Park Evaluations Privacy and Data Protection Policy and Notice
Last Updated: January 23, 2020
Park Firm LLC, doing business as Park Evaluations, (“Park“, “we, “our” or the “Company“, and their cognates) respects the privacy of its customers and visa applicants, and is committed to protecting the personal information you may share with us. We also protect the privacy of our customers’ employees, as well as our website visitors, site visitors, followers, vendors, service providers, partners and others who come in contact with Park (these and any others with respect to whom we collect personal data, shall collectively be referred to as “Customers” or “you” or “Data Subjects”).
Park provides foreign credential evaluations and associated visa application services (the “Services”) on behalf of our Customers to their own customers who wish to apply for a Visa to work or study, or continue to work or study, in the US (“Visa Applicants”).
1. WHICH INFORMATION DO WE COLLECT?
Summary: We collect both personal data which can identify individuals, and non-personal data. We collect personal data about visa applicants, our customers, our website users, our visitors, our employees and job candidates, and service providers.
We collect data about you in connection with your transactions with us, or in processing data for our customers.
One type of data is non-identifiable and anonymous information (“non-personal data”). We also collect several categories of personal data, also sometimes called Personally Identifiable Information or “PII” “Personal Data“).
We elaborate here on two categories of Personal Data we collect from, on behalf of, or in connection with our Customers.
Data we collect about you from your transactions with us:
Personal Data which is being gathered consists of any details which are personally identifiable provided consciously and voluntarily by you, or by an organization you represent or are associated with or through your use of the Website (as described below). This may include your name (first and last), email address, phone numbers, picture, postal address, position and organization name and other information you may choose to provide to Park. Additionally, we may obtain location data related to the geographic location of your laptop, mobile device or other digital device on which the Park website is used.
You do not have any legal obligation to provide any information to Park, however, we require certain information in order to perform contracts, or to provide any services. If you choose not to provide us with certain information, then we may not be able to provide you or your organization with some or all of the services.
Park also collects the email addresses of people who communicate with Park via email or other media or create accounts and login credentials.
By registering on the Website, or submitting requests for support or information via the Website, Park will collect details, including also your name, company name, phone number and personal or company email you provided, address and other such information. Park may use this information to offer Park’s services and support.
Park also collects Personal Data through the use of CCTV cameras. This may consist of video images of you in the public spaces at Park sites, as well as records of your entrances and exits of the Park sites, buildings and office floors. Park may not be aware of the nature of the information collected through our services (for example, through our CCTV systems), and such information may include sensitive or special categories of Personal Data, but we do not knowingly collect such data about our Customers, employees, site visitors etc.
Data that we process on behalf of our customers:
Our customers collect Personal Data about candidates who wish to apply for a Visa to work in the USA. As part of the Services that we offer to our customers, we store and process this Personal Data. This can include candidates’ names, postal address, email address, phone numbers, CVs, degree certificates, work experience, references, photographs, notes made by our customers on the candidates’ application and any other Personal Data that our customers choose to collect as part of their visa application process, as well as data generated by other service providers in this process, such as immigration lawyers. This can also include sensitive categories of Personal Data such as data revealing racial or ethnic origin, health data and trade union membership. We use this data in order to provide foreign credentials evaluation services to our customers.
2. HOW DO WE COLLECT PERSONAL DATA OF YOURS ON PARK FACILITIES AND SERVICES?
Summary: We collect personal data through our website, and our application processes whether online, through direct communication, or otherwise.
We collect Personal Data through your use of our Website. In other words, when you are using the Website we are aware of it gather, collect and record the information relating to such usage, either independently or through the help of third-party services as detailed below. This may include technical information and behavioral information such as the User’s Internet protocol (IP) address used to connect your computer to the Internet, your uniform resource locators (URL), operating system, type of browser, browser plug-in types and versions, screen resolution, Flash version, time zone setting, the User’s ‘clickstream’ on the website, the period of time the User visited the website, methods used to browse away from a page, and any phone number used to call our customer service number. We likewise may place cookies on your browsing devices (see section ‘Cookies’ below).
We collect Personal Data required to provide services when you register interest and/or submit a request for an assessment. In addition, we collect your Personal Data, when you provide us such information by entering it manually or automatically, or through your use of our Website, facilities and services, or in connection with site visits, in the course of preparing a contract, or otherwise in engaging with us. We also collect Personal Data through our CCTV recordings which automatically collect information about your presence in the Park facilities.
3. WHAT ARE THE PURPOSES OF PERSONAL DATA WE COLLECT?
Summary: We use Personal Data to provide and improve our Services, and to meet our contractual, ethical and legal obligations.
We will use Personal Data to provide and improve our services to our customers and others and meet our contractual, ethical and legal obligations, including for example:
Processing which is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract (GDPR Article 6(1)(b)), such as:
- carrying out our obligations arising from any contracts entered into between you or your employer or organization and Park and/or any contracts entered into with Park and to provide you with the information, products and services that you request from Park;
- administering your account with Park including to identify and authenticate you and users from your organization;
- verifying and carry out financial transactions in relation to payments you make in connection with the products;
Processing which is necessary for compliance with a legal obligation to which Park is subject (GDPR Article 6(1)(c)) or Processing which is necessary for the purposes of the legitimate interests pursued by Park or by a third party (GDPR Article 6(1)(f)) of providing an efficient and effective service to customers, including:
- notifying you about changes to our service and products;
- contacting you for the purpose of providing you with technical assistance and other related information about the products;
- replying to your queries, troubleshooting problems, detecting and protecting against error, fraud or other criminal activity;
- contacting you to give you commercial and marketing information about events or promotions or additional services and products offered by Park, including in other locations;
- soliciting feedback in connection with your use of the services;
- tracking use of Park facilities and services to enable us to optimize them;
- contacting you to inform you of additional services which may be of interest to you;
- compliance and audit purposes, such as meeting our reporting obligations in our various jurisdictions, and for crime prevention and prosecution in so far as it relates to our staff, customers, facilities etc;
- if necessary, we will use personal data to enforce our terms, policies and legal agreements, to comply with court orders and warrants and assist law enforcement agencies as required by law, to collect debts, to prevent fraud, infringements, identity thefts and any other service misuse, and to take any action in any legal dispute and proceeding;
- for security purposes and to identify and authenticate your access to the parts of the facilities;
- we collect personal data of our customers’ personnel, which will be used for the purposes set out above.
4. SHARING DATA WITH THIRD PARTIES
Summary: We transfer your Personal Data to third parties who assist us in providing the Services. We have a contract with those third parties to govern their processing on our behalf. We may also transfer Personal Data to comply with any obligations we are under.
We transfer Personal Data to in a variety of circumstances. We take steps to ensure that these third parties use your information only to the extent necessary to perform their functions, and to have a contract in place with them to govern their processing on our behalf. These third parties include business partners, suppliers, affiliates, agents and/or sub-contractors for the performance of any contract we enter into with you. They assist us in providing the services we offer, processing transactions, fulfilling requests for information, receiving and sending communications, analyzing data, providing IT and other support services or in other tasks, from time to time. These third parties may also include analytics and search engine providers that assist us in the improvement and optimization of our website, and our marketing.
We periodically add and remove third party providers. At present our third-party providers to whom we transfer personal data include also the following:
- Experts who assess foreign credentials in various fields.
- Microsoft, and other such computing and cloud service providers.
- CRM, cyber security, billing, payroll, scheduling, task management, team collaboration and other such business service providers.
- Call centers.
- Our lawyers, accountants, and other standard business service providers.
- Other industry standard business software and partners.
In addition, we may disclose your personal data to third parties if some or all of our companies or assets are acquired by a third party including by way of a merger, share acquisition, asset purchase or any similar transaction, in which case personal data may be one of the transferred assets. Likewise, we will transfer personal data to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal or audit or compliance obligation, in the course of any legal or regulatory proceeding or investigation, or in order to enforce or apply our terms and other agreements with you or with a third party; or to assert or protect the rights, property, or safety of Park, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction and to prevent cybercrime.
For avoidance of doubt, Park may transfer and disclose non-personal data to third parties at its own discretion.
5. WHERE DO WE STORE YOUR DATA?
Summary: We store your Personal Data on servers controlled by us, or by reputable cloud-service providers.
We store your Personal Data on servers owned or controlled by Park, or processed by third parties on behalf of Park, by reputable cloud-service providers in the US, including also Amazon and Microsoft. See the following section regarding international transfers.
6. INTERNATIONAL DATA TRANSFERS
Summary: Our services involve transfer of data outside the EEA, which is done using various mechanisms including Adequacy Rulings, Privacy Shield and Standard Contractual Clauses.
- In the United States of America. Park stores Personal Data on Microsoft servers which are located in the US. Transfer to the US is subject to Microsoft’s Privacy Shield certification, as well as on and with other GDPR compliant service providers. Occasional transfer to third party recipients who are not Privacy Shield certified or otherwise included in an adequacy program may be undertaken where it is necessary for the fulfilment of a contract with or service for the data subject.
We may transfer your personal data outside of the EEA, in order to:
- store or backup the information;
- enable us to provide you with the services and products and fulfil our contract with you;
- fulfill any legal, audit, ethical or compliance obligations which require us to make that transfer;
- facilitate the operation of our group businesses, where it is in our legitimate interests and we have concluded these are not overridden by your rights; and
- to serve our customers across multiple jurisdictions.
7. DATA RETENTION
Summary: We retain your Personal Data only for as long as necessary to meet our legal and ethical obligations, which for different types of data will be different periods. For visa applicant, that is typically five years from the issuance of the visa.
Park will retain personal data it processes only for as long as required in our view, to provide the services and as necessary to comply with our legal and other obligations, to resolve disputes and to enforce agreements. Given the nature of the outcome of our work with Personal Data – meaning the issuance of visas to the Data Subjects, we consider it necessary to hold the data for five years from the date of completion of the application. We will also retain personal data to meet any audit, compliance and business best-practices.
Data with respect to which Park is the Processor will be deleted only on action and/or instruction of the Controller, except where such data must be retained by us, in our judgment, as above.
8. SERVICES AND WEBSITE DATA COLLECTION AND COOKIES
When you access or use our services or Website, Park uses industry standard technologies such as cookies, pixels and similar technologies, which store certain information on your computer or browsing device and which will allow us to identify the computer or device and in some cases to identify them with the user, and to enable automatic activation of certain features, and make your user experience more convenient and effortless. We use different types of cookies: some cookies are strictly necessary, they are required for the operation of our Website and services under our terms with you; this includes for example, cookies that enable you to log into secure areas of our services. We also use analytical and performance monitoring cookies, which allow us to recognize and count the number of visitors and to see how visitors move around our website and services when they are using it. Finally, we use functionality cookies which are used to recognize you when you return to our Site. This enables us to personalize content to your preferences, including for example, your choice of language or region.
Different cookies are kept for different periods. Session cookies are used to keep track of your activities online in a given browsing session; these cookies generally expire when the browser is closed but may be retained for a period on your device. Permanent cookies remain in operation even when you have closed the browser; they are used to remember your login details and password. Third-party cookies are installed by third parties with the aim of collecting certain information to research behavior, demographics. Third party cookies on our site include, for example, Google Analytics. Likewise, pixels from Facebook and others enable integration of third-party service providers (eg Twitter, Youtube, Pintrest, Instagram) are not currently, but may in the future, be embedded on our site. Third party cookies will be retained according to the terms of those third parties, and you can control those cookies in your browser settings.
Most browsers will allow you to erase cookies from your computer’s hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. However, if you block or erase cookies your online experience on our Website and services will be limited.
How to disable cookies: the effect of disabling cookies depends on which cookies you disable but, in general, the website and some services delivered through it may not operate properly, may not recognize your device, may not remember your preferences and so on, if cookies are disabled or removed. However, allowing or disabling cookies is your choice and in your control. If you want to disable cookies on our site, you need to change your browser settings to reject cookies. How you can do this will depend on the browser you use. Further details on how to disable cookies can be found here:
- Internet Explorer: windows.microsoft.com/en-GB/internet-explorer/delete-manage-cookies
Google Chrome: support.google.com/chrome/answer/95647?hl=en
- Firefox: support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
- Safari: help.apple.com/safari/mac/8.0/#/sfri11471
Our services and Website may, from time to time, contain links to external sites. We are not responsible for the operation, privacy policies and practices or the content of such sites.
9. SECURITY AND STORAGE OF INFORMATION
Summary: We take industry standard steps to maintain the security of the Personal Data we process. On discovering a breach, we will promptly notify, as may be required, the controller, the relevant authorities and data subjects, and take steps to remedy the breach.
We take great care in implementing, enforcing and maintaining the security of the personal data we process. Park implements, enforces and maintains security measures, technologies and policies to prevent the unauthorized or accidental access to or destruction, loss, modification, use or disclosure of personal data. Where we deem it necessary in light of the nature of the data in question and the risks to data subjects, we may encrypt data. Likewise, we take industry standard steps to ensure our Website and services are safe. Where we are processing data as a processor, we will process such data in accordance with the instructions of the Controller, including the Controller’s data security requirements.
Note however, that no data security measures are perfect or impenetrable, and we cannot guarantee that unauthorized access, leaks, viruses and other data security breaches will never occur.
Park shall act in accordance with its policies and with applicable law to promptly notify the relevant authorities and data subjects in the event that any personal data processed by Park is lost, stolen, or where there has been any unauthorized access to it, all in accordance with applicable law and on the instructions of qualified authority. Park shall promptly take reasonable remedial measures.
10. DATA SUBJECT RIGHTS
Summary: Data subjects to whose Personal Data GDPR applies have rights to data portability, access data, rectify data, object to processing and erase data. These rights cannot be exercised in a manner that is inconsistent with the rights of others.
Data subjects with respect to whose data GDPR applies, have rights under GDPR and local laws, including, in different circumstances, rights to data portability, rights to access data, rectify data, object to processing, and erase data. It is clarified for the removal of doubt, that where personal data is provided by a customer being the data subject’s employer, such data subject rights will have to be effected through that customer. In addition, data subject rights cannot be exercised in a manner inconsistent with the rights of Park employees and staff, with Park proprietary rights, and third-party rights. As such, job references, reviews, internal notes and assessments, documents and notes including proprietary information or forms of intellectual property, cannot be accessed or erased or rectified by data subjects. In addition, these rights may not be exercisable where they relate to data that is not in a structured form, for example emails, or where other exemptions apply. If processing occurs based on consent, data subjects generally have a right to withdraw their consent.
Where Park is the Controller, a data subject who wishes to modify, delete or retrieve their Personal Data, may do so by contacting Park (). Note that Park may have to undertake a process to identify a data subject exercising their rights. Park may keep details of such rights exercised for its own compliance and audit requirements. Please note that Personal Data may be either deleted or retained in an aggregated manner without being linked to any identifiers or Personal Data, depending on technical commercial capability. Such information may continue to be used by Park.
Data subjects in the EU have the right to lodge a complaint, with a data protection supervisory authority in the place of their habitual residence. If the supervisory authority fails to deal with a complaint you may have the right to an effective judicial remedy.
Where Park is a Processor, any data subject rights may be exercised only through the relevant Controller.
Summary: California residents have rights under CCPA, and we will help them exercise those rights.
If you are a California resident, California Civil Code Section 1798.83 permits you to request in writing a list of the categories of personally identifiable information relating to third parties to which we have disclosed certain categories of personally identifiable information during the preceding year, for the third parties’ direct marketing purposes, and to obtain such information free of charge up to twice in a 12-month period. You have the right to request disclosure from Park of the following:
- The categories of personal information Park has collected about you;
- The categories of sources from which the personal information is collected;
- The business or commercial purpose for collecting personal information;
- The categories of third parties with whom the business shares personal information; and
- The specific pieces of personal information Park has collected about you.
To make any such requests, please contact us at:.
Park will not discriminate against a consumer because the consumer exercised any of the consumer’s rights, including, but not limited to, by:
- Denying goods or services to the consumer.
- Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties.
- Providing a different level or quality of goods or services to the consumer.
- Suggesting that the consumer will receive a different price or rate for goods or services or a different level or quality of goods or services.
Summary: We do not knowingly collect Personal Data about minors aged 16 or under. We update this policy from time to time. We aim to process only adequate Personal Data limited to the needs and purposes. Our contact details for data protection matters.
Minors. We do not knowingly collect or solicit information or data from or about children aged 16 or under or knowingly allow children aged 16 or under to register for Park services. If you are aged 16 or under, do not register or attempt to register for any of the Park Service or send any information about yourself to us. If we learn that we have collected or have been sent Personal Data from a child aged 16 or under, we will delete that Personal Data as soon as reasonably practicable without any liability to Park. If you believe that we might have collected or been sent information from a minor aged 16 or under, please contact us at: , as soon as possible.
Park contact details: Park Firm LLC, 3000 Marcus Ave, Suite 1E6, Lake Success, NY 11042, USA.
* * * * *