Data Privacy Framework

Data Privacy Framework (“DPF”)

Hogan Assessment Systems, Inc. (“Hogan”) complies with the EU-U.S. Data Privacy Framework program (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. Hogan has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework program Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom (including Gibraltar) in reliance on the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

There are instances where Hogan is processing personal information on behalf of another company, such as your employer (i.e. a Controller). As a Processor or Sub-Processor in these instances, Hogan can only process your data on their instructions. See this page for more information: https://www.hoganassessments.com/privacy-policy/gdpr-compliance/.

Notice: When Hogan collects personal information as a Controller, we’ll give you timely and appropriate notice describing what personal information we’re collecting, how we’ll use it, and the types of third parties with whom we may share it.

Choice: As a Controller of data, Hogan gives you choices about the ways we will use and share your personal information, and we’ll respect the choices you make. If Hogan were to ever engage in any onward transfers of your data with third parties other than our agents or affiliates, we would provide you with an opt-out choice to limit the use and disclosure of your personal data. Please contact privacy@hoganassessments.com with any questions or requests regarding your personal information.

Onward Transfer: Hogan will not disclose your information to unaffiliated third parties without first obtaining your permission or upon instruction of the Controller or Processor, unless of course it’s to meet national security or law enforcement requirements. Hogan remains liable under the DPF Principles if a third party processes Personal Data covered by this policy in a manner inconsistent with the DPF Principles, except where Hogan is not responsible for the event giving rise to the damage.

Security: Hogan takes appropriate physical, technical, and organizational measures around security, availability, processing integrity, and confidentiality to protect personal information from loss, misuse, unauthorized access or disclosure, alteration or destruction.

Data Integrity and Purpose: Hogan takes appropriate steps to make sure the personal information in our records is accurate. Hogan collects only as much personal information as we need for specific, identified purposes, and we won’t use it for other purposes without obtaining your consent.

Retention: Hogan keeps your personal information for as long as required to fulfill the purposes for which it was collected, until a data deletion request is received, or as permitted by law.

Access: Hogan acknowledges that individuals have the right to access the personal information that we maintain about them. Hogan provides ways for you to access your personal information so you can correct inaccuracies. Simply send an email to privacy@hoganassessments.com and we will respond in a reasonable time. When Hogan is processing personal information on behalf of a Processor or Controller, we must first procure permission from that party.

Sharing of Information: Hogan is committed to maintaining a healthy relationship with our customers and values the information provided on its online platforms. Hogan occasionally engages with other companies to provide services on our behalf. Examples include distributors, partners, or vendors who provide hosting, technical support, marketing, or payment processing. Personal information may be shared with these companies; however, we will only share your information to accomplish the purposes for which it was collected. These third parties are contractually required to maintain the confidentiality of your information and are contractually prohibited from using that information for any purpose not defined in the contract. Hogan will never share, sell, or rent your personal information to third parties for promotional use.

Hogan may disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims, legal process (including subpoenas), to protect the property and rights of Hogan or a third party, the safety of the public or any person, to prevent or stop any illegal, unethical, or legally actionable activity, or to comply with the law.

Hogan may also be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

Independent Recourse: In compliance with the EU-U.S. DPF, Hogan commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF or the UK Extension to the EU-U.S. DPF, should first contact Hogan at privacy@hoganassessments.com.

Additionally, in compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Hogan commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF to BBB National Programs Data Privacy Framework Services, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information or to file a complaint.

The services of BBB National Programs Data Privacy Framework Service are provided at no cost to you. If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2. Hogan participation in the EU-U.S. DPF is subject to investigation and enforcement by the Federal Trade Commission.