Applied Facts Group, Inc. Privacy Policy
(Last Updated October 2, 2024)

Applied Facts Group, Inc. (“Applied Facts,” “we,” “us” or “our”) is a US-based company with a global reach. Applied Facts is committed to complying with applicable data privacy and security requirements in the countries in which it operates.

Applied Facts provides due diligence, compliance, cyber security, investigative and other risk consultancy services to clients (collectively, “services”). In providing these services, Applied Facts may collect, receive and process certain personal data from or on behalf of its clients and act as data processor or as a data controller, depending on the service provided and the amount of control Applied Facts has over the purpose(s) and means of the data processing.

Data We Collect

Applied Facts collects or receives the following categories of personal data:

Contact data: We may collect or receive information such as name and contact details (email, phone number, etc.) in order to communicate and facilitate the provision of our services with our clients or potential clients. We may also collect or receive this type of data to respond to inquiries regarding our products and services or to provide you with information, reports, or updates.

Services data: Personal data may be provided to us by clients to the extent required to perform the services. Applied Facts may also acquire personal data from a third party or third parties (including public sources, such as public records and registries, social media sites and the Internet, as well as other third party sources, such as industry or country experts) as required to perform services for our client(s). The personal data we process in the performance of services for and on behalf of our clients includes but is not limited to any information relating to a living individual in which the individual is identified or identifiable, for example, the individual’s name, contact information, education, work activity and history, financial information, as well as, where necessary, data concerning criminal convictions and offenses and some special categories of information as defined by article 9 of the GDPR.

Website visitor information: when you visit our website, we or our service providers may automatically collect information about your visit such as your IP address and the pages you visited and when you use our services we may collect information on how you use those services.

Clients and other third parties who provide personal information to Applied Facts must do so in compliance with applicable data privacy regulations.

Cookies

Cookies are small bits of information that are stored by your device’s web browser. We may allow specific third parties to place and read their own cookies and similar technologies to collect information through the website. For example, our third party service providers may use these technologies to collect information that helps us with traffic measurement, research, and analytics. Depending on the configuration options offered by the operating system, web browser, and other software on your device, you may be able to decide if and how your device will accept a cookie by configuring your preferences or options in your device or web browser. If you choose to refuse, disable, or delete cookies, some of the functionality of the website may no longer be available to you.

Processing of Personal Data

The data we collect will be processed in accordance with the purposes specified in this notice, namely:

·     To provide the products or perform the services requested by clients and individuals pursuant to a letter of engagement, statement of work, or similar (where the processing is necessary for our legitimate business interests in conducting and managing our business).

·     To provide the products or perform the services requested by clients and individuals using our website or web applications (where the processing is necessary for our legitimate business interests in conducting and managing our business).

·     For complying with obligations provided by laws, current regulations and European legislation (e.g. tax regulations) (where processing is based on a legal obligation).

·     For legitimate business purposes to advise you through e-mail, phone call, or post, in the framework of our ordinary commercial relationship, about other products or services similar to the products or services we have provided to you and that we think will be of interest to you (where the processing is necessary for our legitimate business interests).

·     For marketing purposes. For example, we may use your information to further discuss your interest in the services and to send you information regarding Applied Facts, such as information about events, products or services. You can withdraw your consent or opt out of receiving our marketing communications at any time. If you are not located in the EU, you may opt-out of receiving marketing communications and updates at any time. You can manage your receipt of marketing and non-transactional communications by clicking on the unsubscribe link located on the bottom of Applied Facts’ marketing emails. Additionally, you may send a request to info@appliedfacts.com.

·     For improving Applied Facts’ communications with you emails sent to you by Applied Facts may include tracking, including of open and click activities. Applied Facts may collect information about your activity as you interact with our email messages and related content.

·     For operating and improving Applied Facts’ website and your customer experience. For example, we may collect and analyze data on your use of our website, and process it for the purpose of improving your online experience.

·     For security purposes. For example, we may use your data to protect Applied Facts and its third parties against security breaches and to prevent fraud and violation of applicable agreements, as necessary for our legitimate business interests.

Whenever we process your personal data for our legitimate interests, we make sure to consider and balance any potential impact on you and your rights under data protection laws. Our legitimate business interests do not automatically override your interests. We will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are required or permitted to by law.) You have the right to object to this processing if you wish.

Personal data and the performance of client services

Our clients engage us on a wide range of matters to help them mitigate risk – for example to conduct due diligence on a potential business partner, supplier or acquisition target. In many cases, the client’s engagement of Applied Facts is to fulfill a requirement of an EU or member state law or regulation, such as EU Anti-Money Laundering Regulations and the UK Bribery Act 2010. We believe that Applied Facts has a legitimate interest in processing data to support its clients in these objectives, provided that the privacy rights of any affected individuals are not unduly affected.

How data is processed

Personal data is processed both manually and electronically in accordance with the above-mentioned purposes and in compliance with current regulations. We permit only authorized Applied Facts employees and third-party providers to have access to your information. Such employees and third- party providers are trained to process data only according to the instructions we provide them.

Storage of Personal Data

Applied Facts will retain personal data for a reasonable period of time, taking into account business needs to capture and retain such information, and for a period of time necessary to comply with state, local, or federal regulations, or country specific regulations and requirements, and in accordance with Applied Facts’ Records Retention Policy.

Disclosure/Sharing of Personal Data

We only share your personal data with your consent or in accordance with this notice. We will not otherwise share, sell or distribute any of the information you provide to us except as described in this notice.

Applied Facts may share your information with external third parties, such as vendors, consultants, legal advisors, auditors and other service providers who are performing, advising or assisting with certain services on behalf of Applied Facts. Such third parties have access to personal data solely for the purposes of performing the services specified in the applicable contract, and not for any other purpose. Applied Facts requires these third parties to undertake security measures consistent with the protections specified in this notice.

Applied Facts may be required to disclose personal data in response to lawful requests by public authorities, including meeting national security or law enforcement requirements.

If Applied Facts enters into a joint venture with or is merged with another business entity, your information may be disclosed to our new business partners.

Cross-Border Transfers of Personal Data

Personal information may be transferred, accessed and stored globally as necessary for the uses stated above in accordance with this notice, and in compliance with local law and regulations.

Data concerning EU data subjects may be transferred to or processed in locations outside of the EU only where one of the following safeguards is in effect:

·     Transfers to certain countries which the EU Commission has determined ensure an adequate level of protection.

·     Transfers pursuant to standard contractual clauses or contract terms ensuring adequate data protection.

 

Your Rights

You have the following rights concerning your data processed by Applied Facts:

·     Access: You have the right to access personal information that Applied Facts holds about you.

·     Rectification: You have the right to ask us to rectify information Applied Facts holds about you if it is inaccurate or not complete.

·     Erasure: You can request that Applied Facts erase your personal data. In addition to other exceptions that apply under applicable law, we will keep basic data to identify you and retain it solely for preventing further unwanted processing.

·     Restrict Processing: You have the right to ask Applied Facts to restrict how we process your data. This means we are permitted to store the data, but not to further process it. In addition to other exceptions that apply under applicable law, we will keep sufficient data to make sure we respect your request in the future.

·     Object to Processing: Where processing is based on legitimate interests, you have the right to object to Applied Facts processing your data. Applied Facts will discontinue processing your data unless we can demonstrate compelling legitimate grounds for the processing. In this case, we will keep basic data to identify you and retain it solely for preventing further unwanted processing.

·     Portability: Where processing is based on consent or performance of a contract, you have the right to data portability. Applied Facts must allow you to obtain and reuse your personal data for your own purposes in a safe and secure way without this affecting the usability of your data. This right only applies to personal data you have provided to Applied Facts as the Data Controller.

·     You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here:  https://edpb.europa.eu/about-edpb/board/members_en.

·     Opt Out: You have the opportunity to choose (opt out) whether your personal information is (i) to be disclosed to a third party or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you.

Contact info@appliedfacts.com to request access, rectification, opt out, or erasure, or to restrict processing, to object to processing, to request data portability.

 

 

Automated Decision Making

Automated decisions are defined as decisions about individuals that are based solely on the automated processing of data and that produce legal effects that significantly affect the individuals involved.

Applied Facts does not make automated decisions using personal data.

Providing Information to Applied Facts

If you choose not to provide certain personal data, it may be an impediment to the exchange of information necessary for the execution of the contract or provision of services, and we may not be able to provide you with some services and you may not be able to participate in some of the activities on our website.

EU-U.S. Data Privacy Framework, UK Extension to the U.S. DPF, and the Swiss-U.S. DPF

In compliance with the EU-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Applied Facts commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

Applied Facts complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  Applied Facts has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.  Applied Facts has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

With respect to personal data received or transferred pursuant to the Data Privacy Frameworks, Applied Facts is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. 

Pursuant to the DPF Program, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the DPF, should direct their query to info@appliedfacts.com If requested to remove data, we will respond within a reasonable timeframe. 

 

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to info@appliedfacts.com

Applied Facts’ accountability for personal data that it receives in the United States under the DPF and subsequently transfers to a third party is described in the DPF Principles. In particular, Applied Facts remains responsible and liable under the DPF Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the DPF Principles, unless Applied Facts proves that it is not responsible for the event giving rise to the damage. 

Onward Transfers to Third Parties

Applied Facts has responsibility for the processing of personal information it receives under the DPF Principles and subsequently transfers to a third party acting as an agent on its behalf.

Dispute Resolution

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Applied Facts commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to an alternate resolution provider based in the United States. If you do not receive timely acknowledgement of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit alternative dispute resolution provider’s website for more information or to file a complaint. The services of alternative dispute resolution provider are provided at no cost to you.

In compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), Applied Facts commits to resolve complaints about our collection or use of your personal information transferred to the U.S. pursuant to the EU-U.S. DPF, the UK extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. EU, UK, and Swiss individuals with inquiries or complaints should first contact Applied Facts at info@appliedfacts.com.

Applied Facts has further committed to refer unresolved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf  

 

Third Party Websites or Other Services

We are not responsible for the privacy practices of any websites not operated by Applied Facts, as well as mobile apps or other digital services, including those that may be linked through the Applied Facts website or services, and we encourage you to review the privacy policies or notices published thereon.

Contact Us

Please contact us at Applied Facts with questions, concerns, or complaints:

Applied Facts Group, Inc.
901 Corporate Center Drive Suite 104
Monterey Park, CA 91754 USA 213.892.8700
213.892.8700

info@appliedfacts.com

For data subjects located in the EU: if we are not able to satisfactorily resolve your questions, concerns, or complaints, or if you believe that the processing of your personal data infringes on your rights under applicable data protection laws, you have the right, without prejudice to any other administrative or judicial remedies, to lodge a complaint with a supervisory authority, in particular, in the Member State of your habitual residence, place of work or place of the alleged infringement. Contact information for the supervisory authorities may be found here:

EU Data Protection Authorities http://ec.europa.eu/justice/article- 29/structure/data-protection-authorities/index_en.htm

Data Privacy Framework (DPF) program https://dataprivacyframework.gov