Get paid up to $18,750 for your referral to ExtensisHR!   Start Referral Close

ONLINE PRIVACY POLICY

ExtensisHR, Extensis Group LLC; Extensis, Inc.; Extensis II, Inc.; Extensis III, Inc.; Extensis IV, Inc.; Extensis HRO, LLC; Extensis VI, LLC; Extensis VIII, Inc.; Extensis IX, LLC; and Extensis Holding, LLC. (the “Company” or “we”) has developed this privacy policy out of respect for the privacy of our website visitors. This policy describes the personal data we collect, use, and disclose about EU residents who visit or interact with this website, visit any of our offices, stores, facilities, or locations, purchase or inquire about any of our products or services, contract with us to provide services, apply for a position of employment, or otherwise interact or do business with us.

This policy does not apply to our current and former employees and their family members, dependents, and beneficiaries, independent contractors or job applicants. (Please see the ExtensisHR Employee Privacy Notice by emailing PrivacyPolicy@ExtensisHR.com). This statement also does not apply to information collected on third-party sites or by any third-party application that may link to or be accessible from the website.

PARTICIPATION IN DATA PRIVACY FRAMEWORK PROGRAM

ExtensisHR is committed to the DPF Principles all personal data received from the European Union and, as applicable the United Kingdom (and Gibraltar), and/or Switzerland in reliance on the relevant part(s) of the DPF program and complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce.  ExtensisHR has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit Data privacy framework website.

What data do we collect?

Our Company collects the following data:

  • Personal Identification Information (Name and alias)
  • Contact Information (Home, postal or mailing address, email address, home phone number, cell phone number)
  • Commercial Transactional Data (Information regarding products or services provided, purchasing history)
  • Internet Network and Computer Activity (Date and time of your website visit; webpages visited; links clicked on the website; browser ID; browser type; device ID; operating system; form information downloaded; domain name from which our site was accessed; search history; cookies; internet or other electronic network activity information related to usage of Company networks, servers, intranet, or shared drives, as well as Company-owned computers and electronic devices, including system and file access logs, security clearance level, browsing history, search history, and usage history).
  • Mobile Device Data (Information collected when you navigate, access, or use any of our websites via mobile device, including device type, software type; data identifying your device if you access our business networks and systems, including cell phone make, model, and serial number, cell phone number, and cell phone provider).

How do we collect your data?

You directly provide our Company with most of the data we collect. We collect data and process data when:

  • You register online or place an order for any of our products or services.
  • You voluntarily complete a customer survey or provide feedback on any of our message boards or via email.
  • You use or view our website via your browser’s cookies.
  • When you visit the website and voluntarily submit information through forms on the website or social media, when you visit any of our stores or physical locations, when you purchase or inquire about any of our products or services, when you utilize the Chat feature on the website, when you enter into a contract to perform services for us, or when you apply for a position of employment

Our Company may also receive your data indirectly from the following sources:

  • Surveillance cameras at our physical locations
  • Lead generators and referral sources
  • Credit and consumer reporting agencies
  • Company systems, networks, software applications, and databases you log into or use in the course of interacting with our website, or otherwise interacting with us in any other capacity
  • Third party customer databases

If you fail to provide personal data

  • Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

How will we use your data?

Our Company collects your data for the following purposes:

  • To fulfill or meet the purpose for which you provided the information.
  • In response to lawful requests by public authorities, including to meet national security or law enforcement requirements
  • To process and submit financing applications, including to apply for credit, or credit pre-qualification.
  • To process, complete, and maintain records on transactions.
  • To provide warranty coverage on products and services.
  • To retain your selection for Text opt in/opt out to ensure customers who opted out are not sent any text messages.
  • To provide and communicate recall notifications to customers.
  • To schedule, manage and keep track of customer appointments.
  • To complete appraisals.
  • To maintain records of when customers decline a service or sale.
  • To respond to consumer inquiries, including requests for information, customer support online, Chat on the website, phone calls, and in-store inquiries.
  • To provide interest-based and targeted advertising.
  • To contact you by email, telephone calls, mail, SMS, or other equivalent forms of communication regarding updates or informative communications related to the functionalities, services, or other information you requested or asked the Company to provide to you.
  • To improve user experience on our website.
  • To understand the demographics of our website visitors.
  • To detect security incidents.
  • To debug, identify, and repair errors that impair existing intended functionality of our website.
  • To protect against malicious or illegal activity and prosecute those responsible.
  • To verify and respond to consumer requests.
  • To prevent identity theft.

We will disclose your personal data the following categories of third parties in order to provide services on our behalf or to comply with our legal obligations:

  • Financial institutions
  • Government agencies
  • Promotional or other fulfilment vendors
  • Marketing support vendors and vendors that support managing or hosting the website and the Chat function on the website
  • Communication providers/vendors that facilitate, manage, and send/receive communications on our behalf via email, text/SMS, or phone.
  • Transaction support vendors (e.g., check guaranty, payment processors)
  • Data analytics vendors
  • Social media platforms
  • Consumer reporting agencies or credit reporting agencies
  • Security and risk management vendors, including IT, cybersecurity, and privacy vendors and consultants
  • Corporate customers (meaning an entity, as opposed to a natural person, that purchases, leases, or finances any of our products or services)
  • Original equipment manufacturers (OEM) (suppliers and makers of the products we sell or lease to our customers)

Such parties only have access to the personal data needed to perform these functions and may not use or store the information for any other purpose. Subscribers or site visitors will never receive unsolicited e-mail messages from vendors working on our behalf.

ExtensisHR shall comply with the requirement to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We will disclose your personal data the following categories of third parties in order to provide services on our behalf or to comply with our legal obligations:

  • Financial institutions
  • Government agencies
  • Promotional or other fulfilment vendors
  • Marketing support vendors and vendors that support managing or hosting the website and the Chat function on the website
  • Communication providers/vendors that facilitate, manage, and send/receive communications on our behalf via email, text/SMS, or phone.
  • Transaction support vendors (e.g., check guaranty, payment processors)
  • Data analytics vendors
  • Social media platforms
  • Consumer reporting agencies or credit reporting agencies
  • Security and risk management vendors, including IT, cybersecurity, and privacy vendors and consultants
  • Corporate customers (meaning an entity, as opposed to a natural person, that purchases, leases, or finances any of our products or services)
  • Original equipment manufacturers (OEM) (suppliers and makers of the products we sell or lease to our customers)

Such parties only have access to the personal data needed to perform these functions and may not use or store the information for any other purpose. Subscribers or site visitors will never receive unsolicited e-mail messages from vendors working on our behalf. 

What are the legal bases for processing?

We process your personal data based on the following legal grounds:

  • Legal Obligation: Processing is necessary for compliance with a legal obligation to which ExtensisHR is subject.
  • Legitimate Interests: Processing is necessary for the legitimate interests of ExtensisHR, such as ensuring workplace safety and operational efficiency.
  • Consent: In specific situations, we may process your data based on your explicit consent.

What Does Each Legal Basis Mean?

  • Legal Obligation: Processing may be necessary for compliance with a legal obligation to which the data controller is subject, this legal basis covers situations where processing is required to fulfill legal obligations imposed by EU or member state law.
  • Legitimate Interests: Processing your data is in our legitimate interest, provided those interests are not outweighed by your rights and interests. In each case, these legitimate interests are only valid if they are not outweighed by your rights and interests.
  • Consent: You have given clear consent for you to process your personal data for a specific purpose. Consent can be managed any time using the email unsubscribe link available in all marketing communications, by emailing us at PrivacyPolicy@extensishr.com through our Data Subject Request Form,  or by contacting us through the phone or mailing address in the Any Questions of Concerns? section of this statement.

How do we store your data?

Our Company securely stores your data keep automatically collected data and voluntarily collected data separate at all times, we use internal encryption on all data stores that house voluntarily captured data, we use commercially reasonable tools and techniques to protect against unauthorized access to our systems and we restrict access to private information to those who need such access in the course of their duties for us.

  • Our Company will keep your Personal Identification Information for the duration of our relationship with you plus four years.
  • Our Company will keep your Contact Information for the duration of our relationship with you plus four years.
  • Our Company will keep your Commercial Transactional Data for four years after transaction, unless necessary to maintain for a longer period for product warranty, or OSHA / FDA / other regulatory compliance.
  • Our Company will keep your Credit/Financing Application Data for four years.
  • Our Company will keep your Internet Network and Computer Activity Data for three years.
  • Our Company will keep your Mobile Device Data for three years.
  • Our Company will keep your Visual, Audio, or Video Recordings for the duration of our relationship with you plus four years.
  • Our Company will keep your Facility & Systems Access Information for three years.

Once this time period has expired, we will delete your data by the following procedure:

  • Identification of Expired Data
    • ExtensisHR identifies the data that has reached the end of its retention period by employing a data management systems to track the age and retention status of data.
  • Verification
    • Before deletion, ExtensisHR verifies that the data is no longer needed for any legal, regulatory, or business purposes.
  • Authorization
    • The deletion of data requires authorization from ExtensisHR’s Cyber Security Compliance Committee to ensure that the deletion process is intentional and appropriately documented.
  • Data Deletion
    • Once the data is identified and verified for deletion, the actual deletion process can begin. There are several methods for data deletion:
    • Soft Deletion: The data is marked as deleted in the system but not physically removed. This can allow for recovery if the deletion was a mistake but does not fully secure the data.
    • Hard Deletion: The data is permanently removed from all active storage locations. This method ensures the data is no longer accessible.
    • Overwriting: For additional security, especially with sensitive data, companies might overwrite the data with random values multiple times to ensure it cannot be recovered.
    • Physical Destruction: For data stored on physical media (like hard drives), the company may physically destroy the media to prevent any possibility of data recovery.
    • Confirmation After the deletion process, ExtensisHR performs checks to confirm that the data has been successfully and completely removed. This might involve audits or system checks to ensure compliance with the deletion policies.
  • Documentation
    • Record Keeping: ExtensHR’s Cyber Security Compliance Committee maintains records of the deletion process, including what data was deleted, when it was deleted, and who authorized the deletion to demonstrate compliance with legal and regulatory requirements.
  • Updating Data Inventories
    • ExtensisHR’s data inventory systems are updated to reflect the deletion, ensuring that the records are accurate and up-to-date.
  • Monitoring and Review
    • Companies may have periodic reviews and monitoring processes in place to ensure that data deletion practices remain effective and compliant with evolving regulations and internal policies.

Legal and Regulatory Considerations

The entire data deletion process is designed to comply with relevant data protection laws and regulations, such as the General Data Protection Regulation (GDPR) in the European Union, the California Consumer Privacy Act (CCPA) in the United States, and other local privacy laws. These laws often have specific requirements for how and when data should be deleted, and companies must follow these regulations to avoid legal penalties.

Accountability of Onward Transfer Principle

In order to provide our services, we may need to transfer your personal data to locations outside the EEA for the purposes set out in this policy. This may entail a transfer of your information from either a location within the European Economic Area (the “EEA”) outside the EEA, or from outside the EEA to a location within the EEA.

The level of information protection in countries outside the EEA may be less than that offered within the EEA. Where this is the case, we will implement appropriate measures to ensure that your personal data remains protected and secure in accordance with applicable data protection laws. ExtensisHR participates in and complies with the EU-U.S. Data Privacy Framework.

In the context of an onward transfer, ExtensisHR has responsibility for the processing of personal data it receives under the DPF Principles and subsequently transfers to a third party acting as an agent on its behalf.  ExtensisHR shall remain liable under the DPF Principles if its agent processes such personal data in a manner inconsistent with the DPF Principles, unless the ExtensisHR proves that it is not responsible for the event giving rise to the damage.

What are Cookies?

Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.

For further information, visit allaboutcookies.org.

  • What types of cookies do we use? There are a number of different types of cookies, however, our website uses:
    • Functionality – Our Company uses these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in. A mix of first-party and third-party cookies are used.
    • Advertising – Our Company uses these cookies to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device, and your IP address. Our Company sometimes shares some limited aspects of this data with third parties for advertising purposes. We may also share online data collected through cookies with our advertising partners. This means that when you visit another website, you may be shown advertising based on your browsing patterns on our website
    • Necessary – These trackers are used for activities that are strictly necessary to operate or deliver the service you requested from us and, therefore, do not require you to consent.
    • Experience – These trackers help us to improve the quality of your user experience and enable interactions with external content, networks and platforms.
    • Measurement – These trackers help us to measure traffic and analyze your behavior to improve our service.
    • Marketing – These trackers help us to deliver personalized ads or marketing content to you, and to measure their performance.
  • How to manage cookies
    • You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.
    • Privacy policies of other websites
    • The Our Company website contains links to other websites. Our privacy policy applies only to our website, so if you click on a link to another website, you should read their privacy policy.

What are your Data Protection Rights?

Our Company would like to make sure you are fully aware of all of your data protection rights. Every EU Resident is entitled to the following:

  1. Access: You have the right to request access to your personal data and obtain information about how it is processed.
  2. Rectification: You have the right to request the correction of inaccurate or incomplete personal data.
  3. Erasure: You have the right to request the deletion of your personal data under certain conditions.
  4. Restriction: You have the right to request the restriction of processing of your personal data under certain conditions.
  5. Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and transmit it to another controller.
  6. Objection: You have the right to object to the processing of your personal data under certain conditions.
  7. Withdraw Consent: Where processing is based on consent, you have the right to withdraw your consent at any time.
  8. Right to Lodge a Complaint. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact the your local EU data protection authority:
    1. http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.html.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us (please also see the “Any Questions or Concerns” section at the end of the policy)

Email: privacypolicy@extensishr.com

Mail: ExtensisHR 900 Route 9 North 4th Floor, Woodbridge, New Jersey 07095

Phone: 888-473-6398

Data Privacy Framework (DPF)

  • Extensis Group, LLC complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce.
  • ExtensisHR has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF.
  • Under the Data Privacy Framework, ExtensisHR is responsible for the processing of personal data we receive and subsequently transfer to a third party acting for or on our behalf, and ExtensisHR is liable for ensuring that the third parties we engage support our DPF commitments.
  • To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Data Privacy Framework Inquiries & Complaints

  • In compliance with the EU-U.S. DPF, ExtensisHR commits to resolve DPF Principles-related complaints about our collection and use of your personal data. Individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF should first contact the ExtensisHR Privacy Team at:  PrivacyPolicy@ExtensisHR.com

Dispute Resolution

  • ExtensisHR has further committed to refer unresolved Data Privacy Framework complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit: https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint.  The services of JAMS are provided at no cost to you.

Binding Arbitration

  • If your dispute or complaint can’t be resolved by us, nor through the recourse mechanism described in the Dispute Resolution section of this Privacy Policy, you may have the right to require that we enter into binding arbitration with you under the DPF’s “Recourse, Enforcement and Liability Principle” and Annex I of the DPF. For additional information, please visit: https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction

Oversight

  • The U.S. Federal Trade Commission has regulatory enforcement authority and jurisdiction over ExtensisHR’s compliance with compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
  • If you are a resident of the European Economic Area or United Kingdom, you may also have the right to lodge a complaint with a data protection regulator in one or more of the European Economic Area member states or the United Kingdom.

Enforcement Powers of the Federal Trade Commission

  • The Federal Trade Commission has jurisdiction over ExtensisHR’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

Choice, Access, Correction and Deletion under DPF

  • All individuals covered under the EU-U.S DPF can contact ExtensisHR about accessing, correcting, changing, deleting, or updating personal information through email at PrivacyPolicy@ExtensisHR.com or by mail at ExtensisHR Route 900 North 4th Floor Woodbridge New Jersey 07095, United States.
  • If we process your personal data, you may have the right to request access to (or to update, correct, or delete) such personal data. If we have received your personal data in reliance on the EU-U.S. DPF, you may also have the right to opt out of having your personal data shared with third parties and to revoke your consent to our sharing your personal data with third parties. You may also have the right to opt out if your personal data is used for any purpose that is materially different from the purpose(s) for which it was originally collected or which you subsequently authorized.
  • To submit these requests or raise any other questions, please contact us by using the information above. After confirming your identity, we will take action to fulfill your choices, provide the information to you, or complete your request to correct, amend, or delete the personal information we hold about you.
  • You can also take direction action to modify your choices and consent:
  • You can also take direction action to modify your choices and consent:
    1. Cookie Consent – as noted above, you can manage your cookie preferences through the Cookie Consent Module or by activating your browser settings.
    2. Removal from Marketing Email Communication – if you would like to opt-out of receiving marketing emails from ExtensisHR, you may unsubscribe from receiving all marketing email communications by emailing us at PrivacyPolicy@ExtensisHR.com or clicking the Unsubscribe link at the bottom of all email.
    3. Data Subject Request Form – you may also reach out to us through our Data Subject Request Form

Changes to our Privacy Policy

  • As our services evolve and we perceive the need or desirability of using information collected in other ways, we may from time to time amend this Privacy Policy. We encourage you to check our website frequently to see the current Privacy Policy in effect and any changes that may have been made to them. If we make material changes to this Privacy Policy, we will post the revised Privacy Policy and the revised effective date on this website. Please check back here periodically or contact us at the address listed at the end of this Privacy Policy.

Any Questions or Concerns?

This website is owned and operated by ExtensisHR If you have any general questions about this Privacy Policy, please contact us at PrivacyPolicy@extensishr.com or call 888-473-6398.

Data Controller

Further, ExtensisHR is the data controller responsible for your personal data. For any specific queries or concerns regarding your personal data, you can contact:

  • Email: privacypolicy@extensishr.com
  • Mail: ExtensisHR, Attn: Joseph Catapano, Chief Information Officer, 900 Route 9 North 4th Floor Woodbridge New Jersey 07095
  • Phone: 848-291-1840

EU Local Representatives

Pursuant to Article 27 of the General Data Protection Regulation (GDPR), ExtensisHR has appointed European Data Protection Office (EDPO) as its GDPR Representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR:

-by using EDPO’s online request form: https://edpo.com/gdpr-data-request/

-by writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium

How to contact the appropriate authority:

Should you wish to report a complaint or if you feel that Our Company has not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office.

  1. http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.html.

**This policy was last updated July 9, 2024.