Privacy Policy

Welcome

This Privacy Policy is here to help you understand how we collect, use, disclose, and process your personal data. We also describe your choices and rights with respect to how we process that personal data. Please read this policy carefully.

Following notice to you or your acknowledgement of this Privacy Policy (including any updates), your continued use of any of our Services indicates your consent to the practices described in this Policy.

Who We Are

This is the Privacy Policy of Aspen HR, LLC (“Aspen,” “us,” “our,” or “we”). You can contact us at info@aspenaso.com.

Applicability

This Privacy Policy applies to our websites that link to/post this Privacy Policy, including any subdomains or mobile versions (the “Site(s)”), as well as the Aspen’s HR, employment, and benefits administration platform and other related services (collectively, the “Services”).

Agreement

This policy is incorporated into the Terms of Use governing your use of any of our Services. Any capitalized terms not defined in this Privacy Policy will have the definitions provided in our Terms of Use.

Following notice to you or your acknowledgement of this Privacy Policy (including any updates), your continued use of any of our Services indicates your consent to the practices described in this Policy.

Clients and Third Parties

Aspen is a full service HR solutions and benefits service provider for organizations (our “Clients”) and their employees and covered dependents (“Employees”). When our Services is provided pursuant to a Client agreement, we may process Personal Data (defined below) relating to a Client’s internal users of the Services (“Client Users”), as well as Employees who may use our Services.

This Policy reflects only how we process Personal Data through our Services. This Policy does not apply to our Clients’ own processing of your information once we have provided it to them. Please see the Client’s privacy policy for more information. Similarly, this Policy does not apply to information processed by other third parties, for example, when you visit a third-party website or interact with third-party Services unless we process information from those parties. Please review those third parties’ privacy policies for information on their privacy practices.

Processing of Personal Data

Personal Data We Collect:

In order to provide our Services, we may collect and process information that relates to identified or identifiable individuals (“Personal Data”). We collect and process the following categories of Personal Data (note, specific Personal Data elements are examples and may change):

How We Process Personal Data

Subscription and Account Registration

If you subscribe to or contract for our Services, we collect Identity Data, Financial Data, and Commercial Data in connection with that transaction. This data is used in order to fulfill the transaction and complete the subscription or contracting process. We may share certain information with our service providers in order to complete the transaction.

Additionally, Client Users may be able to register and create an account on our Services. When users register, we will process Identity Data and Contact Data. We use the Identity Data and Contact Data as necessary to create, maintain, and provide you with important information about your account. Subject to your rights and choices, we may also use the Identity Data as part of our efforts to improve our Services, and we may process the Identity Data and Contact Data in connection with marketing communications.

Client Services

We may process Identity Data, Contact Data, Financial Data, Professional Data, User Content, and certain Sensitive Data (including Health Data) to the extent provided by the Client or the Client’s employee and dependents in relation to benefits enrollment, as part of the HR administration platform and/or other Services we provide to or on behalf of our Clients.

We process the Identity Data, Contact Data, Financial Data, Professional Data, User Content, and Sensitive Data on behalf of the Clients and Employees as necessary to carry out the processes and transactions we provide to the Client and employee (e.g. pursuant to a services agreement, or as part of an employee enrolment). For example, we may process benefits applications, changes, and enrollments, create reports, or provide other similar services.

In addition, and subject to your rights and choices, we may also use this information (excluding Financial Data and Sensitive Data) as part of our legitimate interests in improving the design of our Services, and for ensuring the security and stability of the Services. Sensitive Data is used only in accordance with the consent of the employee and/or employee, as appropriate, and in accordance with applicable law.

Note, our Clients are the owners and controllers of information we process on their behalf under a Service Agreement. Further, certain data, such as Health Data, may be subject to additional restrictions or processing operations not described in this Policy. Supplemental policies, including Clients’ or other third parties’ privacy policies, may apply to the processing of such Personal Data. Please review the appropriate applicable privacy policies for information on how your Personal Data is used and the rights you may have in that Personal Data.

Contact Us Forms

We process Identity Data, Contact Data, and User Content if you choose to contact us through our Site. We may receive that data from a third party if and to the extent provided to us by a third party (e.g. contact or communications platforms). We use Identity Data, Contact Data, and User Content as necessary to communicate with you about the subject matter of your request and related matters. Subject to your rights and choices, we may also use Identity Data and Contact Data to in connection with Marketing Communications, if relevant to your request, such as when you request more information about our Services.

Marketing Communications

We may process Identity Data, Device/Network Data, and Contact Data when you are enrolled to receive, and when you open or interact with, our electronic marketing communications. Note, you may be enrolled with your consent or, where allowed, in connection with an information request or other interaction with our Services and services. Subject to your rights and choices, we may use the Identity Data, Device/Network Data, and Contact Data to improve our services and in connection with marketing communications.

Internal Employment Applications

We may process Identity Data, Contact Data, Professional Data, and User Content in connection with your application to be an employee, contractor, or otherwise join the Aspen team. We process this Personal Data primarily in connection with the assessment and creation of the personnel relationship, and to the extent permitted by applicable law, or with your consent or where authorized by law, and subject to your rights and choices, we may process Personal Data in accordance with our legitimate business interests, as follows:

Cookies and Similar Tracking Technologies

We, and certain third parties, may automatically collect and process Identity Data, Contact Data, and Device/Network Data when you interact with cookies and similar technologies on our Services. We may receive this data from third parties to the extent allowed by that party. Please note that the privacy policies of third parties may also apply to these technologies and the Personal Data collected through them.

Subject to your rights & choices, we may use this information as follows:

Data Sharing

Information we collect may be shared with a variety of parties, depending upon the purpose for and context in which that information was provided. We generally transfer data to the following categories of recipients:

Clients

We process data on behalf of Clients, and may share your Personal Data with Clients to the extent such information was provided to us for processing on the Client’s behalf. For example, any communications sent using our Platform and all other Personal Data processed on behalf of the Client may be available to the Client and its users. These parties may engage in direct marketing, or other activities that are outside our control.

Partners

In limited cases, we may share your Personal Data, such as Identity Data or Contact Data with business or marketing partners in connection with promotions, events, products, and services that are promoted, managed, supported, or otherwise undertaken with that third party. If appropriate, these parties may engage in marketing communications.

Service Providers

In connection with our general business operations, product/service improvements, to enable certain features, and in connection with our other lawful business interests, we may share Personal Data with service providers or subprocessors who provide certain services or process data on our behalf. For example, we may use cloud-based hosting providers to host our Services or disclose information as part of our own internal operations, such as security operations, internal research, etc.).

Corporate Events

Your Personal Data may be processed in the event that we go through a business transition, such as a merger, acquisition, liquidation, or sale of all or a portion of our assets. For example, Personal Data may be part of the assets transferred, or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction.

Affiliates

In order to streamline certain business operations, marketing activities, services, offers, and other content we believe would be of interest to you, and develop products and services that better meet the interests and needs of our customers, we may share your Personal Data with any of our current or future affiliated entities, subsidiaries, and parent companies.

Legal Disclosures

In limited circumstances, we may, without notice or your consent, access and disclose your Personal Data, any communications sent or received by you, and any other information that we may have about you to the extent we believe such disclosure is legally required, to prevent or respond to a crime, to investigate violations of our Terms of Use or a customer agreement, or in the vital interests of us or any person. We may, in our sole discretion (but without any obligation), object to the disclosure of your Personal Data to such parties.

 

Your Rights and Choices

Your Rights:

Applicable law may grant you rights in your Personal Data. These rights vary based on your location, state/country of residence, and may be limited by or subject to our or our Clients’ rights in your Personal Data. In cases where we process Personal Data on our own behalf, you may exercise rights you have by contacting us at Aspen HR, LLC, 750 Battery Street, 6th Floor, San Francisco, CA 94111 (attn: Rights Requests) or info@aspenaso.com (subject line: Rights Request)

All rights requests we receive directly must be verified to ensure that the individual making the request is authorized to make that request, to reduce fraud, and to ensure the security of your Personal Data. We may require that you log in to your account or verify that you have access to your account or the email on file in order to verify your identity.

Please contact the Client directly for data rights requests regarding Client-controlled information, and we will assist the Client as appropriate in the fulfillment of your request. While we may notify Clients of your request, we are unable to directly fulfill rights requests regarding Personal Data we control or for which we have the necessary rights of access, and we may not have access to or control over all or some Personal Data controlled by Clients.

For information regarding your California Privacy Rights, please see below.

Your Choices:

It is possible for you to use some of our Services without providing any Personal Data, but you may not be able to access certain features or view certain content. You have the following choices regarding the Personal Data we process, which you may exercise by contacting us as described above.

Marketing Communications: You have the choice to opt-out of processing related to marketing communications or to withdraw your consent if marketing communication was initiated through consent. You may exercise your choice via the “unsubscribe” links in our communications or by contacting us re: direct marketing.

Your California Privacy Rights

Under the California Consumer Privacy Act (“CCPA”) and other California laws, California residents may have the following rights, subject to your submission of an appropriately verified request (see below for verification requirements). Please note, as a B2B provider and employer, we may not be obligated under CCPA to fulfill these rights in some contexts, and we reserve the right to deny requests to the extent allowed by applicable law.

Privacy Rights

Right to Know

You may have the right to request any of following, for the 12 month period preceding your request: (1) the categories of Personal Data we have collected about you, or that we have sold, or disclosed for a commercial purpose; (2) the categories of sources from which your Personal Data was collected; (3) the business or commercial purpose for which we collected or sold your Personal Data; (4) the categories of third parties to whom we have sold your Personal Data, or disclosed it for a business purpose; and (5) the specific pieces of Personal Data we have collected about you.

Right to Delete

You may have the right to delete certain Personal Data that we hold about you, subject to exceptions under applicable law.

Right to Non-Discrimination

You may have the right to not to receive discriminatory treatment as a result of your exercise of any rights conferred by the CCPA.

Direct Marketing

You may request a list of Personal Data we have disclosed about you to third parties for direct marketing purposes (if any) during the preceding calendar year.

Opt-Out of Sale

If we engage in sales of Personal Data (as defined by applicable law), you may direct us to stop selling or disclosing Personal Data to third parties for commercial purposes. At this time, we do not sell (as defined by the CCPA) Personal Data.

Submission of Rights Requests

You may submit requests to info@aspenaso.com (subject line: Rights Request) (see below for summary of required verification information).

Verification of Rights Requests

All rights requests must be verified to ensure that the individual making the request is authorized to make that request, to reduce fraud, and to ensure the security of your Personal Data. We may require that you provide the email address we have on file for you (and verify that you can access that email account) as well as an address, phone number, or other data we have on file, in order to verify your identity.

Agent Requests

Agents should submit requests to the email above, along with information supporting their authorization to act on the consumer’s behalf. We may contact individuals to validate the agent’s authority to act on their behalf, and may require that individuals to validate their identity directly if the agent does not have property authority or for any appropriate security or compliance purposes.

 

Supplemental Data Processing Disclosures

Categories of Personal Data Disclosed for Business Purposes

For purposes of the CCPA, we may disclose to Service Providers for “business purposes” the following categories of Personal Data: Identity Data, Contact Data, Transaction Data, Device/Network Data, Biographical Data, and User Content.

Data Sale

For purposes of the CCPA, we do not “sell” your Personal Data.

Right to Know

 

Category of Data
Category of Sources
Business and Commercial Purposes
Category of Recipients
Identity Data
You; Your Devices; Service Providers; Clients
Service Provision and Contractual Obligations; Internal Processes and Services Improvement; Personalization; Aggregate Analytics; Security and Fraud Detection; Compliance, Health, Safety & Public Interest; Other Processing
Clients; Partners, Service Providers; Affiliates; Corporate Events; Legal Disclosures
Contact Data
You; Your Devices; Service Providers; Clients
Service Provision and Contractual Obligations; Internal Processes and Services Improvement; Personalization; Aggregate Analytics; Security and Fraud Detection; Compliance, Health, Safety & Public Interest; Other Processing
Clients; Partners, Service Providers; Affiliates; Corporate Events; Legal Disclosures
Commercial Data
You; Service Providers; Data we create/infer
Service Provision and Contractual Obligations; Internal Processes and Services Improvement; Personalization; Aggregate Analytics; Security and Fraud Detection; Compliance, Health, Safety & Public Interest; Other Processing
Clients; Service Providers; Affiliates; Corporate Events; Legal Disclosures
Financial Data
You; Service Providers; Clients
Service Provision and Contractual Obligations; Internal Processes and Services Improvement; Security and Fraud Detection; Compliance, Health, Safety & Public Interest; Other Processing
Service Providers; Affiliates; Corporate Events; Legal Disclosures
Device/ Network Data
You; Your Devices; Service Providers; Clients
Service Provision and Contractual Obligations; Internal Processes and Services Improvement; Personalization; Aggregate Analytics; Security and Fraud Detection; Compliance, Health, Safety & Public Interest; Other Processing
Service Providers; Affiliates; Corporate Events; Legal Disclosures
Biographical Data
You; Service Providers; Clients
Service Provision and Contractual Obligations; Internal Processes and Services Improvement; Personalization; Aggregate Analytics; Security and Fraud Detection; Compliance, Health, Safety & Public Interest; Other Processing
Clients, Service Providers; Affiliates; Corporate Events; Legal Disclosures
Health Data
You; Clients
Services Provision and Contractual Obligations; Security and Fraud Detection; Compliance, Health, Safety & Public Interest; Other Processing
Clients, Service Providers; Affiliates; Corporate Events; Legal Disclosures
Sensitive Data
You; Clients
Services Provision and Contractual Obligations; Security and Fraud Detection; Compliance, Health, Safety & Public Interest; Other Processing
Clients, Service Providers; Affiliates; Corporate Events; Legal Disclosures

SECURITY

We follow and implement reasonable security measures to safeguard the Personal Data you provide us. However, we sometimes share Personal Data with third parties as noted above, and we do not have control over third parties’ security processes. Please note, we do not warrant perfect security and we do not provide any guarantee that your Personal Data or any other information you provide us will remain secure.

DATA RETENTION

We retain information for so long as it, in our discretion, remains relevant to its purpose, and in any event, for so long as is required by law. We will review retention periods periodically, and may sometimes pseudonymize or anonymize data held for longer periods, if appropriate and requested.

MINORS

Our Services are neither directed at nor intended for use by minors under the age of majority in the relevant jurisdiction. Further, we do not knowingly collect Personal Data from such individuals. If we learn that we have inadvertently done so, we will promptly delete it.

INTERNATIONAL TRANSFERS

We operate in and use service providers located in the United States. If you are located outside the U.S., your Personal Data may be transferred to the U.S. The U.S. may not provide the same legal protections guaranteed to Personal Data in foreign countries. Contact us for more information regarding transfers of data to the U.S.

CHANGES TO OUR PRIVACY POLICY

We may change this Privacy Policy from time to time. Changes will be posted on this page with the effective date. Please visit this page regularly so that you are aware of our latest updates. Your use of our Services following notice of any changes indicates acceptance of any changes.

CONTACT US

We may change this Privacy Policy from time to time. Changes will be posted on this page with the effective date. Please visit this page regularly so that you are aware of our latest updates. Your use of our Services following notice of any changes indicates acceptance of any changes.