Our Commitment to Data Protection Regulations

Allegis Group, Inc. and its affiliated entities (“Allegis Group”) have made compliance with Data Protection Regulations (“DPR”) a top priority. Allegis Group has a dedicated global privacy program committed to respecting the privacy rights of individuals who entrust personal data to us. 

Data Protection Regulations, such as the General Data Protection Regulation (GDPR), California Privacy Right Act (CPRA) and all other US privacy laws, Personal Information Protection and Electronic Documents Act (PIPEDA), Australia’s Privacy Act, ePrivacy Regulations (ePR), China's Personal Information Protection Law (PIPL), and the Philippines’ Data Privacy Act, regulate the collection, handling, use and storage of personal data. Data Protection Regulations increase the obligations on organizations who collect or process personal data.

Allegis Group’s Data Protection Readiness Effort

At Allegis Group, we are committed to ensuring the responsible and secure collection, use and sharing of personal data. We are diligently working to develop, improve and maintain systems and processes to be compliant with various DPR with our Global Privacy Office leading our efforts

About the Allegis Group Global Privacy Office

The Global Privacy Office’s mission is to support Allegis Group’s (including all operating companies) commitment to the appropriate collection, use and sharing of personal data. The Global Privacy Office has key leaders in the United States, EMEA and APAC that coordinate with our Global Privacy Officer, who is designated as a Fellow of Information Privacy (FIP). Our Global Privacy Officer is also AIGP, CIPPUS, CIPP-C, CIPP-E and CIPM certified through IAPP. Additionally, each of our operating companies has a dedicated Privacy Analyst who assists with the implementation of the DPR readiness strategy in partnership with the Global Privacy Office. Each member of the team brings their subject matter expertise, including numerous IAPP certifications and deep knowledge of their respective businesses. Additionally, Allegis Group has a centralized Global Data Protection Oversight Committee that regulary meets and is comprised of its most senior leaders within Privacy, Legal, Human Resources, Finance, Compliance, Marketing, Strategy, Information Services, Information Security, and Data Governance to oversee the company’s global privacy initiatives. 

Our DPO Network

Allegis Group appoints Data Protection Offices in all jurisdictions where it is required by DPR.

Our Data Protection Officer (DPO) under GDPR is Lillian Pang. Lillian Pang is an IAPP member and designated as a Fellow of Information Privacy (FIP). Lillian is also CIPP-E and CIPT certified. Lillian has worked in the data privacy field for over 10 years and worked for a global technology company as Vice President and Group Chief Privacy Officer. Lillian also has in-house counsel experience with the staffing industry and therefore has a strong understanding of our industry and our services. Lillian is based in London. Where required by applicable DPR, we appoint other DPO’s, for example we have appointed a DPO for Germany, Switzerland, Canada, New Zealand, Singapore and the Philippines. Allegis Group is also proud to be an IAPP Gold Sponsor as well as an IAPP Foundational Supportor for AI. 

Allegis Group’s Data Protection Readiness Program

The Global Privacy Office is actively developing, improving and implementing its initiatives to make sure Allegis Group is compliant with the ever evolving DPR. Allegis Group’s Global Privacy Office is approaching DPR Readiness through its commitment to its “Top 10 DPR Initiatives,” which include:

	Understanding Our Data – Data Mapping and Justifications for Processing Completion of data mapping exercises, including justifications for processing (where required) Completion of our Article 30 records of processing activities under GDPR Understanding where we “sell” personal data under CCPA			Data Transfers Ensuring we are maintaining viable means for transferring personal data, including maintaining a Global IntraGroup Data Transfer Agreement, based on the EU model clauses and Article 28 of GDPR, maintenance of our Data Privacy Framework certification, and executing model clauses where needed with customers and suppliers for the EU and Switzerland and standard contractual clauses as required in China
	Data Breach Reporting Ensuring our privacy and security incident response process is prepared to respond within various DPR deadlines			Data Minimization Ensuring that Allegis Group collects and keeps only data that is necessary for its legitimate business interests
	Contracts – Customers and Suppliers Implementing DPR compliant provisions in our contracts with our customers and suppliers Conducting due diligence on our suppliers through questionnaires and, where appropriate, on-site or other forms of audit Complying with due diligence as required by our customers when we act as a supplier			Information Security Partnering closely with our Information Security team to implement appropriate technical and organizational measures to protect personal data, including looking for opportunities to enhance the use of anonymization, pseudonymization and encryption
	Training and Awareness and Appointment of Data Protection Officer Appointment of Lillian Pang as Data Protection Officer under GDPR and appointments of DPOs across the globe where required Online and in-person trainings across the business to promote privacy awareness and teach key privacy principles			Privacy in Day-to-Day Operations/ Privacy by Design and DPIA Undertaking Data Privacy Impact Assessments (DPIAs) and Privacy Impact Assessments (PIAs) and other privacy assessments where appropriate across the business Partnering with our Privacy and Protection team within IS for Privacy by Design Educating areas of the business (e.g., HR, Marketing, Procurement) on the meaning of privacy for their function in day-to-day operations
	Data Subject Rights and Consent/ Preference Management Implementing a repeatable, scalable process and set of procedures for handling data subject rights requests Obtaining and adhering to consents and preferences expressed by data subjects as well as respecting all opt-out rights (e.g. opt-out from sales)			Privacy Notices Updating and distributing all privacy notices to remain in compliance with DPR

Our Services – When We Act as a Controller/ Business and/or Processor/Service Provider

Understanding the role that you play as either a Controller/Business or Processor/Service Provider is an important component of DPR. While each regulation has specific nuances, the following outlines our stance under each of GDPR and CCPA with regards to our service offerings.

Controller/Business: Determines the means and purposes of the processing of Personal Data (the “how” and the “why”) 

Processor/Service Provider: Processes Personal Data on behalf of the Controller/Business 

Allegis Group has conducted an analysis to identify the role it plays for many of our service offerings as explained in the chart below:

For each of our service offerings, we have developed data protection language that is compliant with DPR that we have ready for use with any customer engagement. We closely monitor developments related to DPR for how they impact our services and therefore the appropriate data protection language to utilize in contacts. We will continue to improve our language in response to guidance, including for example, the guidance provided by the European Data Protection Board (Guidelines 07/2020 on the concepts of controller and processor in the GDPR).

Transferring Personal Data

Allegis Group is committed to responsibly and lawfully transferring personal data while performing our services that involve data subjects from many different countries and regions. Allegis Group has the following mechanisms in place, for example, to handle transfers of personal data that involve data subjects from the EEA, UK and/or Switzerland as well as China.

Model Clauses  We make use of the EU Model Contract Clauses and the China Standard Contractual Clauses (China SCC's) for tranfers from China as appropriate with our business partners.

Intra-Group Data Transfer Agreement We have an Intra-Group Data Transfer Agreement based on the new EU Model Clauses that also includes the appropriate provisions required under GDPR to cover personal data transfers between and among our businesses globally.

We are EU-US, UK-US and Swiss-US Data Privacy Framework certified and have been since the inception of the Privacy Shield Framework. Please see our Privacy Shield certification here. Prior to our DPF certification, we were certified under Safe Harbor from 2010-2015. In light of the recent judicial decision (Case C-311/18 Data Protection Commissioner v Facebook Ireland Limited and Maximillian Schrems (called “Schrems II”), we no longer rely on the Privacy Shield Framework to transfer data from the EU or Switzerland to the US. However, for over a decade we have built a strong privacy program to comply with these frameworks as part of our DPR readiness efforts and continue to benefit from the rigor of data protection requirements present in a framework like Privacy Shield. In addition, continuing to be part of the Framework provides a mechanism enabling individual complaints to be administered and addressed and the ability for EU data subjects to invoke arbitration in all cases where the action or inaction of the competent U.S. authorities (for instance the Federal Trade Commission) has not satisfactorily resolved their complaints.

We ensure an adequate transfer mechanism is in place when our suppliers are processing personal data outside of the EEA, UK, Switzerland or China.

As the global leader in talent solutions, we take pride in what we do, connecting great people to great opportunities, helping businesses win and careers soar. Today, with $12.3 billion in revenues and 500+ global locations, Allegis Group and its network of specialized companies provide a full suite of complementary talent solutions that solves nearly every workforce challenge to empower business success while consistently delivering an unsurpassed quality experience. Our companies include Aerotek; TEKsystems; Aston Carter; Allegis Global Solutions; Major, Lindsey & Africa; MarketSource; EASi; The Stamford Group; and Getting Hired. 

Visit AllegisGroup.com to learn more.