Transfers of Personal Information
UKG complies with the EU General Data Protection Regulation regarding the transfer of PI from the EU to the U.S. For transfers of PI originating in the EU to UKG for processing by UKG in a jurisdiction other than a jurisdiction in the EU, the EEA, or the European Commission-approved countries providing ‘adequate’ data protection, UKG agrees it will (a) provide at least the same level of privacy protection for PI originating in the EU as required under the U.S.-EU and U.S.-Swiss Privacy Shield frameworks; or (b) use the form of the Controller-to-Processor Standard Contractual Clauses (“SCCs”) currently approved. In most cases, UKG will use European Commission-approved SCCs as a legal mechanism for cross-border PI transfers from the EU.
UKG complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (Privacy Shield) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom and/or Switzerland, as applicable. UKG has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such information. To learn more about the Privacy Shield program, and to view our certification, please visit the Privacy Shield website.
UKG is responsible for the processing of PI we receive, defined as any operation or set of operations which is performed upon PI, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction, it receives, under the applicable Privacy Shield Framework, and, on occasion, subsequently transfers to a third party acting as an agent on its behalf. UKG complies with the Privacy Shield Principles for all onward transfers of PI from the European Union, the United Kingdom and/or Switzerland, including the onward transfer liability provisions.
With respect to PI received or transferred pursuant to the Privacy Shield Frameworks, UKG is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, UKG may be required to disclose PI in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
UKG’s privacy practices, described in this Privacy Notice, comply with the APEC Cross Border Privacy Rules System (CBPR). The APEC CBPR system provides a framework for organizations to ensure the protection of Personal Information transferred among participating APEC economies. More information about the APEC framework can be found here.
If there is any conflict between the terms in this Privacy Notice and the applicable adequate transfer mechanism for cross-border transfer of PI from the EU, Switzerland, or the United Kingdom to the United States (such as the Standard Contract Clauses or the EU-U.S. Privacy Shield or Swiss-US Privacy Shield), then the language specified in the adequate transfer mechanism shall govern.