Privacy

EU-U.S. Data Privacy Framework Policy

Updated: October 3, 2023

Guidepost Solutions LLC (“Guidepost Solutions” or “we”) offers global investigations, compliance, monitoring, and security and technology consulting solutions for clients in a wide range of industries.  Our address is 260 Madison Avenue, Third Floor, New York, NY 10016.

We regard the privacy of individuals and the confidentiality of our clients’ business activities to be essential to our values as a company.

This EU-U.S. Data Privacy Framework Policy (the “Framework Policy”) describes how Guidepost Solutions collects and uses personal data we receive from within European Union (“EU”) member countries and the United Kingdom under the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”).  We will comply with the requirements of the EU-U.S. Data Privacy Framework Principles as explained in more detail below.

This Framework Policy covers Personal Data, including Sensitive Data, which we receive from within the EU and the United Kingdom in the course of conducting investigations of individuals on behalf of our clients.  The terms Personal Data and Sensitive Data mean information about an identified or identifiable individual as those terms are defined in the EU-U.S. Data Privacy Framework Principles. To learn how Guidepost Solutions collects and uses personal data collected through its company website, www.guidepostsolutions.com, please see our website privacy policy.

The Federal Trade Commission has jurisdiction over Guidepost Solutions with respect to its compliance with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”) and the UK Extension to the EU-U.S. DPF.

CHANGES TO THIS POLICY

Guidepost Solutions may update this Framework Policy at any time so long as the changes are consistent with the Data Privacy Framework Principles and any other terms of our certification under it.  We will post the effective date of any changes as part of any updated Framework Policy.

THE DATA PRIVACY FRAMEWORK PRINCIPLES

Guidepost Solutions Guidepost Solutions complies with the EU-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. Guidepost Solutions has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Guidepost Solutions is committed to protecting personal privacy. Pursuant to our internal Information Security program and procedures, we regularly train our employees on privacy requirements and the implementation of this Framework Policy. Failure of an employee to comply with this Framework Policy may result in disciplinary action. We regularly review this Framework Policy and our processes to ensure that we are in compliance with the EU-U.S. DPF.

1. Notice

Guidepost Solutions collects and processes Personal Data in the course of conducting investigations and due diligence under contract with its clients (or their legal representatives).

Personal Data we process on behalf of our clients may include, for example, the following: name, date of birth, address, driver’s license, passport, visa or other national identifiers, title at work, or any similar information helpful to correctly identify a subject of investigation and provide the information requested by the client.  We may add personal data from other sources, for example, from an employer’s records, from social media or public databases, court records, or an educational institution.  Subject to applicable law, we may collect court records or certificates related to criminal history or bankruptcies, litigation history, credit history, information related to service in a directorship, or professional licenses and certificates.

We will post a link to this Framework Policy on our website, www.guidepostsolutions.com, and ask our clients to provide either a link to it or its URL on any form from which the client provides notice or seeks consent for us to conduct our investigations on its behalf or to receive data transferred from the EU and the United Kingdom.

To the extent permitted by the EU-U.S. Data Privacy Framework Principles and applicable law, Guidepost Solutions also reserves the right to process Personal Data provided by or collected on behalf of a client without notice or knowledge of individuals involved, including any supplementation of the information through publicly available sources, as we may deem necessary to fulfill our obligations to our clients.

2. Choice

Guidepost Solutions recognizes its duty under the EU-U.S. Data Privacy Framework Principles to give individuals the right of choice before use of Personal Data about them for a purpose materially different from the purposes for which the data was collected or for disclosure to a third party for any use unrelated to those purposes.   We will offer choice if either of those circumstances occurs except as otherwise permitted by the EU-U.S. Data Privacy Framework Principles or applicable law.

3. Accountability for Onward Transfer

Guidepost Solutions may transfer Personal Data we collect and process to companies and individuals acting as agents for the limited purposes of helping us provide services to our clients.  These third-parties may include, for example, vendors that store or process data on our behalf or individual investigators who collect additional Personal Data as described above.   Investigators may disclose limited Personal Data to seek publicly available records, for example, to a court or to an educational institution or, in limited circumstances, to individuals with publicly available knowledge about the individual under investigation.

We obtain contractual assurances that our agents will safeguard Personal Data consistent with this Framework Policy. Examples of appropriate assurances that may be sought from agents include contractual obligations to limit use of the data to defined purposes, to abide by applicable law, to provide reasonable security and to notify us of any breach and to pass the same or similar protections on in any onward transfers.  If we find actual knowledge that an agent is using or disclosing Personal Data in a manner contrary to this Framework Policy, we will take reasonable steps to prevent or stop the use or disclosure. As described in the EU-U.S. Data Privacy Framework Principles, Guidepost Solutions may remain liable for onward transfer of Personal Data covered by the Framework Policy in certain circumstances.

Guidepost Solutions may also disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, to comply with a subpoena for a civil or criminal proceeding or similar legal process, or when we believe in good faith that disclosure is necessary to protect our rights, protect safety, investigate fraud, or respond to a government request.

As a participating organization in the EU-U.S. Data Privacy Framework, the  EU-U.S. DPF Principles require us, in the context of an onward transfer, to have responsibility for the processing of personal data we receive under the EU-U.S. DPF and subsequently transfer to a third party acting as an agent on our behalf. We shall remain liable under the Principles if our agent processes such personal data in a manner inconsistent with the Principles, unless we can prove that we are not responsible for the event giving rise to the damage.

4. Security

Guidepost Solutions will take reasonable and appropriate measures to protect Personal Data in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved and the nature of the Personal Data.  No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot warrant or guarantee its absolute security.

5. Data Integrity, Purpose Limitation and Use

Guidepost Solutions collects and uses Personal Data for the purposes requested by our clients.  Guidepost Solutions will retain a copy of Personal Data compiled on behalf of our clients for as long as we need the data to provide services to those clients. We may also retain and use any Personal Data covered by this Framework Policy as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

6. Access and Correction

Guidepost Solutions recognizes the rights of a person to access Personal Data and to amend that data or request deletion as that right is defined in the EU-U.S. Data Privacy Framework Principles.  Requests for access may be made to Privacy Contact at the address at the end of this Framework Policy.  If, for example, you are aware that your employer has requested us to conduct an investigation of your background or if you have consented to such an investigation by an individual or company, we suggest that you first direct any requests for access to Personal Data directly to the employer or that individual or company.   That company, our client, retains ownership of any Personal Data we have collected on its behalf.  We hold the data subject to legal requirements of confidentiality.

7. Recourse, Enforcement and Liability

In compliance with the EU-U.S. Data Privacy Framework Principles and the UK Extension to the EU-U.S. DPF, Guidepost Solutions commits to resolve complaints about your privacy and our collection or use of your personal data transferred to the United States pursuant to the Data Privacy Framework Principles. EU and UK individuals with Data Privacy Framework inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF should first contact Guidepost Solutions at:  privacyframework@guidepostsolutions.com

or to:

Guidepost Solutions LLC
Attn:  Chief Privacy Officer Allison Spagnolo
260 Madison Avenue, Third Floor
New York, NY 10016

We will endeavor to respond to any such questions or concerns within forty-five (45) days of receipt, as the EU-U.S. Data Privacy Framework Principles require.

Guidepost Solutions has further committed to refer unresolved privacy complaints under the EU-U.S. Data Privacy Framework Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, which is based in the United States and operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers  for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.  For more information, see  https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2

PRIVACY CONTACT

If you have any requests, concerns or questions under this EU-U.S. Data Privacy Framework Policy, please submit them to privacyframework@guidepostsolutions.com

or to:

Guidepost Solutions LLC
Attn:  Chief Privacy Officer Allison Spagnolo
260 Madison Avenue, Third Floor
New York, NY 10016
(202) 499-4330