Date of Last Revision: September 28, 2022
INFORMATION WE MAY COLLECT
Through your use of the Website and the Return to Work Services, we collect Personal Information. Personal Information generally refers to any information that can be linked to an identified or identifiable person. The term Personal Information also covers certain categories of "sensitive" or "special" Personal Information that often receives additional protections and/or are subject to additional restrictions under applicable laws.
While it is completely optional for you to provide the Personal Information set out below or answer questions on our Website, failure to provide the requested information may result in your inability to obtain the Return to Work Services.
The Personal Information that we may collect about you, or have collected about you in the past 12 months, varies depending on the context of our interactions with you. This broadly falls into the following categories:
Types of Data
Primary Purpose for Collection and Use of Data
Return to Work Services Registration
When you register for our Return to Work Services, we may collect your first and last name, user name and password, gender, DOB, financial information, social security number, personal and professional contact information, order information, health related information (e.g., health conditions or medical history), marital status, spousal information, information about dependents, employment history, information about worker’s compensation, driver’s license, information about public disability, insurance information, military service status, and information about Social Security Administration benefits and claims.
We have a legitimate interest in providing the relevant product or Return to Work Services to you and performing our contract with you and other relevant parties involved.
We have a legitimate interest in making our Website operate efficiently, providing account-related functionalities, improving our platform, services and product offerings, and maintaining security standards.
If you receive email from us, we use certain tools to capture data related to when you open our message and click on any links or banners it contains. For more information relating to the use of such tools, review our “Cookies” section.
We have a legitimate interest in using this information to understand how you interact with our communications to you.
If you provide us feedback or contact us for support, we will collect your name and email address, as well as any other content that you send to us, in order to reply.
We have a legitimate interest in using this information in order to receive, and act upon, your feedback or issues, such as to develop new ways to meet our client’s needs and to grow our business.
We use technology to monitor how you access and interact with our Website. This may include which links you click on, or information that you type into our online forms. This may also include information about your device or browser. For more information relating to the use of such tools, review our “Cookies” section.
We have a legitimate interest in using this information to understand how you interact with our Website to better improve it, and to understand your preferences and interests in order to select offerings that you might find most useful. We also have a legitimate interest in detecting and preventing fraud.
We collect information, including your browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to a computer when the Internet is used), domain name, device ID, language preferences, referring website, the length of time you are visiting our Website, and/or a date/time stamp for visitors. We may also collect such information in relation to monitoring potential malicious code on our systems, such as through the collection of metadata and traffic data, or portions or hashes (a file that has been converted into a numerical string by a mathematical algorithm) of any of the information listed here. For more information relating to the use of such tools, review our “Cookies” section.
We have a legitimate interest in monitoring our networks, providing and maintaining the functionality of our Website, including identifying and repairing errors or problems, security incidents, and in investigating, preventing, or taking action regarding possible malicious, deceptive, fraudulent, or illegal activity, including attempts to manipulate or violate our policies, procedures, and terms and conditions.
Additionally, we may also collect personal information from third parties that you have authorized to provide us with your information (e.g., referrals).
DISCLOSURES OF PERSONAL INFORMATION
We respect the importance of privacy. Other than as provided in this Policy, we do not sell your Personal Information, nor do we share it with unaffiliated third parties including for marketing uses, unless we have your consent, or we are required by law to do so. Generally, we may disclose the Personal Information we collect to facilitate our communications with clients, to operate our business, to advertise or promote our Return to Work Services, or with your consent.
We may disclose your Personal Information to third parties in the following ways:
- Service Providers. We may disclose your Personal Information to authorized third parties who perform services for us (including cloud services, data storage, sales, human resources, and marketing). Our contracts with our service providers include commitments that they agree to limit their use of Personal Information and to comply with privacy and security standards at least as stringent as the terms of this Policy. Please note that you will be contacted via United States Postal Service, telephone, and/or email regarding any request for your Personal Information that is denied by Allsup, including the denial reason.
- Government Agencies. We may disclose your Personal Information to state, federal, and other governmental agencies or entities to fulfill our Return to Work Services and/or any contract that we may have with you.
- Corporate Transaction. We may disclose your Personal Information in connection with a proposed or actual corporate merger, acquisition, consolidation, sale of assets, bankruptcy, insolvency, or other corporate change.
- Other Parties. We may disclose your Personal Information to legal, governmental, or judicial authorities, as instructed or required by those authorities or applicable laws, or in relation to a legal activity, such as in response to a subpoena or an investigation. We may also disclose such Personal Information if we believe disclosure is necessary to prevent physical, financial, or other harm, injury, or loss.
- De‑identified Personal Information. We may disclose or use aggregated or de-identified data for any lawful purpose. De‑identified information is generally not considered to be Personal Information under applicable laws.
- Other Disclosures With Your Consent. We may disclose your Personal Information with your consent to other unaffiliated third parties who are not described elsewhere in this Policy.
The time periods for which we retain your Personal Information depend on the purposes for which we use it and applicable law for the type of data and use. Allsup will keep your Personal Information for as long as you are a registered subscriber or user of our Return to Work Services or for as long as we have a valid business purpose to do so and, thereafter, for no longer than is required or permitted by law, as reflected in Allsup's internal Records Retention Policy. The Personal Information we collect may be stored and processed in servers in the United States and/or other jurisdictions where Allsup, or our service providers, have facilities.
Depending on where you are located, you may have additional rights, as detailed below.
- The right to access: You may have the right to obtain from us confirmation as to whether or not Personal Information concerning you is being processed, and, where that is the case, to request access to the Personal Information. This access to information includes the purposes of the processing, the categories of Personal Information concerned, and the recipients or categories of recipient to whom the Personal Information has been or will be disclosed, among other categories of information. However, this is not an absolute right and the interests of other individuals may restrict your right of access. You may have the right to obtain a copy of the Personal Information, subject to certain restrictions.
- The right to correction: You may have the right to request that we correct any Personal Information about you that is inaccurate. Depending on the purpose of the processing, you also have the right to request that we complete the Personal Information we hold about you where you believe it is incomplete, including by means of providing a supplementary statement.
- The right to deletion: You may have the right to request that we erase your Personal Information, under certain conditions. However, because we keep track of past transactions, you cannot delete information associated with past transactions on the Website. In addition, it may be impossible to completely delete your information without some residual information because of backups.
- The right to restrict processing: You may have the right to request that we restrict the processing of your Personal Information, under certain conditions. In such case, the data will be marked and may only be processed by us for certain purposes.
- The right to data portability: You may have the right to request that we transfer the Personal Information we have collected about you to another organization, or directly to you, in a structured, commonly used, and machine-readable format, under certain conditions.
- The right to withdraw consent: Where we rely on your consent to process your Personal Information, you have the right to withdraw that consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal.
- Right to know what Personal Information is sold or shared and to whom: At the current time, Allsup does not sell or share (as the term is defined by certain privacy laws) your Personal Information with third parties for their marketing purposes.
- Right to prohibit the sale or sharing of Personal Information: At the current time, Allsup does not sell or share (as the term is defined by certain privacy laws) your Personal Information with third parties for their marketing purposes.
- Right to limit the use and disclosure of sensitive Personal Information: We will only use sensitive or special Personal Information as needed for the purposes for which it was collected. If this changes, we will notify you, and you may have the right to restrict such additional uses.
We do not discriminate against individuals for the exercise of any of their rights described in this Policy. However, Allsup may require the use of your Personal Information to provide access to the Return to Work Services. Therefore, when you exercise your deletion right, in particular, as well as other rights you may lose access to certain aspects of the Return to Work Services that require your Personal Information.
EXERCISING YOUR RIGHTS
To exercise your rights, or appeal a decision we have made regarding your rights, please contact us as stated in the “Contact Us” section of this Policy, or you may submit a request to us by either:
If you choose to assert any of these rights under applicable law, we will respond within the time period prescribed by applicable law. Please note that many of the rights listed in the “Your Rights” section are subject to exceptions and limitations. Further, we may request additional information to respond to or fulfill any requests regarding your rights under applicable laws or regulations. Your rights and our responses will vary based on your country or territory of residency.
In certain jurisdictions, a person authorized to act on your behalf may make a verifiable consumer request related to your Personal Information. If you designate an authorized person to submit requests to exercise certain privacy rights on your behalf, we will require verification that you provided the authorized agent with such permission.
Your verifiable request must: (i) provide sufficient information (e.g., name, address, phone number, and/or email address) that allows us to reasonably verify that you are the person about whom we collected Personal Information or an authorized representative; and (ii) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Prior to complying with your request, we will need to verify your identity. Our verification procedure may differ depending on whether you have a registered account, the sensitivity of the Personal Information, and the risk of harm to you by unauthorized disclosure or deletion as applicable. You may also be asked to submit a signed declaration under penalty of perjury stating that you are the individual whose Personal Information is the subject of the request.
We use various reasonable safeguards (administrative, organizational, technical, and physical) to protect the Personal Information we collect and process. Our security controls are designed to maintain an appropriate level of confidentiality, integrity, and availability of your Personal Information. Nonetheless, no such measure is 100% effective; therefore, we do not guarantee that your Personal Information will be secure from theft, loss, or unauthorized access or use, and we make no representation as to the reasonableness, efficacy, or appropriateness of the measures we use to safeguard such Personal Information. In the event of an incident that we are required by law to inform you of, we may notify you electronically, in writing, or by telephone, if permitted to do so by law. We encourage you to use caution when using the Internet. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us as specified in the “Contact Us” section below.
THIRD PARTY SITES
PROTECTION OF CHILDREN'S PRIVACY
We do not knowingly collect, use, or disclose Personal Information about persons under 13 years of age. Users under the age of 13 should not submit any Personal Information to us. If you believe we have collected Personal Information from your child in error or have questions or concerns about our practices relating to children, please notify us using the details in the “Contact Us” section below. We will take prompt steps to remove the Personal Information from our systems.
As Allsup grows and our business changes, we reserve the right to modify, expand, or update this Policy at any time as we deem appropriate to reflect those changes. When we make changes to this Policy, we will post the updated Policy on the Website and update the Policy’s “last updated” date above. It is important that you check back from time to time and make sure that you have reviewed the most current version of this Policy. If you do not agree with the changes, then you should stop using our Website and Return to Work Services and notify us that you do not want your Personal Information used in accordance with the changes.
Call us at: (866) 380-3048
Email us at: firstname.lastname@example.org
Attn: Privacy Compliance Officer
300 Allsup Place
Belleville, IL 62223