Dwellworks, LLC and its subsidiaries and affiliates (together, “Dwellworks”) are committed to transparency in the way we collect, process, share, and store your personal information within our environment. Dwellworks is aware of the recent Schrems II ruling and its implications on the U.S.-E.U. Privacy Shield. We are diligently reviewing our privacy practices and transfer mechanisms in light of this, but nevertheless remain devoted to handling your data in an ethical and secure manner, including:
- Processing your data only when Dwellworks is fulfilling a contract or has a legitimate interest;
- Mandating by contract that all processors and subprocessors adhere to GDPR requirements;
- Ensuring that any data transfers are encrypted in transit;
- Storing your data on encrypted servers and networks with separate recovery sites;
- Performing frequent penetration and firewall testing; and
- Undergoing yearly security audits.
Dwellworks will continue to monitor guidance from authorities and stay closely aligned with these developments while adjusting our practices accordingly
Effective Date: May 25, 2018
Updated: July 15, 2020
This Policy applies to:
- Dwellworks, LLC;
- Dwellworks Destination Services, LLC;
- Dwellworks Property Advising Services, Inc;
- Dwellworks Property Advisors, LLC dba Station Cities; and
- Dwellworks Residential Services, LLC (together referred to as "Dwellworks").
For all other purposes, this Policy applies to all affiliated entities of Dwellworks including:
- Dwellworks GmbH;
- Dwellworks Relocation Services Ireland Limited;
- County Homesearch International Limited;
- Dwellworks Hong Kong Limited;
- Dwellworks Canada, Inc.;
- Dwellworks Costa Rica Ltda.;
- Dwellworks Mexico S. de R.L. de C.V.;
- Dwellworks Australia Pty. Ltd.;
- Dwellworks Netherlands B.V.; and
- Dwellworks Living Pte. Ltd.
Purpose and Scope
This Policy lays out the general data protection principles utilized by Dwellworks and general rights granted to you under GDPR. For more specific information regarding your data and rights, please see our Privacy Notice. If you are a California resident, you may have additional rights under the California Consumer Privacy Act.
Due to the global nature of the mobility industry and Dwellworks’ business operations, the transfer of personal data across national borders may occur. Dwellworks respects and strives to protect the privacy of its supply chain partners and transferees. Personally identifiable information and sensitive personal data that identifies or describes a living person (hereinafter “Personal Data”) which is collected, used, or disclosed by or on behalf of Dwellworks is protected in accordance with the laws of the countries in which Dwellworks operates.
This Policy applies to Personal Data of transferees and to Personal Data of any other individuals (such as business contacts and supply chain partners) other than employees (including applicants for employment and former employees) of Dwellworks (“you”). This Policy also applies to Personal Data received by Dwellworks in any format, including electronic, paper, or verbal.
For the purposes of the General Data Protection Regulation (EU 2016/679) (“GDPR”) in the European Union, Dwellworks will be a “Data Processor” of Personal Data relating to transferring individuals which is obtained and processed in the course of providing relocation services to its corporate customers. Dwellworks will be a “Data Controller” of Personal Data relating to its supply chain partners and relating to transferring individuals which is obtained and processed in the course of providing relocation services directly to such transferring individuals.
Types of Data Collected
Personal Data collected by Dwellworks is limited to information necessary to conduct business. Personal Data collected includes but is not limited to: name, address, government identification number (i.e., social security number, national identification number, tax payer identification number, passport information, driver's license), date of birth, phone number, email address, Office of Foreign Assets Control (“OFAC”) information, financial information and bank account information.
Dwellworks will inform individuals about the purposes for which it (in its own capacity or on behalf of a corporate customer, where relevant) collects and uses Personal Data, the types of third parties or agencies to which it discloses such information, and the choices which Dwellworks (in its own capacity or on behalf of a corporate customer, where relevant) offers to limit the use and disclosure of Personal Data.
The sharing of Personal Data by Dwellworks with its network of third-party suppliers of relocation-related services is necessary for the purpose of providing relocation services to its customers and their transferring employees. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Data or as soon as practical thereafter.
If Dwellworks receives Personal Data from its subsidiaries, affiliates or other entities in the EEA or Switzerland, it will use and disclose such Personal Data in accordance with the notices provided by such entities.
Dwellworks offers individuals the opportunity to opt out of disclosing their Personal Data to a third party or to consent to the use of the information by Dwellworks for a purpose other than which it was originally collected or subsequently authorized. For sensitive data (which includes health data and other types of data classified as special categories of personal data under the GDPR), Dwellworks offers individuals the opportunity to affirmatively and explicitly consent to the disclosure of the information to a third party or to the use of the information by Dwellworks for a purpose other than which it was originally collected or subsequently authorized.
Dwellworks will only transfer Personal Data to a service provider, vendor or other third party acting as a processor (or sub-processor) of Personal Data for Dwellworks where that party has provided assurances that it provides at least the same level of privacy protection as is required by this Policy. Where Dwellworks becomes aware that a party is using or disclosing Personal Data in a manner contrary to this Policy, Dwellworks will take reasonable and appropriate steps to prevent or stop the use or disclosure of that Personal Data.
On occasion, Dwellworks may be required to share personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Dwellworks takes reasonable steps to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction. These precautions include but are not limited to password protections for online systems and restricting access to Personal Data to the legal department or to their relocation consultant for transferees. Individuals who have access to Personal Data are aware of their responsibilities to protect the security, confidentiality and integrity of the information.
Data Subject Rights
Under the GDPR, CCPA, and elsewhere (as applicable), Personal Data is protected by legal rights, which include individuals' rights to request access to or amendment of their Personal Data, to request erasure of their Personal Data, to object to processing of their Personal Data, to require restriction of processing of their Personal Data, to request the transfer of their Personal Data to another party or to withdraw consent at any time where Dwellworks are relying on consent to process such Personal Data. Where Dwellworks is a data controller, Dwellworks will respond to any request from an individual to exercise any such right within one month. Where Dwellworks is a data processor, Dwellworks will forward any request from an individual to exercise any such right to the relevant data controller (being the applicable corporate customer).
Under the GDPR, CCPA, and elsewhere (as applicable), individuals shall have the right to make a complaint about Dwellworks' use of their Personal Data to a relevant supervisory authority for data protection matters. If you would like to exercise your rights under GDPR or CCPA, please complete the form located in the “Contact Us” section.
Transferees can access their Personal Data and can correct or amend it if it is inaccurate or incomplete. Subject to applicable data protection laws, Dwellworks reserves the right to deny or limit access in cases where the burden or cost of providing access would be disproportionate to the risks to the individual’s privacy. Any Dwellworks transferee or other individual that wants to review or update their Personal Data can do so by contacting us using the information below.
Dwellworks will use Personal Data only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. Dwellworks will take reasonable steps to ensure that Personal Data is reliable, complete, accurate, and current. All transferees or other individuals are asked to inform human resources or their consultant respectively immediately in the event of changes in Personal Data.
Enforcement, Verification, & Dispute Resolution
Associates and supply chain partners who violate data privacy rules may be subject to potential civil and/or criminal liability. Dwellworks conducts periodic reviews of its privacy practices to verify adherence to this Policy and the Privacy Shield principles. This Policy may be updated occasionally to reflect changes to Dwellworks’ privacy practices.
Transferees and others whose Personal Data is handled by Dwellworks should contact Dwellworks if there is reason to believe that the security of their Personal Data has been compromised. Dwellworks will investigate and attempt to resolve complaints regarding use and disclosure of Personal Data. Where necessary under applicable data protection laws, Dwellworks will report any misuse or other personal data breach to the relevant regulatory authorities.
For any complaints that cannot be resolved with Dwellworks directly, Dwellworks has selected the ICDR/AAA as its Independent Recourse Mechanism in relation to such unresolved complaints (as further described in the Privacy Shield Principles). The link to the ICDR/AAA for making complaints is as follows: http://go.adr.org/privacyshield.html. Dwellworks will provide, at no cost to the individual, the services of the ICDR/AAA by which the individual's complaint or dispute will be investigated and expeditiously resolved. A binding arbitration option will also be made available to the individual in order to address residual complaints not resolved by any other means. Dwellworks is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
If you have any questions or comments about this Notice or wish to exercise your rights privacy rights, please do not hesitate to contact us at:
Phone: 1800 399 2626
Application: Data Subject Access Request & Request for Erasure: https://www.dwellworks.com/media/2066/dwellworks-data-subject-access-request-request-for-erasure-policy.pdf
Data Protection Officer Germany: www.datenschutz-stalla.de
Data Protection Officer EU/UK: email@example.com
Attn: Compliance Office
1317 Euclid Avenue
Cleveland, OH 44115 USA
Dwellworks will respond to complaints or inquiries within a reasonable time but in any event, no later than one month after such complaint or inquiry.
Declarations Regarding the Privacy Shield
For the purposes of this Policy, references to "Privacy Shield" shall be references to the EU-US Privacy Shield Framework and to the Swiss-US Privacy Shield Framework, as applicable, and references to "Privacy Shield Principles" shall be references to the applicable privacy principles contained within the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework respectively.
Before sharing Personal Data concerning a resident of the EU (or EEA) or a resident of Switzerland with a third party, Dwellworks will verify that the third party holds Personal Data in a manner consistent with this Policy, and certifies compliance with the European Union’s and Switzerland's data protection laws and with the Privacy Shield requirements. In particular, Dwellworks will ensure that Dwellworks will only transfer such Personal Data to third parties in countries that have been deemed to provide an adequate level of protection for personal data by the European Commission, or to third parties who have signed specific contracts approved by the European Commission which give personal data the same protection it has in the EU or to third parties based in the United States if they are also part of the Privacy Shield.
Dwellworks' participation in the Privacy Shield applies to all Personal Data that is received from the European Union, European Economic Area or Switzerland. Dwellworks will comply with the Privacy Shield Principles in respect of such personal data.
Dwellworks’ accountability for Personal Data that it receives under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Dwellworks remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the Personal Data on its behalf do so in a manner inconsistent with the Privacy Shield Principles, unless Dwellworks proves that it is not responsible for the event giving rise to the damage.