to the Company. The Chat Vendors will not use or disclose this data for any purpose other than providing services to the Company. For more information on how the Chat Vendors may use or disclose your personal information, please review their privacy policy Drift.com Privacy Policy and By using these forms and features, you direct the Company to disclose to and share with the Chat Vendors any personal information you provide. You cannot use the Live Chat feature without consenting to these terms and to the disclosure of your personal information to the Chat Vendor. If you do not consent to such disclosure, please do NOT use the Live Chat feature.

Collection of Personal Information and Sensitive Personal Information

Based on your specific transactions and interactions with us or our website, we will or may collect, and we have in the last 12 months collected, the following categories of personal information from or about you. For each category of information, the categories of third parties and service providers to whom we have disclosed the information in the last 12 months are detailed in the chart below. The examples provided for each category are not intended to be an exhaustive list or an indication of all specific pieces of information we collect from or about you in each category, but rather the examples are to provide you a meaningful understanding of the types of information that may be collected within each category.

What Sensitive Personal Information We Collect

Of the above categories of personal information, the following are categories of sensitive personal information the Company may collect from or about consumers, independent contractors, or job applicants:

1. Personal Identifiers (social security number, driver’s license or state identification card number, passport number)
2. Account Information (your Company account log-in, in combination with any required security or access code, password, or credentials allowing access to the account)
3. Protected Classifications (racial or ethnic origin, religious or philosophical beliefs, union membership, or sexual orientation)

Personal information does not include:

• Publicly available information from government records.
• Information that a business has a reasonable basis to believe is lawfully made available to the general public by the consumer, independent contractor, or applicant, or from widely distributed media.
• Information made available by a person to whom the consumer, independent contractor, or applicant has disclosed the information if the consumer, independent contractor, or applicant has not restricted the information to a specific audience.
• Deidentified or aggregated information.

Sources of Personal Information

We may collect your personal information from the following sources:

• You the consumer, independent contractor, or job applicant, when you visit the website and voluntarily submit information through forms on the website or social media, when you visit any of our stores or physical locations, when you purchase or inquire about any of our products or services, when you utilize the Chat feature on the website, when you enter into a contract to perform services for us, or when you apply for a position of employment
• Our employees, contractors, vendors, suppliers, guests, visitors, other consumers, and customers based on your interactions with them (if any)
• We utilize cookies to automatically collect information about our website visitors
• Surveillance cameras at our physical locations
• Lead generators and referral sources
• Credit and consumer reporting agencies
• HR support vendors
• Social media platforms
• Career sites or platforms like LinkedIn, Indeed, and JazzHR
• Company-issued computers, electronic devices, and vehicles
• Company systems, networks, software applications, and databases you log into or use
• Company systems, networks, software applications, and databases you log into or use in the course of applying for a position with the Company, interacting with our website, or otherwise interacting with us in any other capacity, including from vendors the Company engages to manage or host such systems, networks, applications or databases
• Personal references and former employers (if you are a job applicant)
• Schools, universities, or other educational institutions which you attended (if you are a job applicant)
• From friends, family, or colleagues who choose to email you job postings that they think you may be interested in from our application platform or careers page
• Third party customer databases

To Whom We Disclose Personal Information

ExtensisHR shall comply with the requirement to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

We may disclose, sell, or share your personal information to/with the following categories of service providers, contractors, or third parties:

• Financial institutions
• Government agencies
• Promotional or other fulfilment vendors
• Marketing support vendors and vendors that support managing or hosting the website and the Chat function on the website
• Communication providers/vendors that facilitate, manage, and send/receive communications on our behalf via email, text/SMS, or phone.
• Lead providers (referral sources)
• Transaction support vendors (e.g., check guaranty, payment processors)
• Data analytics vendors
• Consumer reporting agencies or credit reporting agencies
• Recruiting firms, and/or staffing agencies
• Talent acquisition management systems, and other vendors providing services for purposes of our human resources information system (HRIS) and management of job applicant data and recruiting process
• Consulting and investigation firms, including HR consultants, safety consultants, and workplace investigators
• Security and risk management vendors, including IT, cybersecurity, and privacy vendors and consultants
• Insurance carriers, administrators, and brokers
• Corporate customers (meaning an entity, as opposed to a natural person, that purchases, leases, or finances any of our products or services)
• Our affiliates, including parent entities, subsidiaries, and affiliated entities

Legal Bases and Reasons Why We Collect, Use, Retain, and Disclose Personal Information

We process your personal information in accordance with applicable law and standards. When required by applicable law, we process your personal information only to the extent that we have a legal basis to do so. This may include one or more of the following:

1. When it is necessary for compliance with a legal obligation.
2. When it is necessary for the performance of a contract.
3. When we have obtained your prior consent
4. When it is necessary to protect your vital interests.
5. When it is necessary for the purposes of a legitimate interest that is not overridden by your interests, fundamental rights, or freedoms.

We may collect and disclose your personal information for any of the following business purposes:

1. To fulfill or meet the purpose for which you provided the information, or a purpose reasonably associated with the context in which you provided the information and consistent with reasonable consumer expectations
2. To provide you or our customers with the requested products or services.
3. To process and submit financing applications, including to apply for credit, or credit pre-qualification.
4. To process, complete, and maintain records on transactions.
5. To provide warranty coverage on products and services.
6. To retain your selection for Text opt in/opt out to ensure customers who opted out are not sent any text messages.
7. To provide and communicate recall notifications to customers.
8. To schedule, manage and keep track of customer appointments.
9. To complete appraisals.
10. To maintain records of when customers decline a service or sale.
11. To respond to consumer inquiries, including requests for information, customer support online, Chat on the website, phone calls, and in-store inquiries.
12. To provide interest-based and targeted advertising.
13. To comply with our contractual obligations to our marketing partners and vendors.
14. To engage in corporate transactions, including mergers, acquisitions, and joint ventures, as well as due diligence in proposed or pending corporate transactions.
15. To contact you by email, telephone calls, mail, SMS, or other equivalent forms of communication regarding updates or informative communications related to the functionalities, services, or other information you requested or asked the Company to provide to you.
16. To improve user experience on our website.
17. To understand the demographics of our website visitors.
18. To detect and investigate physical and cyber security incidents.
19. To debug, identify, and repair errors that impair existing intended functionality of our website.
20. To protect against malicious or illegal activity and prosecute those responsible.
21. To verify and respond to consumer requests under applicable privacy laws.
22. To prevent identity theft.
23. JOB APPLICANT PURPOSES:
    • To fulfill or meet the purpose for which you provided the information. For example, if you share your name and contact information to apply for a job with the Company, we will use that Personal Information in connection with your candidacy for employment.
    • To comply with local, state, and federal law and regulations requiring employers to maintain certain records, as well as local, state, and federal law, regulations, ordinances, guidelines, and orders relating to infectious diseases, pandemics, outbreaks, and public health emergencies, including applicable reporting requirements.
    • To evaluate your job application and candidacy for employment.
    • To obtain and verify background check and references.
    • To communicate with you regarding your candidacy for employment.
    • To permit you to create a job applicant profile, which you can use for filling out future applications if you do not get the job you are apply for.
    • To keep your application on file even if you did not get the job applied for, in case there is another position for which we want to consider you as a candidate even if you do not formally apply.
    • To evaluate and improve our recruiting methods and strategies.
    • To engage in lawful monitoring of job applicant activities and communications when they are on Company premises, or utilizing Company internet and WiFi connections, computers, networks, devices, software applications or systems.
    • To engage in corporate transactions requiring review or disclosure of job applicant records subject to non-disclosure agreements, such as for evaluating potential mergers and acquisitions of the Company.
    • To evaluate, assess, and manage the Company’s business relationship with vendors, service providers, and contractors that provide services to the Company related to recruiting or processing of data from or about job applicants.
    • To improve job applicant experience on Company computers, networks, devices, software applications or systems, and to debug, identify, and repair errors that impair existing intended functionality of our systems.
    • To reduce the risk of spreading infectious diseases in or through the workplace.
24. INDEPENDENT CONTRACTOR AND BUSINESS-TO-BUSINESS PURPOSES:
    • To fulfill or meet the purpose for which you provided the information.
    • To comply with state and federal law and regulations requiring businesses to maintain certain records (accident or safety records, and tax records/1099 forms).
    • To engage the services of independent contractors and compensate them for services.
    • To evaluate, make, and communicate decisions regarding an independent contractor, including decisions to hire and/or terminate.
    • To grant independent contractors access to secure Company facilities, systems, networks, computers, and equipment, and maintain information on who accessed such facilities, systems, networks, computers, and equipment, and what they did therein or thereon.
    • To implement, monitor, and manage electronic security measures on independent contractor devices that are used to access Company networks and systems.
    • To evaluate, assess, and manage the Company’s business relationship with vendors, service providers, and contractors that provide services to the Company.
    • To improve user experience on Company computers, networks, devices, software applications or systems, and to debug, identify, and repair errors that impair existing intended functionality of our systems.
    • To reduce the risk of spreading infectious diseases in or through the workplace.

Special Category Data

ExtensisHR will only process personal data fairly and lawfully and for specified purposes. The Company will only process special categories of personal data and criminal convictions data where we have a lawful basis for processing and one of the specific conditions relating to special categories of personal data or criminal convictions data applies.

Pursuant to Article 9 of the GDPR, “special category data” is information concerning an individual’s:

1. Racial or ethnic origin
2. Political opinions
3. Religious beliefs or other beliefs of a similar nature
4. Membership of a trade union
5. Physical or mental health or condition
6. Sexual life or orientation
7. Commission or alleged commission of any offence or any proceedings for any offence committed alleged to have been committed by them, the disposal of such proceedings, or the sentence of any court in such proceedings

Do We Sell Your Information?

We do NOT and will not sell or share your personal information in exchange for monetary consideration. However, we may sell or share some of your information to third parties for other valuable consideration, as noted in the table above.

We may sell or share your personal information for the following business or commercial purposes:

1. To receive data analytics and to understand the demographics of our website visitors
2. To provide interest-based and targeted advertising

Other than these exceptions, we do not and will not disclose your personal information to any third party in exchange for monetary or other valuable consideration or share your personal information for cross-context behavioral advertising.

Notice of Right of California, Nebraska, and Texas Residents to Opt-Out of the Selling and Sharing of Your Information and Certain Profiling Activities

While we do not sell or share your personal information in exchange for money, we may sell or share your personal information for other valuable consideration. You have the right to tell us NOT to sell or share your personal information, and to opt out of certain profiling activities. You have the full and free right to opt-out of our disclosure of your personal information to any third parties where the disclosure constitutes “selling” or “sharing” as defined by the California Privacy Rights Act, the Texas Data Privacy and Security Act, and the Nebraska Data Privacy Act. You may exercise your right to opt-out without fear of discrimination for doing so. To opt-out of our selling or sharing of your information, meaning, we will not disclose your information to third parties for any monetary or other valuable consideration, you can do any of the following:

• Click ExtensisHR: Exercise Your Privacy Rights. to be taken to an online opt-out submission form.
• Visit ExtensisHR’s website at: www.extensishr.com. Click on “Your Privacy Choices” to be taken to a consent preferences interface.
• You can use a Global Privacy Controls (GPC) signal. ExtensisHR will process opt-out preferences from GPC signals, which are in formats commonly used and recognized by businesses, such as an HTTP field header, as requests to opt-out of sale or sharing. The GPC signal opt-out will only apply to the browser you are using on your device; it will not apply to other browsers and/or devices to which GPCs are not activated or to offline sales.
• If you are unable to submit an opt-out through any of the above methods, please call our toll-free privacy line at 732-602-3763 for assistance and a representative will assist in meeting your needs.

You can have an authorized agent submit a request on your behalf. To submit an opt-out through use of an authorized agent, you must provide that agent with written permission signed by you to submit an opt-out on your behalf, except when using an opt-out preference signal. The authorized agent may call our toll-free privacy line at 732-602-3763 to make the opt-out request and for directions for submitting the proof of authorization and the authorized agent’s proof of identification to the Company. We maintain the right to deny any request from an authorized agent that does not submit sufficient proof that they have been authorized by you to act on your behalf.

A request to opt-out need not be a verifiable consumer request. However, we may deny a request to opt-out if we have a good faith, reasonable, and documented belief that a request to opt-out is fraudulent. If we deny your request to opt-out, we shall inform you of our decision not to comply and provide an explanation as to why we believe the request is fraudulent.

Opt-Out Preference Signals

Opt-out preference signals provide consumers with a simple and easy-to-use method by which to exercise the right to opt-out of the selling and sharing of their information. Global Privacy Controls (GPC) is a user-enabled opt-out preference signal which can communicate a user’s “Do Not Sell or Share” request on behalf of the person or device. We will process opt-out preferences from GPC signals which are in formats commonly used and recognized by businesses, such as an HTTP field header. We will treat a consumer’s use of GPCs as a valid request to opt-out of the selling and sharing of information for that browser. We currently do not connect browser use to particular consumers and, as such, you will need to use GPCs on all browsers in which you access our website and use our opt-out form to opt-out of offline sales.

Do Not Track (DNT) is a privacy preference that users can set if they do not want web services to collect information about their online activity. We do not respond to DNT signals or other mechanisms (with the exception of GPCs) that provide a choice regarding the collection of personal information about activities over time and across different websites or online services. We encourage users who have DNTs to use GPCs.

We do NOT and will not use or disclose your sensitive personal information for any purposes that give rise to a right to limit the use or disclosure of  your sensitive personal information under the California Consumer Privacy Act (CCPA).

Retention of Personal Information

We will retain each category of personal information in accordance with our established data retention policy and practice. In deciding how long to retain each category of personal information that we collect, we consider many criteria, including but not limited to the business purposes for which the Personal Information was collected; relevant federal, state and local recordkeeping laws; applicable statute of limitations for claims to which the information may be relevant; and legal preservation of evidence obligations.

We apply our data retention procedures on an annual basis to determine if the business purposes for collecting the personal information, and legal reasons for retaining the personal information, have both expired. If so, we will purge the information in a secure manner.

Third Party Vendors

We may use other companies (known as sub-processors) to perform certain functions on our behalf. Examples include administering e-mail services and running special promotions. Such parties only have access to the personal information needed to perform these functions and may not use or store the information for any other purpose.

Accountability of Onward Transfer Principle

In the context of an onward transfer, ExtensisHR has responsibility for the processing of personal information it receives under the DPF Principles and subsequently transfers to a third party acting as an agent on its behalf.  ExtensisHR shall remain liable under the DPF Principles if its agent processes such personal information in a manner inconsistent with the DPF Principles, unless the ExtensisHR proves that it is not responsible for the event giving rise to the damage.

Business Transfers

In the event wesell or transfer a particular portion of our business assets, information of consumers, contractors and applicants may be one of the business assets transferred as part of the transaction. If substantially all of our assets are acquired, information of consumers, contractors and applicants may be transferred as part of the acquisition.

Consent to Use of AI Technology

Certain Company services and website features may be supported by third party vendors that utilize AI technology. When utilizing the ExtensisHR AI Chat Bot After Hours our AI vendor(s) Krista Software Inc. may record and transcribe information and may access the information in real-time and use the information for their own purposes, including to train their AI model. By using the ExtensisHR AI Chat Bot After Hours you consent to the collection and analysis of any personal information provided. If you do not consent to such use and disclosure, please do NOT use the ExtensisHR AI Chat Bot After Hours. For more information on how Krista Software Inc. may use or disclose personal information, please review their privacy policy Krista.AI Privacy Policy.

Compliance with Law and Safety

We may disclose specific personal and/or sensitive personal information based on a good faith belief that such disclosure is necessary to comply with or conform to the law or that such disclosure is necessary to protect our employees or the public.

Use of Cookies, Pixels, and Other Tracking Technologies

Our website may store or retrieve information on your browser, mostly in the form of cookies. A cookie is a small piece of data (text file) that a website – when visited by a user – places on the user’s device to remember information about the user, such as the user’s language preference or login information.

This type of cookie is set by us and is referred to as a “first-party cookies.” Our website uses first-party cookies primarily to make the website work as you expect it to. For example, we use the information we collect through first-party cookies to allow you to navigate between pages efficiently, analyze how well our website is performing, and understand the content that you spent the most time reviewing. In some cases, we use first-party cookies to store information that we use for targeted advertising.

We also incorporate cookies and similar technologies, such as pixels, tags, and web beacons, from outside our website’s domain (“third-party cookies”). Third-party cookies gather information to enable our vendors to provide a range of services to us, including targeted advertising and measuring the success of our advertising campaigns.

Below is a detailed list of the categories of first- and third-party cookies we use on our website. You can prevent the collection of data by non-essential performance, functional, and marketing cookies by clicking on ExtensisHR: PEO and HR Outsourcing Solutions in our website footer and toggling off the related functionality.

How we use cookies

We make use of cookies under the following circumstances and for the following reasons:

• Provide you with services available through the website and to enable you to use some of its features
• Authenticate users and prevent fraudulent use of user accounts
• Identify if users have accepted the use of cookies on the website
• Compile data about website traffic and how users use the website to offer a better website experience
• Understand and save visitor preferences for future visits, such as remembering your login details or language preference, to provide you with a more personal experience, or to avoid you having to re-enter your preferences every time you use the website
• Track your browsing habits to enable us to show advertising which is more likely to be of interest to you, including advertising by third parties on our website

Essential Cookies  

Essential cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but blocking these cookies will prevent the website from working correctly or might prevent the Website from working at all.

Non-Essential Cookies

Non-Essential cookies are not essential to the website functionality but serve some other unique purpose in three subcategories:

1. “Performance” cookies (sometimes referred to as static cookies) collect information about the user’s behavior on the website without collecting personal information, for example:

• Pages the user visits.
• Ads the user views.
• Ads or site features that the user clicks.

2. “Functional” cookies (sometimes called preference cookies) track and remember the user’s preferences and past choices on the website to provide a personalized user experience. For example, functional cookies can collect:

• Usernames
• Passwords
• Regions

3. “Targeting” cookies (sometimes called preference cookies) can track:

• Content the user views
• Links the user follows
• The user’s browser and device information and IP address

Please note: Organizations can use targeting cookies to track and influence users by building user profiles or displaying advertisements.

Information on Some of the Cookies in Use on our Site

For information on some of the cookies we use on our site and apps, please review the policies from some of our vendors:

• Google Analytics
• Meta/Facebook
• 6Sense
• AccessiBe
• Calendly
• CrazyEgg
• Drift
• G2
• Infinigrow
• LinkedIn
• Mutiny
• Pardot

Cookie Management

You can control and manage cookies associated with your browser. If you are interested in controlling and managing cookies from your browser including any set by our Website, please refer to http://www.allaboutcookies.org/manage-cookies/index.html for information on different ways to configure your browser’s cookie settings.

If you want to clear all cookies left behind by the websites you have visited, here are links where you can download three third party programs that clean out tracking cookies.

• http://www.lavasoftusa.com/products/ad-aware_se_personal.php
• http://www.spybot.info/en/download/index.html
• http://www.webroot.com/consumer/products/spysweeper/

You may delete cookies from your web browser at any time or block cookies on your equipment, but this may affect the functioning of or even block the website. You can prevent saving of cookies (disable and delete them) by changing your browser settings accordingly at any time. It is possible that some functions will not be available on our website when use of cookies is deactivated. Check the settings of your browser. Below you can find some guidance:

• Safari
• Opera
• Internet Explorer
• Google Chrome
• Mozilla

Do Not Track (DNT) is a privacy preference that users can set if they do not want web services to collect information about their online activity. We do not respond to DNT signals.

You can adjust your advertising preferences on mobile devices through your device settings. Below you can find some guidance based on your type of mobile device:

• Apple
• Android

DAA and NAI

Many advertising companies that collect information for interest-based advertising are members of the Digital Advertising Alliance (DAA) or the Network Advertising Initiative (NAI), both of which maintain self-regulatory programs along with websites where people can opt out of interest-based advertising from their members. To opt-out of website interest-based advertising provided by each organization’s respective participating companies, visit the DAA’s opt-out portal available at http://optout.aboutads.info/, or visit the NAI’s opt-out portal available at http://optout.networkadvertising.org/?c=1.

• To opt-out of data collection for interest-based advertising across mobile applications by participating companies, download the DAA’s AppChoices mobile application opt-out offering found here: https://youradchoices.com/appchoices.

Non-Participant Opt-Out Options

• Some of our vendors do not participate in the DAA or NAI self-regulatory programs for online behavioral advertising or have developed their own processes for allowing consumers to opt-out: https://branch.app.link/optout
• Some devices and apps do not have access to web-based browser cookie opt-outs. To learn more about the advertising opt-outs provided by your mobile device’s operating system (like iOS and Android) or the device manufacture, click here.

External Links

Our website contains links to other sites. We are not responsible for the privacy practices or the content of such websites. To help ensure the protection of your privacy, we recommend that you review the Privacy Policy of any site you visit via a link from our website.

Passwords

The personal data record created through your registration with our website can only be accessed with the unique password associated with that record. To protect the integrity of the information contained in this record, you should not disclose or otherwise reveal your password to third parties.

Children Under the Age of 16

We do not knowingly collect or sell personal information of children under 13. For users aged 13 to 16, we require opt-in consent before selling or sharing personal information. Parental consent is required for users under 13, and we verify such requests through documented authorization.

How We Protect the Information that We Collect

The protection of the information that we collect about visitors to our websites is of the utmost importance to us and we take every reasonable measure to ensure that protection, including:

• We keep automatically collected data and voluntarily collected data separate at all times.
• We use internal encryption on all data stores that house voluntarily captured data.
• We use commercially reasonable tools and techniques to protect against unauthorized access to our systems.
• We restrict access to private information to those who need such access in the course of their duties for us.

Consumer Rights

Based on your U.S. state of residence, you may have some or all of the following rights:

1. Right to Know. The right to request, up to 2 times in a 12-month period, that we identify to you (1) the categories of personal information we have collected about you, (2) the categories of sources from which the personal information was collected, (3) the business or commercial purpose for collecting, selling, or sharing this information, (4) the categories of third parties with whom we share or have shared your personal information, (5) the categories of personal information that we have sold or shared about you and the categories of third parties to whom the personal information was sold or shared, by category or categories of personal information for each category of third parties to whom the personal information was sold or shared, and (6) the categories of personal information that we have disclosed about you for a business purpose and the categories of persons to whom it was disclosed for a business purpose;
2. Right to Access. The right to request, up to 2 times in a 12-month period, that we disclose to you, free of charge, the specific pieces of personal information we have collected from or about you;
3. Right to Delete. The right to request, up to 2 times in a 12-month period, that we delete personal information that we collected from you, subject to certain exceptions;
4. Right to Correct. The right to request that we correct inaccurate personal information (to the extent such an inaccuracy exists) that we maintain about you;
5. Right to Opt-Out. The right to opt-out of the selling or sharing of your personal information to third parties;
6. Right to Limit. The right to limit the use or disclosure of your sensitive personal information;
7. The right to designate an authorized agent to submit one of the above requests on your behalf. See below for how you can designate an authorized agent; and
8. The right to not be discriminated or retaliated against for exercising any of the above rights.
9. The right to appeal our refusal to take action on a request. 

You can submit any of the above types of consumer requests through any of the options below:

1. Submit an online request on our website at ExtensisHR: Exercise Your Privacy Rights.
2. Call our privacy toll-free line at 732-602-3763

How We Will Verify That it is Really You Submitting the Request

When you submit a Right to Know, Right to Access, Right to Delete, or Right to Correct request through one of the methods provided above, we will ask you to provide some information in order to verify your identity and respond to your request. Specifically, we will ask you to verify information that can be used to link your identity to particular records in our possession, which depends on the nature of your relationship and interaction with us.

Responding to Your Right to Know, Right to Access, Right to Delete, and Right to Correct Requests

Upon receiving a verifiable request , we will confirm receipt of the request no later than 10 business days after receiving it. We endeavor to respond to a verifiable request within 45 calendar days of its receipt. If we require more time (up to an additional 45 calendar days, or 90 calendar days total from the date we receive your request), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

For a request to correct inaccurate personal information, we will accept, review, and consider any documentation that you provide, and we may require that you provide documentation to rebut our own documentation that the personal information is accurate. You should make a good-faith effort to provide us with all necessarily information at the time that you make the request to correct. We may deny a request to correct if we have a good-faith, reasonable, and documented belief that a request to correct is fraudulent or abusive. If we deny your request to correct, we shall inform you of our decision not to comply and provide an explanation as to why we cannot comply with a request, if applicable.

Responding to Your Request to Opt-Out of the Selling or Sharing of Your Personal Information

We will act upon a consumer request to opt-out within 15 days of its receipt. We will notify all third parties to whom we have sold or shared personal information of your request and instruct them to comply with the request within the same time frame. We will notify you when this has been completed by mail or electronically, at your option.

A request to opt-out need not be a verifiable consumer request. However, we may deny a request to opt-out if we have a good faith, reasonable, and documented belief that a request to opt-out is fraudulent. If we deny your request to opt-out, we shall inform you of our decision not to comply and provide an explanation as to why we believe the request is fraudulent.

If You Have an Authorized Agent:

You may be able to authorize someone else as an authorized agent who can submit a request on your behalf. To do so, you must either: (a) execute a valid, verifiable, and notarized power of attorney; or (b) provide other written, signed authorization that we can then verify. When we receive a request submitted on your behalf by an authorized agent who does not have a power of attorney, that person will be asked to provide written proof that they have your permission to act on your behalf, and we will also contact you and ask you for information to verify your own identity directly with us and not through your authorized agent. We may deny a request from an authorized agent if the agent does not provide your signed permission demonstrating that they have been authorized by you to act on your behalf.

Appeal of Our Decision Regarding Your Request

For residents of certain states, in the event we refuse to act in response to your request, we will provide you with information regarding our appeal process. We will inform you in writing of any action taken or not taken in response to an appeal within a reasonable time after receipt of your appeal, including our written explanation of the reason or reasons for our decision. If we deny your appeal, we will provide you with information regarding the online mechanism by which you may contact your State Attorney General to submit a complaint.

Other California Privacy Rights

The California Civil Code permits California residents with whom we have an established business relationship to request that we provide you with a list of certain categories of personal information that we have disclosed to third parties for their direct marketing purposes during the preceding calendar year. To make such a request, please send an email PrivacyPolicy@extensishr.com, or write to us at the address listed below. Please mention that you are making a “California Shine the Light” inquiry.

Data Subject Rights

Individuals located in the Designated Countries, whose Personal Data we process (also referred to as “Data Subjects”), have the following rights with regard to their Personal Data. Below is an outline of these rights and how they may be exercised.

1. Right to be Informed. The right to know or be notified about the collection and use of your personal data. Such information has been provided by the Company in the main body of the Privacy Policy and in this Addendum, as they are amended from time to time.
2. Right to Access. The right to request and receive a copy of your personal data that the Company processes. Additionally, you are entitled to obtain a confirmation from us about how your personal data is being processed, including details such as: (1) whether, where, and by whom your personal data are being processed; (2) the specific purposes for the processing; (3) the categories of personal data being processed; (4) the categories of recipients with whom the data may be shared; (5) the periods for which the data will be stored or the criteria used to determine that period; (6) the source of the data, if it was not directly collected from you; and (7) information about the existence of any automated decision-making processes, including an explanation of the logic involved and whether it has a significant effect on you.
3. Right to Data Portability. The right to receive the personal data you provided to us, in a structured, commonly used, and machine-readable format and transmit that data to a third party, in certain situations.
4. Right to Rectification. The right to require us to correct any mistakes in your personal data.
5. Right to be Forgotten. The right to require us to delete your personal data, in certain situations.
6. Right to Restriction of Processing. The right to require us to restrict processing of your personal data, in certain circumstances, e.g., if you contest the accuracy of the data.
7. Right to Object. The right to object:
   • At any time to your personal data being processed for direct marketing (including profiling)
   • In certain other situations to our continued processing of your personal data, e.g., processing carried out for our legitimate interests.
8. Right to Withdraw Consent. The right to withdraw consent at any time where our processing is solely based on your specific consent. Such withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.
9. Right Not to be Subject to Automated Individual Decision-Making. The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.

Data Subject Access Requests

The Company will fulfill your individual rights requests for correction (or rectification), erasure or restriction of processing, we will notify third parties also handling the relevant personal information unless this proves impossible or involves disproportionate effort. Upon your request, we will identify such third parties. If you wish to exercise any of the rights detailed above, email us at PrivacyPolicy@extensishr.com.

If we receive a request from you to exercise your rights, the Company has the right to have you take reasonable steps to confirm your identity, including your residency within the EU. The Company is not obligated to, and will not, provide any individualized information or give effect to data subject rights unless the Company can reasonably confirm your identity.

The Company is required to give effect to your rights of access, rectification, erasure, and the right to object free of charge. However, the Company may charge a reasonable fee for repetitive requests, unfounded or excessive requests, or further copies beyond the initial copy provided.

Filing a Complaint

In compliance with the EU-U.S. DPF, ExtensisHR commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF in the context of the employment relationship.

If you believe that your rights have been infringed by the Company, you have the right to ask the Company to remedy the situation. If you believe you have not received an adequate response from the Company, you may file a complaint with the relevant DPA (either the DPA for the EU Member State in which you live or work or the Member State in which the alleged infringement occurred).

• EU Data Subjects: If you are based in the EU, you have the right to lodge a complaint with the relevant supervisory authority, details of which are on the European Data Protection Board website, depending on the country in which you are based. A list of DPAs for member states is available here: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080 

International Data Transfers

The Company is located in the United States of America.  Therefore, any Personal Data we collect will be collected and stored in the U.S.  For individuals that are in the Designated Countries, this means that their Personal Data will be stored in a jurisdiction that offers a level of protection that may, in certain instances, be less protective of their Personal Data than the jurisdiction the User is typically resident in.  Please note that the Company uses safeguards designed to protect the privacy and integrity of such Personal Data, including adhering to the Standard Contractual Clauses under Article 46.2 of the GDPR.  Please contact us if you wish to obtain information concerning safeguards we employ when transferring Personal Data outside of the Designated Countries.

Data Transfers Outside of the Designated Countries

To the limited extent that it is necessary to transfer Personal Data outside of the Designated Countries, we will ensure appropriate safeguards are in place to protect the privacy and integrity of such Personal Data, including Standard Contractual Clauses under Article 46.2 of the GDPR. Please contact us if you wish to obtain information concerning such safeguards.

Automated Decision Making

ExtensisHR does not engage in Automated Decision making or use your data in this capacity.

Data Privacy Framework (DPF)

ExtensisHR has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF.

Under the Data Privacy Framework, ExtensisHR is responsible for the processing of personal information we receive and subsequently transfer to a third party acting for or on our behalf, and ExtensisHR is liable for ensuring that the third parties we engage support our DPF commitments.

To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the EU-U.S. DPF, ExtensisHR commits to resolve DPF Principles-related complaints about our collection and use of your personal information. Individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF should first contact the ExtensisHR Privacy Team at: PrivacyPolicy@extensishr.com

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, have the right to lodge a complaint. Please contact the data protection regulator in the applicable European Economic Area member state or the United Kingdom, as outlined below.

UK and EEA Data Subjects: Lodging a Complaint with the Data Protection Authority

If you are located in the EEA, you have the right to lodge a complaint with the relevant supervisory authority, details of which are on the European Data Protection Board website, depending on the country in which you are based. A list of DPAs for member states is available here: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080

If you are based in the UK and you have concerns about our handling of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (www.ico.org.uk), which is the UK’s supervisory authority for data protection issues.

ExtensisHR commits to cooperating and complying with the advice of the appropriate Data Protection Authority (DPA) with regard to the investigation and resolution of complaints brought under the DPF concerning our handling of human resources data received in reliance on the DPF in the context of the employment relationship – the EU DPAs under the EU-U.S. DPF.

Investigatory and Enforcement Powers of the Federal Trade Commission

The Federal Trade Commission has jurisdiction over Extensis HR’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

Alternative Dispute Resolution Provider

In compliance with the EU-U.S. DPF, ExtensisHR commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, JAMS, an alternative dispute resolution provider based in the United States, the European Union, the United Kingdom, and Switzerland.  If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint.  The services of JAMS are provided at no cost to you.

Binding Arbitration

An individual has the possibility, under certain conditions outlined in ANNEX-I-introduction DPF Mechanisms to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms.

Accountability for Onward Transfer Principle

ExtensisHR adheres to the Accountability for Onward Transfer Principle, ensuring compliance with the Notice and Choice Principles when transferring personal information to third parties acting as controllers. We accept liability for the processing of personal information received under the DPF Principles and subsequently transferred to agents on our behalf. ExtensisHR remains accountable if such agents process personal information inconsistently with the DPF Principles, unless it is proven that ExtensisHR is not responsible for the event giving rise to the damage.

Notice, Choice, and Access under DPF

In accordance with the Notice and Choice Principles, ExtensisHR does not use personal data collected through the employment relationship for non-employment-related purposes; any change to this practice would be prefaced by the requisite choice before doing so and authorized by the individual.

All uses, including disclosures to third parties processing data on ExtensisHR’s behalf, are compatible with the purposes for which the personal data has been collected. ExtensisHR also makes all reasonable efforts to accommodate employee privacy preferences, such as restricting access to the personal data.

In accordance with the Principle on Access, we comply with all local regulations and ensure that EU employees have access to such information as is required by law in their home countries, regardless of the location of data processing and storage.

Changes to Our Privacy Policy

As our services evolve and we perceive the need or desirability of using information collected in other ways, we may from time to time amend this Privacy Policy. We encourage you to check our website frequently to see the current Privacy Policy in effect and any changes that may have been made to them. If we make material changes to this Privacy Policy, we will post the revised Privacy Policy and the revised effective date on this website. Please check back here periodically or contact us at the address listed at the end of this Privacy Policy.

Data Security

We have appropriate security measures in place to prevent personal data from being accidentally lost or used or accessed in an unauthorized way. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Consumers With Disabilities

This Privacy Policy is accessible to individuals with disabilities. It is compatible with screen readers and available in alternative formats upon request. Please contact us at PrivacyPolicy@extensishr.com for assistance or to request an alternative format.

Questions About the Policy

This website is owned and operated by ExtensisHR If you have any questions about this Privacy Policy, please contact us at PrivacyPolicy@extensishr.com or call 732-602-3763

**This policy was last updated October 14, 2025.