To Work LLC, comply with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the UK, and Switzerland to the United States.

To Work’s participation in the Data Privacy Framework program applies to all personal information that we receive from the European Union, United Kingdom and Switzerland. To Work collects and receives personal information from the European Union, United Kingdom and Switzerland in connection with client engagements for audit, tax and other professional services and the administration of the client relationship. We also collect and receive personal information related to current, former, and prospective personnel in connection with personnel relationship and/or from other member firms of To Work in connection with employment or internship opportunities. We may also collect personal information from individuals located in the European Union, United Kingdom and Switzerland who voluntarily provide such information through To Work’s Web sites in connection with events or media alerts.  In addition, we may collect personal information regarding third parties, such as service providers and contractors, and their personnel in connection with the management and administration of the business relationships with such third parties.

In some instances, we disclose personal information to third parties in the course of operating our business, including our provision of services to clients and our personnel and business relationships. To Work is responsible for ascertaining that these third parties provide at least the same level of privacy protection as is required by the Data Privacy Framework. If we use a third party service provider, we will remain responsible for the provision of services (including those provided by our third-party service provider) and for the protection of your personal information. If a third party fails the required Data Privacy Framework privacy protections, we may be responsible for such third party’s acts if (i) the third party failed to meet its privacy protection obligations, and (ii) we were responsible for the event giving rise to the damage.

The Federal Trade Commission has jurisdiction over To Work’s compliance with the representations made in this notice and the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework. To Work may be required to disclose personal information to law enforcement, regulatory or other government agencies, or other third parties, in each case to comply with legal, regulatory, or national security obligations or requests.

Individuals have the right to access their personal information, and to correct, amend or delete such information where it is inaccurate or processed unlawfully, as described in the Data Privacy Framework Principles. To exercise these rights, please email us at admin@ToWorkllc.com. We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents or service providers, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit to admin@ToWorkllc.com.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, To Work commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact To Work at admin@ToWorkllc.com.

To Work commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to To Work, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF

Finally, if your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.

This policy may be amended or modified from time to time consistent with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and Swiss-U.S. Data Privacy Frameworks. If there is any conflict between the terms in this Notice and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall govern.  

–