NOTICE OF FCR INFORMATION PRIVACY POLICY CONSISTENT WITH EU-US AND SWISS-EU PRIVACY SHIELD FRAMEWORKS

Policy date: 9/25/2017

First Call Resolution, LLC (“FCR”) is a provider of outsourced live agent call center and business process solutions for a variety of clients, the majority of whom operate on a global scale. FCR provides a wide range of outsourced contact center, business process and social networking solutions to industries that include the high tech, internet, e-retail services, telecom, healthcare, finance, travel, transportation, insurance and various sectors of the new economy. FCR’s specialty is creatively working alongside clients’ existing operations and support desks, helping to fill in sales, service and support gaps like phone, email, web chat, social media, and back office process.

All FCR operations reside within the United States in the Pacific Northwest. FCR does not have any subsidiaries and does not operate in any country outside of the US.

FCR’s corporate headquarters are located at 406 NE Winchester St., Roseburg, OR 97470.Our corporate phone number is +1-541-957-8654. The corporate Information Security Officer is Jennifer Clark, and she may be contacted through the email form at the end of this policy.

FCR commits to the EU-US and Swiss-US Privacy Shield Frameworks (the “Privacy Shield”) with respect to the collection, use, and storage of Personal Information from the European Union (“EU”) and Switzerland.  Accordingly, we follow the EU-U.S. and Swiss-US Privacy Shield Principles published by the U.S. Department of Commerce (the “Principles”).

Specifically, this statement serves as notice of what personal information we collect, how we use it, and the choices affected individuals have in regard to the information that is personal to them.  If there is any conflict between FCR Privacy Policy (the “Policy”) and the Principles, the Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov.

FCR does not disclose Personal Information to any third parties except where the individual has consented to the disclosure, the disclosure is required by lawful requests by public authorities, the disclosure is reasonable for the establishment of legal claims, or the disclosure is an approved derogation from the EU Directive.

FCR has certified our participation in the Privacy Shield to the Department of Commerce. The following outlines our commitment and general policy for implementing the Principles. All colleagues of FCR that have access in the U.S. to Personal Information covered by this Privacy Shield Policy are responsible for conducting themselves in accordance with this Policy.

FCR promises to periodically review and verify its compliance with the Principles and to remedy any issues arising out of failure to comply with the Principles. FCR further acknowledges that its failure to provide an annual self-certification to the U.S. Department of commerce will remove us from the Department’s list of Privacy Shield participants.

NATURE OF INFORMATION THAT WE ACCESS OR COLLECT

When you signed up for service with our client, you acknowledged certain terms of service, and provided your consent for storage of information relevant to the service you receive. FCR only collects Personal Information for the purposes of rendering our services to you, as permitted by the Principles and as limited by our contracts with our clients. We collect this information from our interaction with you, and we access data that you provided to our client for the purpose of establishing and maintaining your account.

FCR restricts the collection of Personal Information to the amount needed to deliver you the requested product or service. We maintain physical, electronic, and procedural safeguards in compliance with applicable laws to protect your information from unauthorized loss, misuse, alteration, or destruction. Additional safeguard measures include, but are not limited to, the education and training of our colleagues. However, we cannot guarantee the security of information on or transmitted via the Internet.

For purposes of our Policy, “Personal Information” is defined as information that:

  • Is about, or pertains to a specific individual; and
  • Can be linked either directly or indirectly (in combination with other readily available data) to that individual.

Generally, the information that we access will be information about you such as your username in our client’s system or service, parameters, terms, and conditions of the service, or information that is stored in your account.

For some of our clients, and depending on the nature of the service that you subscribed to and receive, we may have to access your identity data, such as your national identity card, or your financial information such as credit card or banking transactions, or your insurance claim information. Such information may include, but is not limited to:

  • Your personal data such as your name, address, phone number, and other such information.
  • Your government-issued identification numbers, to the extent that they are a part of your record with our client.
  • Your financial accounts and transactional records that reside in our client’s system.
  • Your health records.
  • Your transactional records of interaction with our client’s service that you are inquiring about.

With one exception which is described in the next paragraph, all data about you or your account is stored in the systems that belong to or are managed by our client. No information about you or your account is ever transferred to any FCR-managed system in the US or in any other country.

The only exception to data storage is in the case where we provide telephone support for the client through our phone systems. In that event, the recording of our interaction with you is stored for 90 days for the purpose of quality assurance and training. We employ appropriate administrative, physical and technical safeguards to protect these recordings. These safeguards include temporarily muting recording during the discussion of sensitive information (such as a credit card number), restricting access to these recordings to minimally necessary, authorized personnel, and by protecting both their storage and authorized transmission by measures such as encryption technologies.

The FCR Website does not store or set “cookies” to track visitors, nor do we use 3rd party tracking cookies with one exception. If you apply for a job on the FCR Applicant Tracking System, the Applicant Tracking System (a 3rd Party System) will set a cookie to track the application and user.

Even though you may have services from many of our clients, we are not aware of nor do we track those relationships. We only accesses your information for the specific client / account you are contacting us about.

YOUR OPTIONS FOR INFORMATION QUALITY AND ERROR CORRECTION

Most of the information in your profile is controlled by you through our customer’s system. FCR does not transfer Personal Information to any 3rd party.

FCR does not control the configuration of the client’s system, nor do we have any ability to alter data in a manner that our clients do not permit us to do. Should you discover an error in your account data, please inform the agent that you are speaking with about the error. To the extent that FCR is able or permitted to correct the error, the agent will do so.

However, if the agent is prevented from correcting the information because of security restrictions or configurations that are imposed on our agents, then we shall escalate the request to the appropriate client’s Point of Contact and advise you of that action. You may get some additional contacts from our client’s Information Security personnel to assist you with your request.

In the event that you did not get a response from our client’s Information Security Personnel, please contact our Information Security Officer through the form below, and we will attempt to facilitate that correction with our Client’s Information Security Personnel.

As detailed above, FCR does not store any Personal Information about you or your account other than the call recordings in some specific cases. If there is an information quality or error issue with the call recording that we store, please contact our Information Security Officer through the form below.

SECURITY AND ACCESS

For the data that is collected and stored at FCR (voice recordings, in some cases), you maintain the right to access your Personal Information as specified in the Privacy Shield to correct, amend, or delete such Personal Information if it is inaccurate or has been processed in violation of the Privacy Shield Principles. FCR may request additional identifying information as a security precaution. Access may be limited or denied to Personal Information where providing access would be unreasonably burdensome or expensive in the circumstances, or where the rights of persons other than the individual may be violated. Requests for access, correction, amendment, or deletion should be sent to the FCR Information Security Officer, through the web contact form below.

Requests to access Personal Information located in our client’s systems should be directed to the client’s Information Security Officer. Our agent can assist you in locating the correct individual to make your request to.

FCR remains liable under the Privacy Shield if our agent processes Personal Information covered by this Privacy Shield Policy in a manner inconsistent with the Principles, except where FCR is not responsible for the event giving rise to the damage.

RECOURSE AND ENFORCEMENT

FCR’s participation in the Privacy Shield is subject to investigation and enforcement by the U.S. Federal Trade Commission. In compliance with the Privacy Shield Principles, FCR commits to resolve complaints about your privacy and our collection or use of your Personal Information. If you have an inquiry or complaint regarding this Privacy Shield Policy, please contact the FCR Information Security Officer through the form at the bottom of this page.

If the dispute involves Personal Information collected in the context of an employment, agent, or sub-contractor relationship, we will cooperate with competent EU data protection authorities and comply with advice of such authorities. In the event that we or such authorities determine that we did not comply with the Privacy Shield Policy and Principles, we will take appropriate steps to address any adverse effects and to promote future compliance. FCR colleagues who are found to have violated the Privacy Shield Policy will be subject to disciplinary process.

FCR has further committed to refer unresolved privacy complaints under the privacy Shield principles to Judicial Arbitration and Mediation Services (JAMS), the largest private alternative dispute resolution provider in the world and located in the U.S. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information and to file a complaint.

Under certain circumstances, you may also invoke binding arbitration before the Privacy Shield Panel to be created by the U.S. Department of Commerce and the European Commission. Please see the Privacy Shield website (linked to above) for more information on conditions giving rise to binding arbitration.

CONTACT OUR INFORMATION SECURITY OFFICER