Contact 888-799-7976 | Contact

Speak to an Expert Request demo

888-799-7976

Contact

Home Privacy Statement

PRGX Global, Inc.

PRGX Global, Inc. and its affiliates and subsidiaries (collectively referred to in this Statement as “PRGX”, “we”, “our”, or “us”) are committed to respecting and protecting the privacy of individuals with whom we come into contact, including our employees, our clients and their suppliers and vendors, our suppliers and vendors, our investors and those individuals who browse and use our websites. We believe in protecting individual rights with respect to the privacy of their Personal Data.

This Privacy Statement (“Statement”) governs our collection, use, disclosure and processing of Personal Data that we collect and process about our clients, our suppliers and vendors, our investors and individuals who browse and use our websites (collectively referred to in this Statement as “you” or “your”). In addition, we may also receive Personal Data from our clients to perform services on their behalf and from other third parties as described in this Statement.

This Statement may be updated from time to time to reflect changes in our Personal Data practices, and we will post a prominent statement on our website to notify you of any significant changes and highlight the changes in the Statement. This Statement may also be supplemented by differing terms that apply to you, such as specific client contracts.

PRGX subsidiary, PRGX USA, Inc. (“PRGX USA”), complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the United Kingdom (UK) Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce (collectively, the “DPF Principles”). PRGX USA certified to the U.S. Department of Commerce that it adheres to the DPF Principles with regard to the processing of personal data received from the European Union (EU) in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this Statement and the DPF Principles, the DPF Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit the Data Privacy Framework Website. PRGX USA’s affiliates, PRGX Global, Inc., Lavante, Inc., and PRGX Commercial LLC, are covered entities under such certification.

1. DEFINITIONS

Personal Data (“Personal Data”) is information that pertains to or is about any individual or is capable of being associated with or can be linked to or used to identify that individual. Personal Data does not include information that is encoded or publicly available information that has not been combined with non-public Personal Data. Personal Data does not include information that pertains to or is about a specific individual, but from which that individual could not reasonably be identified. Without prejudice to the foregoing, with respect to information under the territorial scope of applicable data protection laws of the EU or the UK, “Personal Data” is any information relating to an identified or identifiable natural person.

Sensitive Personal Data (“Sensitive Personal Data”) means Personal Data that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or that concerns health or specifies sex life.

Without prejudice to the foregoing, with respect to Personal Data under the territorial scope of applicable data protection laws of the EU or the UK, “Sensitive Personal Data” is any information as described in the definition above and also includes data concerning sexual orientation, genetic data and biometric data for the purpose of uniquely identifying a natural person.

2. INFORMATION WE COLLECT

We collect Personal Information in a variety of ways through our normal business activities, in both online and offline contexts. This includes, for example, when you communicate and interact with us, including when you participate in events, register for webinars, submit website contact forms, opt-in or request information from PRGX, register as a user on our website or web-based software-as-a-service-based applications, or visit and use our websites. We may also receive Personal Information from third parties, including public databases, social media platforms, trade-show lists, sponsorships, or third-party partners such as analytics or marketing providers. In the normal course of activities, we may collect the following types of Personal Information:

• Contact information that allows us to communicate with you, such as your name, job title, age and prefix, username, mailing address, tax identification number, telephone numbers, email address or other addresses that allow us to send you messages, company information and registration information you provide on our website.

• Relationship Information that helps us do business with you, such as the types of products and services that may interest you, contact and product preferences, languages, creditworthiness, marketing preferences and demographic data.

• Transaction Information about how you interact with us, including purchases, inquiries, customer account information, order and contract information, delivery details, billing and financial data, details for taxes, transaction and correspondence history, and information about how you use and interact with our websites.

• Security and Compliance Information that helps us to secure our interests, including information for conflict checks, fraud prevention and internal verification, as well as information necessary for the security of our premises, such as visual or audio recordings.

We do not knowingly collect Sensitive Personal Information about you except when this is provided by you on a voluntary basis.

We may also receive and process third-party Personal Information from and on behalf of our clients to perform our services (please refer to Section 4 of this Statement if you would like to find out how we protect this Personal Information).

Please note: Personal Information of our job applicants and employees is protected by the PRGX Employee Privacy Statement that is readily available on career sites that collect applicant Personal Information, and for employees, on Connexa, PRGX’s intranet site.

3. HOW WE USE YOUR PERSONAL DATA

We take reasonable steps to ensure that the Personal Data we process is reliable for its intended use, is accurate, up-to-date and complete, and is limited to the Personal Data required to carry out the purposes of the processing, as described in this Statement. Where appropriate, we may ask you to ensure that your Personal Data that we hold is accurate and up to date.

When we collect Personal Data, our use and processing of your Personal Data is limited to the following legal bases and purposes:

To Provide Our Services: managing our contractual obligations, including interacting with you, fulfilling your orders for products or services and related activities, such as product and service delivery, customer service, account and billing management, support and training and to provide other services related to the contract you have with us.
To Comply with Our Legal Obligations: corporate governance, audit, reporting and legal compliance and the establishment, exercise or defense of a legal claim.
For Other Legitimate Business Purposes: managing our everyday business needs, such as payment processing and financial account management, product development, contract management, website administration, fulfillment, consumer research, trend analysis, financial analysis and other customary internal purposes, such as anonymous benchmarking, reporting or quality assurance purposes and marketing and to ensure the security of our websites, networks and systems, and premises, as well as protecting us against fraud.
Based on Your Consent: managing your ongoing relationship with us, including interacting with you, informing you about our products or services that may be of interest to you, as well as special offers and promotions.

When you visit our websites, otherwise request us to provide a service or decide to enter into agreement with us, we will notify you when information is required to provide our services, enter into agreement or as required by law, upon which you may decide to provide us with your Personal Data or not. Where your Personal Data is required, we may be unable to provide you with our services or enter into agreement with you unless you provide us with the relevant information.

4. HOW WE PROTECT PERSONAL DATA WE PROCESS ON BEHALF OF OUR CLIENTS

PRGX is a business-to-business information and professional services firm that collects and processes transactional client data for improving clients’ financial performance by reducing costs, improving business processes and increasing profitability. PRGX’s recovery audit and contract compliance services include the processing of source-to-pay transactional data (e.g., accounts payable data, vendor file information, and line item/product data) and supplier contracts to identify client overpayments made to their third-party suppliers. PRGX’s data intelligence services include the processing of data using software tools that provide insights into product and supplier performance, working capital, and spend savings opportunities and that streamline supplier deduction dispute processes.

We process this data on behalf of our clients to perform the requested services. This data may contain Personal Data in limited circumstances, such as business contact information in an invoice or email or when a client’s third-party supplier happens to be a sole proprietor. Personal Data of these individuals is used and processed as instructed by our clients for the requested services in accordance with client contractual requirements. In any event, with respect any Personal Data that we process in connection with the provision of our services, unless otherwise set forth in our client contracts, we act in the capacity as a data processor, meaning we collect and process this Personal Data only as instructed by our clients, which act as the data controller and determine the purposes and means of the processing of such Personal Data.

We do, however, maintain information security controls to protect this Personal Data and will only disclose or transfer this information as instructed by or agreed upon with our client to provide the requested service. Unless otherwise instructed by our clients, we treat the Personal Data we process on behalf of our clients in line with our commitments on disclosure and transfer as set forth in this Statement.

5. DISCLOSURES OF PERSONAL DATA

We may disclose Personal Data collected by or provided to us to the following recipients:

our affiliated companies (including our subsidiaries and branches) for purposes stated in this Statement;
to third-party service providers, such as agents and contractors, for customary business purposes or for facilitation or improvement of the services we provide to our clients;
to third-party vendors, whom we contract with for specific purposes;
to public authorities in response to lawful requests to meet national security or law enforcement requirements;
where needed to protect our legal rights;
to a newly formed or acquiring organization if PRGX is involved in a merger, sale or transfer of some or all of its business;
where otherwise required by law;
where permitted by law, such as with your consent or in the event of an emergency; or
at the request of an individual client, to a third-party agent for additional services, as arranged by the client.

In all circumstances, we complete a screening process in which we validate that the third party has appropriate technical, administrative, and physical controls in place to protect the security, confidentiality, and integrity of Personal Data. In addition, we ensure that appropriate contracts are reviewed and executed to ensure adequate controls around confidentiality, limited use, proper disposal, and retention of Personal Data.

6. ACCOUNTABILITY FOR ONWARD TRANSFERS

PRGX may perform services, including the processing of Personal Data, using one or more of its worldwide affiliates (wholly-owned PRGX company group entities), including those based in the United States (“U.S.”), the UK, EU member states, APAC, and LATAM, unless otherwise prohibited by client contractual requirements.

As such, in case your Personal Data originates from the European Economic Area (“EEA”) or the UK, this may include transferring Personal Data outside the EEA or the UK to locations in the U.S. and other countries that have different data protection laws than those in the country of origin and that may not have been granted an adequacy decision by the European Commission or the Information Commissioner’s Office in the UK.

In this regard, for any such Personal Data subject to EEA or UK data protection laws, PRGX takes measures designed to provide the level of data protection required in the EEA and UK, including ensuring onward transfers are governed by the requirements of the DPF Principles, the Standard Contractual Clauses adopted by the European Commission, including the UK addendum thereto, or another adequate transfer mechanism. PRGX entities have also entered into intragroup Standard Contractual Clauses which allows for the processing and onward transfer of Personal Data outside of the EEA and UK.

PRGX remains liable under the DPF Principles if its agents process Personal Data covered by this Statement in a manner inconsistent with the DPF Principles, except where PRGX is not responsible for the event giving rise to the damage.

For further information, please contact us through the “How to Contact Us” section below.

7. SECURITY AND DATA INTEGRITY

PRGX is committed to protecting the privacy, confidentiality, and security of the data that is provided to us, including Personal Data, through a combination of technical, physical and administrative controls, including internal policies, practices and procedures.

We apply appropriate technical, physical and organizational measures that are reasonably designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access where Personal Data is transferred over a network, and against all other unlawful forms of processing. Access to Personal Data is restricted to authorized recipients on a need-to-know basis. We maintain a comprehensive information security program that is proportionate to the risks associated with the processing. The program is continuously adapted to mitigate operational risks and to ensure the protection of Personal Data taking into account industry-accepted practices. We will also use enhanced security measures in case we process any Sensitive Personal Data.

PRGX’s privacy and security framework is based on ISO 27001 standards and, as such, we have a strong focus on establishing, maintaining, and continuously improving information security management systems and identifying, analyzing, and addressing information security risks. The ISO 27001 standards cover all aspects of security including physical protection of equipment and people, hiring practices, employee training, network security, and access controls. This framework combined with regular monitoring and testing of controls, allows us to ensure that appropriate levels of data confidentiality, integrity, and availability are maintained.

8. DATA RETENTION

We will retain your Personal Data only for as long as necessary to achieve the purposes outlined in this Statement, usually for the duration of any contractual relationship, if necessary to provide our services and for any period thereafter as legally required or permitted by applicable law. This means that, in some cases, we may be required to retain your Personal Data for a period following termination of your relationship with us. Our retention policies reflect all applicable domestic and international law, including relevant statute of limitation periods and other legal requirements.

9. COOKIES

Cookies may be used on some pages of our sites. In many cases, the information we collect using cookies and other tools is only used in a non-identifiable way, without any reference to Personal Data. For example, we use information we collect about all website users to optimize our websites and to understand website traffic patterns. In some cases, we do associate the information we collect using cookies and other technology with your Personal Data. This Privacy Statement applies to the collection and use of any Personal Data that is obtained using cookies and otherwise.

What is a cookie?

A cookie is a text file unique to you that is related to your computer or mobile device and that can be picked up by a server, allowing a website to pick up things such as your preferences, what is in your shopping basket or that allows the website to recognize you when you return. This information helps a website to dynamically generate web content and design web functionality specifically for its users and enables it to provide you with a customized experience each time that you visit.

What types of cookies does PRGX use?

Most common technologies such as cookies, pixel tags, browser analysis tools, server logs and web beacons are used on most PRGX websites. Pixel tags and web beacons are tiny graphic images placed on website pages or in emails that allow us to determine whether you have performed a specific action. When you access these pages, or open or click on an email, the pixel tags and web beacons generate a statement of that action. These tools allow us to measure response to our communications and improve our web pages and promotions.

How do we collect information using cookies?

We collect many different types of information from cookies and other related technologies. For example, we may collect information from the device you use to access our website, your operating system type, browser type, domain, web page visits, web form fills, content clicks/view, email opens/clicks and other system settings, as well as the language your system uses and the country and time zone where your device is located. Our server logs may also record the IP address assigned to the device you are using to connect to the Internet. An IP address is a unique number that devices use to identify and communicate with each other on the Internet. We may also collect information about the website you were visiting before you came to a PRGX website and the website you visit after you leave our site.

Can cookies and tracking be disabled?

In most cases, if you prefer not to allow the use of cookies or related technologies, you can manage cookie preferences and opt-out of having cookies and other tracking technologies used by adjusting the settings on your browser. In most cases, “Do Not Track” (DNT) is a web browser setting that send a signal to other websites, plug in providers, ad networks, and the like, to stop tracking your activity. All browsers are different, so please visit the “help” section of your browser to learn about the privacy settings that may be available. Please be advised that disabling cookies may result in limited functionality on our sites.

IP Addresses.

The website captures usage information such as: date and time of webpage visit, referring address (location from which a visitor comes to the website), type of Internet browser, and visitor’s IP address and DNS name, web form fills, content clicks/views, email opens/clicks. This information helps us to support and improve the operation of the website.

10. YOUR PERSONAL DATA RIGHTS

You have certain rights with respect to our processing of your Personal Data, which include:

(1) Access, Correction and Transmission: You may reasonably access the Personal Data pertaining to you that is on file with us. You also have the right to request that we correct incomplete, inaccurate or outdated Personal Data. To the extent required by applicable law, you may also request that we transmit Personal Data you have provided to us to you or to another company.

(2) Information About Data Processing: You may request details about how we process Personal Data, including the categories of Personal Data we have collected, the categories of sources for Personal Data we collect, the business or commercial purposes for collecting Personal Data, and the categories of third parties with which we share Personal Data.

(3) Objection: We respect your right to object to any uses or disclosures of your Personal Data that are not (i) required by law, (ii) necessary for the fulfillment of a contractual obligation, or (iii) required to meet legitimate interests of PRGX (such as general administration disclosures for auditing and reporting purposes, internal investigations, management of network and information systems security, or protection of our assets). If you do object, we will work with you to find a reasonable accommodation. You may also withdraw your consent at any time in relation to our processing of Personal Data based on your consent. In addition, you may always object to the use of your Personal Data for direct marketing purposes, including related profiling activities. Also, in case you have specific reasons that relate to your situation, you may object to our processing of your Personal Data based on our legitimate interests.

(4) Deletion: You may request the deletion of your Personal Data as provided by applicable law. This applies, for instance, where your information is outdated; where the processing is not necessary or is unlawful; where you withdraw your consent to our processing based on such consent; or where we determine we should accommodate an objection you have raised to our processing. In some situations, we may need to retain your Personal Data pursuant to our legal obligations or for the establishment, exercise or defense of legal claims.

(5) Restriction of Processing: Similarly, and where provided by applicable law, you may request that we restrict processing of your Personal Data while we are answering your request or complaint pertaining to (i) the accuracy of your Personal Data, (ii) our legitimate interests to process such information, or (iii) the lawfulness of our processing activities. You may also request that we restrict processing of your Personal Data if you wish to use the Personal Data for litigation purposes.

If you wish to exercise these rights, you may contact the PRGX Privacy Office as described below in the “How to Contact Us” section. Where reasonable, we will accommodate your request and use reasonable efforts to respond to requests in a timely manner. In some situations, we may refuse to act, charge a reasonable fee or impose limitations on your rights if, for instance, your request is likely to adversely affect the rights and freedoms of PRGX or others, prejudice the execution or enforcement of the law, interfere with pending or future litigation, or infringe applicable law. In all cases, you have a right to file a complaint with the applicable Data Protection Authority.

We assume that our clients have provided any notice required for PRGX to process Personal Data they provide to us, consistent with this Statement, and will provide further notice of any uses or disclosures that are materially different from those described in this Statement. Please note that if you wish to exercise any of your rights in relation to Personal Data we process on behalf of our clients we recommend that you contact the client directly. If you need assistance, please contact us and we will reasonably request our clients to correct, amend or delete any erroneous information, subject to their own policies and instructions.

Where reasonable, we will accommodate your request. However, PRGX may charge a reasonable fee or refuse to act on a request if it is manifestly unfounded or excessive in particular because of its repetitive character. In some situations, PRGX may refuse to act or may impose limitations on your rights if, for instance, your request is likely to adversely affect the rights and freedoms of PRGX or others, prejudice the execution or enforcement of the law, interfere with pending or future litigation, or infringe applicable law. In all cases, you have a right to file a complaint with the applicable Data Protection Authority.

To obtain PRGX’s Personal Rights Request Forms, please contact the PRGX privacy office at [email protected].

11. YOUR OBLIGATIONS

Bear in mind that you are responsible for the accuracy of your Personal Data. Please let us know when changes to your Personal Data are needed by contacting us through the “How to Contact Us” section and in accordance with applicable law. We will use reasonable efforts to respond to all such requests in a timely manner.

12. ENFORCEMENT

In compliance with the DPF Principles, we commit to resolve DPF Principle-related complaints about the collection and use of your Personal Data. EEA and UK individuals with inquiries or complaints regarding our handling of personal data received in reliance on the DPF Principles should first contact us at [email protected].

In addition, in compliance with the DPF Principles, we commit to refer unresolved complaints concerning our handling of personal data received in reliance on the DPF Principles to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgement of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/dpf-dispute-resolution for more information or to file a complaint. The services of JAMS are provided at no cost to the claimant. In certain circumstances, the DPF Principles provide the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Data Privacy Framework.

The Federal Trade Commission has jurisdiction over PRGX’s compliance with DPF Principles.

13. INFORMATION ABOUT CHILDREN

We do not knowingly provide products or services to or solicit Personal Data from children under the age of 18.

14. SOCIAL SECURITY NUMBERS

In some cases, PRGX collects Social Security Numbers, mainly in the U.S., in the ordinary course of its business, such as from our employees, as well as in certain records we process for our clients. We have implemented reasonable technical, physical and administrative safeguards to protect the Social Security Numbers. All our employees are required to follow these established procedures. Access to Social Security Numbers is limited to those employees and service providers with an approved business need to access the information to perform tasks for us and our clients.

Social Security Numbers are only disclosed to third parties in accordance with our established policies. We only disclose Social Security Numbers to (i) those service providers, auditors, advisors, and/or successors in interest who are legally or contractually obligated to protect them or (ii) as required or permitted by law.

15. ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS

The California Consumer Privacy Act (“CCPA”) requires businesses that collect Personal Data of California residents to make certain disclosures regarding how they collect, use, and disclose for certain categories of Personal Data. This section addresses those requirements. For a description of all of our data collection, use and disclosure practices, please read our Privacy Statement in its entirety.

The categories of Personal Data we collect about you are as follows:

Customer Records and Identifiers (such as your name, mailing address, telephone numbers, email address or other addresses that allow us to send you messages, tax identification number, and IP address);
Commercial Information (such as products or services purchased or the types of products and services that may interest you);
Internet Activity Information (such as your interactions with our website);
Protected Classifications (such as age or other demographic data);
Visual or Audio Information (such as visual or audio recordings necessary for the security of our premises);
Professional and Employment-Related Information; or
Inferences drawn from any of the above information categories.

We disclose the above categories of Personal Data for certain “business purposes,” such as disclosures to service providers and vendors that assist us with securing our services or marketing our products. We do not sell Personal Data.

The “Information We Collect” section of this Statement describes the categories of sources from which we collect your Personal Data. “How We Use Your Personal Data” describes the purposes for which we collect your Personal Data. “Disclosures of Personal Data” sets forth the types of third parties with which we share your Personal Data.

California law grants state residents certain rights, including the rights to access specific types of Personal Data, to learn how we process Personal Data, to request deletion of Personal Data, and not to be denied goods or services for exercising these rights. For more information on how to exercise your rights, please refer to Section 10 of this Privacy Statement. If you are an authorized agent wishing to exercise rights on behalf of a California resident, please contact us at [email protected] and provide us with a copy of the consumer’s written authorization designating you as their agent. We may still require consumers to directly verify their identify and confirm that they provided you permission to submit the request.

16. HOW TO CONTACT US

Questions about this Statement, or requests in relation to Your Personal Data Rights section above may be sent by email to [email protected] or by contacting:

Attention: Jenny Lambert
Data Protection Officer & General Counsel
200 Galleria Parkway, Suite 450
Atlanta, GA 30339
USA
770-779-3900

17. CHANGES TO THIS STATEMENT

As specified, we may decide to make changes to this Statement from time to time. The changes made in the past include the following:

January 20, 2010: As part of the launch of our new PRGX website, the “Cookie” section of this Statement has been updated to reflect new and limited uses of cookies which are used to monitor the traffic and use within our site as well as to enhance web content and functionality. Cookies on our site do not collect Personal Information.

October 10, 2014: PRGX’s Global Privacy Statement was updated to reflect compliance with U.S. and international data protection laws and regulations including the European Union Data Privacy Directive, Mexico’s Federal Law Protecting Personal Data, and the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA).

June 10, 2015: The “Cookie” section of PRGX’s Global Privacy Statement was updated to reflect new and limited uses of cookies, and other similar technologies, which will be used to associate web activity with limited Personal Information to personalize and enhance user experience. In addition, information regarding users’ ability to opt-out of cookie usage was added to the Cookie section of this Statement.

July 1, 2016: Updated the introductory section to reflect the European Court of Justice’s decision on October 6, 2015 whereby Safe Harbor was deemed invalid.

September 20, 2016: Updated Statement to reflect certification under the EU-U.S. Privacy Shield Framework.

August 8, 2017: Updated Statement to reflect Lavante Inc. as a covered entity under the PRGX Global, Inc. Global Privacy Statement.

May 25, 2018: Updates related to collection, use, disclosure, transfers, and protection of Personal Information as well as updates regarding your Personal Information rights to reflect the entry into force of the EU General Data Protection Regulation.

September 24, 2019: Updated to ensure Statement remains compliant with the Privacy Shield Principles after the UK’s withdrawal from the EU.

November 11, 2021: Updated to reflect the European Court of Justice’s invalidation of EU-US Privacy Shield Framework and to add CCPA compliance requirements.

April 1, 2024: Updated to reflect current service and software offerings and to update the How to Contact Us Section information.

August 22, 2024: Updated to reflect compliance and certification with the DPF Principles.

©2024 PRGX Global, Inc. All rights reserved. Many of the trademarks and service marks appearing on this website are registered trademarks. Use of this site is subject to certain Terms of Use which constitute a legal agreement between you and the Company. By using this site, you acknowledge that you have read, understood, and agree to be bound by the Terms of Use. Please review the Terms of Use; and if you do not agree to the terms, please do not use this site.

Have some concerns or questions? Email our support team today.

The Retailer’s Holiday Sanity Toolkit: Know, Avoid and Recover from Seasonal Challenges

Spend and Payment Insight: Working Capital Improvement

Spend and Payment Insight: Working Capital & Supplier Terms Retail

PRGX Global, Inc.