Privacy Policy

Last Revised: April 2024

OVERVIEW

NFC Worldwide Solutions, LLC d/b/a NFC Global ("NFC") respects individual privacy and values the confidence of its customers, employees, vendors, consumers, business partners and others. NFC strives to collect, use and disclose Personal Information (as defined below) in a manner consistent with the laws of the countries in which it does business, and has a tradition of upholding the highest ethical standards in its business practices worldwide.

NFC complies with the EU-U.S. Data Privacy Framework program (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework program (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  NFC has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  NFC has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework program Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the UK Extension to the EU-U.S. DPF and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

NFC has appointed a Chief Security Officer who is responsible for NFC's compliance with and enforcement of this Policy. NFC educates its employees concerning compliance with this Policy and has self-assessment procedures in place to assure compliance. NFC's Chief Security Officer, Tim Tangye, is available to any of its employees, customers, vendors, business partners or others who may have questions concerning this Policy or data security practices. Relevant contact information is provided herein.

SCOPE

This Policy applies to all Personal Information received by NFC in any format including electronic, paper or verbal. NFC collects and processes Information concerning visitors to its website and client requests for due diligence, through its Internet websites, electronic mail and manually. NFC is the sole owner of information it collects from visitors to its website. Information collected from clients is owned by NFC's client unless otherwise specified in a contractual agreement between NFC and the client. NFC will not sell or share this information with third parties in ways different than what is disclosed in this Privacy Policy. On a global basis, NFC will, and will cause its affiliates to, establish and maintain business procedures that are consistent with this Policy.

Personal Information collected by NFC from clients, from prospective customers, consumers, vendors, business partners and others is maintained at its corporate offices in Horsham, Pennsylvania. NFC collects Personal Information for, among other things, legitimate due diligence business reasons such as bank account openings, vendor due diligence, mergers, acquisitions, pre-employment background checks, litigation support, etc., these may include business and individual names, addresses, telephone numbers, email addresses, national ID numbers, and dates of birth required to conduct the requested due diligence services; and for legitimate business reasons such as customer service; product, claims administration; meeting governmental reporting and records requirements; maintenance of accurate accounts payable and receivable records; internal marketing research; safety and performance management; financial and sales data; and contact information, these may include business and individual names, addresses, telephone numbers, email addresses and billing information required to maintain customer accounts and bill for services. NFC does not request or gather information regarding political opinions, religion, philosophy or sexual preference. All Personal Information collected by NFC will be used for legitimate business purposes consistent with this Policy. To the extent NFC maintains information on an individual's medical health or ethnicity (as legally required), NFC will protect, secure and use that information in a manner consistent with this Policy and applicable law.

DEFINITIONS

For purposes of this Policy, the following definitions shall apply:

"Agent" means any third party that uses Personal Information provided by NFC to perform tasks on behalf of or at the instruction of NFC.

“Data Subject” means the person whose personal information is obtained.

"NFC" means its predecessors, successors, assigns, subsidiaries, divisions and groups.

"Personal Information" means any information or set of information that identifies or could be used by or on behalf of NFC to identify an individual. Personal Information does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public Personal Information.

"Sensitive Personal Information" means Personal Information that reveals race, ethnic origin, trade union membership, or that concerns health. In addition, NFC will treat as sensitive Personal Information any information received from a third party where that third party treats and identifies the information as sensitive.

NOTICE: Where NFC collects Personal Information directly from individuals, it will inform them about the purposes for which it collects and uses Personal Information about them, the types of non-agent third parties to which NFC discloses that information, and the choices and means, if any, NFC offers individuals for limiting the use and disclosure of their Personal Information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Information to NFC, or as soon as practicable thereafter, and in any event before NFC uses the information for a purpose other than that for which it was originally collected. NFC may disclose Personal Information if required to do so by law or to protect and defend the rights or property of NFC.

CHOICE: We will provide an individual opt-out choice (for personal data) or opt-in choice (for sensitive data) before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to privacy@nfcglobal.com.

NFC will provide individuals with reasonable mechanisms to exercise their choices should requisite circumstances arise.

DATA INTEGRITY: NFC will use Personal Information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. NFC will take reasonable steps to ensure that Personal Information is relevant to its intended use, accurate, complete and current. Data will be retained only for as long as it serves its relevant purpose and in consideration of correlated compliance and legal considerations.

TRANSFERS TO AGENTS: NFC, form time-to-time, utilizes in-country investigative Agents, where required to obtain local information relevant to the services requested by its clients. In these cases only the information required to perform the requested due diligence research is shared with the Agents, which may include business and individual names, addresses, telephone numbers, email addresses, national ID numbers, and dates of birth. NFC will obtain assurances from its Agents that they will safeguard Personal Information consistently with this Policy and transfer such data only for limited and specified purposes. Examples of appropriate assurances that may be provided by Agents include: a contract obligating the Agent to provide at least the same level of protection as is required by the relevant DPF Principles, being subject to EU Directive 95/46/EC (the EU Data Protection Directive), DPF certification by the Agent, or being subject to another European Commission adequacy finding (e.g., companies located in Switzerland). Where NFC has knowledge that an Agent is using or disclosing Personal Information in a manner contrary to this Policy, NFC will take reasonable steps to prevent or stop the use or disclosure. NFC holds it Agents accountable for maintaining the trust our employees and customers place in the company. In cases of onward transfer to third parties of data of EU, UK or Swiss individuals received pursuant to the EU-U.S. DPF, UK Extension to the EU-U.S. DPF, or the Swiss-U.S. DPF, NFC shall remain liable under the DPF Principles if its agent processes such personal information in a manner inconsistent with the DPF Priciples, unless NFC proves that it is not responsible for the event giving rise to the damage.

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

ACCESS AND CORRECTION: Pursuant to the DPF Frameworks, EU, UK and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under DPF, should direct their query to privacy@nfcglobal.com. If requested to remove data, we will respond within a reasonable timeframe.

SECURITY: NFC will take reasonable precautions to protect Personal Information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction. NFC protects data in many ways. Physical security is designed to prevent unauthorized access to database equipment and hard copies of sensitive Personal Information. Electronic security measures continuously monitor access to our servers and provide protection from hacking or other unauthorized access from remote locations. This protection includes the use of firewalls, restricted access and encryption technology. NFC limits access to Personal Information and data to those persons in NFC's organization, or as agents of NFC, that have a specific business purpose for maintaining and processing such Personal Information and data. Individuals who have been granted access to Personal Information are aware of their responsibilities to protect the security, confidentiality and integrity of that information and have been provided training and instruction on how to do so.

ENFORCEMENT: NFC will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy and the DPF Principles. Any employee that NFC determines is in violation of this Policy will be subject to disciplinary action up to and including termination of employment.

NFC is subject to the investigatory and enforcement powers of the Federal Trade Commission in connection with the processing a Data Subject’s Personal Information under the DPF Framework.

DISPUTE RESOLUTION

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF Principles, NFC commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles.  European Union, United Kingdom and Swiss individuals with DPF inquiries or complaints should first contact NFC at privacy@nfcglobal.com

NFC has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.  See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2

INTERNET PRIVACY

NFC sees the Internet, intranets and the use of other technologies as valuable tools for communicating and interacting with consumers, employees, vendors, business partners and others. NFC recognizes the importance of maintaining the privacy of Personal Information collected through websites that it operates. In general, visitors can reach NFC on the Web without revealing any Personal Information. Visitors on the Web may elect to voluntarily provide Personal Information via NFC websites but are not required to do so. NFC collects information from visitors to the websites who voluntarily provide Personal Information by filling out and submitting online questionnaires requesting products or services. The Personal Information voluntarily provided by website users is contact information limited to the user's name, business address, phone numbers and email address. NFC collects this information so it may answer questions and forward requested information. NFC uses the information it collects from a visitor’s online application or form submittal to fulfill the research or services requested, and this information is not disclosed to non-agent third parties. NFC also uses the information it collects from a visitor for network security purposes and to assess the usage of its Website to determine the areas of its Website that are most frequently visited. This information is used to assist NFC in protecting its Website and network and in making the site more useful to its visitors. NFC does not sell or share this information with non-agent third parties. NFC may, however, disclose relevant information to authorities or other non-agent third parties regarding abusive or unauthorized activity taking place on its network or sites, or in the event of a legal obligation such as a subpoena or court order. NFC may also collect anonymous information concerning website users through the use of "cookies" in order to provide better customer service. "Cookies" are small files that websites place on users' computers to identify the user and enhance the website experience. None of this information is reviewed at an individual level. Visitors may set their browsers to provide notice before they receive a cookie, giving the opportunity to decide whether to accept the cookie. Visitors can also set their browsers to turn off cookies. If visitors do so, however, some areas of NFC websites may not function properly.

None of NFC's websites are directed toward children. Nevertheless, NFC is committed to complying with applicable laws and requirements, such as the United States' Children's Online Privacy Protection Act ("COPPA").

NFC website users have the option to request that NFC not use information previously provided, correct information previously provided, or remove information previously provided to NFC. Those that would like to correct or suppress information they have provided to NFC should forward such inquiries to:

NFC Worldwide Solutions, LLC
Address: 200 Lakeside Drive, Suite 250, Horsham, PA 19044
Attn: Tim Tangye, Chief Security Officer
Phone: (215) 657-0800
E-Mail: privacy@nfcglobal.com

The inquiries should include the individual's name, address, and other relevant contact information (phone number, email address). NFC will use all reasonable efforts to honor such requests as quickly as possible.

NFC websites may contain links to other "non-NFC" websites. NFC assumes no responsibility for the content or the privacy policies and practices on those websites. NFC encourages all users to read the privacy statements of those sites; their privacy practices may differ from those of NFC.

CHANGES TO THIS PRIVACY POLICY

The practices described in this Policy are current personal data protection policies. NFC reserves the right to modify or amend this Policy at any time consistent with the requirements of the DPF Principles. Appropriate public notice will be given concerning any such revisions.

In order to access NFC's website, you must first agree to be bound by this Privacy Policy and the Terms of Use.

NFC Worldwide Solutions shall have the right, at its sole discretion, to modify, add or remove any terms or conditions of this Privacy Policy without notice or liability to you. Any changes to this Privacy Policy shall be effectively immediately following the posting of such changes on this website. The most recent version of this Privacy Policy may always be found at https://www.nfcglobal.com/privacy-policy/. You agree to review this Privacy Policy from time to time and agree that any subsequent use by you of this website following changes to this Privacy Policy shall constitute your acceptance of all such changes.