This website, www.NORDAM.com (the “Site“), is owned and operated by The NORDAM Group LLC (“NORDAM,” “we,” “us,” or “our“). NORDAM takes very seriously our role in protecting the privacy of individuals who visit and use this Site. This Data Privacy Program provides guidance and outlines how NORDAM collects, uses, and protects data and information in our possession for our business.
This policy applies to all activities regarding employees, officers, Non-employees, and other agents of The NORDAM Group LLC and its subsidiaries when gathering, collecting, processing, storing, and transferring data and information, including personal data transferred from the European Union, United Kingdom, and Switzerland to the United States in reliance on the Data Privacy Framework program.
This policy governs personal data collected through any NORDAM-controlled digital platforms, systems, applications, or business operations and applies regardless of the format (digital, paper, verbal) in which the personal data is collected or processed.
The Site may include links to other websites, plug-ins, services, or applications. Clicking on those links or enabling those connections may allow the owner of such properties to collect or share information about you. We do not control these properties, and we encourage you to read the privacy notice or policy of each one that you visit. This Policy applies only to information we collect on this Site. It does not apply to information collected by any third party or any of our affiliates or subsidiaries on their websites, services, or applications.
Please read this Policy carefully to understand our policies and practices for processing and storing your information. By using this Site, you accept the terms of this Policy and consent to the collection, use, disclosure, retention and other practices described in this Policy. This Policy may change from time to time. Your continued engagement with our Site after any such revisions indicates that you accept and consent to them, so please check the Policy periodically for updates.
NORDAM will comply with all applicable laws, regulations, and statutes regarding the data privacy framework, including all future programs, when applicable. NORDAM will ensure that all personal and Company Data and Information is processed fairly, lawfully, and transparently and kept secure no longer than necessary in accordance with laws, regulations, and our Company policies. Company Data and Information in the Company’s possession are used only for limited, specified stated purposes and not used or disclosed in any way incompatible with those purposes.
DEFINITIONS
Data Privacy Framework or DPF
Means the EU-U.S. Data Privacy Framework , UK Extension to the EU-U.S. Data Privacy Framework, and Swiss-U.S. Data Privacy Framework, which were respectively developed by the U.S. Department of Commerce and the European Commission, UK Government, and Swiss Federal Administration to provide U.S. organizations with reliable mechanisms for personal data transfers to the United States from the European Union, United Kingdom, and Switzerland while ensuring data protection that is consistent with EU, UK, and Swiss law.
Including the seven DPF Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access and Recourse, Enforcement, and Liability.
EmployeeFull-time, part-time, NORDAM temporary and intern employees that are employed by NORDAM and paid via NORDAM’s payroll.
| Term | Definition |
| Company or NORDAM | The NORDAM Group LLC, a Delaware limited liability company, and its affiliates. |
| Company Data and Information | Refers to any information requested from or provided by a company or entity in the course of business or performing on a contract or agreement. |
| Information Owners | Department heads and designees of the Company, who are the responsible party for information that their department accesses and have oversight in controlling who has access. |
| Non-employee | Person(s) other than a NORDAM employee working on behalf of the Company and not paid via NORDAM’s payroll. Includes third-party representatives, agents, consultants, contactors, and temporary workers employed through an agency. |
| NORDAM Ethics Helpline | The third party, 24-Hour, fully anonymous corporate hotline Service |
| Personal Data | Refers to information about a living person that can be used on its own, or in combination with other available information, to identify an individual — including any opinions or intentions about the person held by NORDAM or others. The information can be held by NORDAM or likely to come into NORDAM’s possession. |
| Third-Party Processor | A third party that processes personal data on behalf of NORDAM under written instructions, subject to the DPF onward transfer principle. |
PROCEDURE
NORDAM values privacy and the importance of safeguarding data and information, and is committed to a program which aims to protect privacy with the highest intentions of privacy. We additionally aim to not put individuals at risk by processing their personal data. Failure to do so can result in a breach of applicable law, reputational damage, or financial implications due to fines. To meet our obligations, we put in place appropriate and effective measures to make sure we comply with data protection laws. The U.S. Department of Commerce has jurisdiction over NORDAM’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the U.K. Extension to the EU-U.S. DPF. Personal data is more sensitive and is restricted with limited access by information owners. This policy applies to the personal information we obtain through our website, social media pages, and other digital platforms we operate, use, or control, whether directly or indirectly, via a third-party.
NORDAM complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, set forth by the U.S. Department of Commerce. NORDAM has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
In compliance with the EU-U.S. Data Privacy Framework (DPF) and the UK Extension to the EU-U.S. DPF, individuals also have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance that have not been resolved by any of the other DPF mechanisms. Additional information regarding binding arbitration is available in Annex I of the DPF Principles at: https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction
The Federal Trade Commission has jurisdiction over NORDAM’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF.
5.1 DATA COLLECTION AND HOW WE USE PERSONAL DATA
NORDAM collects and processes various information for business purposes, including but not limited to contact and demographic details, billing and financial records, government-issued ids, and employment history. For the purpose of complying with regulations on classified and export-controlled data, we also collect citizenship status and relevant personal information. In addition to direct information, NORDAM may obtain data about prospective hires, stakeholders, and third parties from external sources, including but not limited to background check providers, government databases, and public records.
To support domestic and global operations, we share this information with specific categories of third parties, including but not limited to affiliates, service providers, payroll and benefits providers, it vendors, background screening agencies, and government authorities. These disclosures are made for defined business and legal purposes, such as employment administration, payroll processing, compliance with legal obligations, security clearance processing, contract performance, and the maintenance of a secure infrastructure. We conduct this due diligence to ensure the protection and integrity of NORDAM and its partners.
NORDAM may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Personal information is provided voluntarily. Individuals have the right to access personal information that NORDAM holds about them and to correct, amend, or delete that information if it is inaccurate or processed in violation of the DPF Principles. Failure to provide necessary information may result in limited services and access or service denial.
5.2 DATA TRANSFERS
Where possible, NORDAM stores and processes Personal Data on servers within the United States and United Kingdom or with Company approved external cloud service providers.
NORDAM will take appropriate steps to ensure that Personal Data is treated securely and in accordance with our Company policies as well as applicable data protection law. Data may be kept in other countries that are considered adequate under the laws applicable to the person/entity on whom the data was collected.
5.3 PROTECTING PERSONAL DATA
NORDAM proactively implements and maintains organizational safeguards and security measures to protect personal data. These measures are designed to prevent accidental loss, unauthorized access, alteration, or disclosure of personal information.
When personal data is involved, the communication between our website and the target browser uses a secure, encrypted connection.
We take steps to mandate any third party contracted to process personal data on NORDAM’s behalf to have security measures in place to protect personal information and handle it in accordance with applicable law. NORDAM requires all third-party processors to provide at least the same level of privacy protection as required by the DPF Principles and ensures such commitments are included in written contracts. NORDAM remains liable under the DPF Principles if its third-party agents process personal data in a manner inconsistent with those Principles, unless NORDAM proves it is not responsible for the event giving rise to the damage.
In the unfortunate event of a personal data breach, we will notify those impacted and any applicable regulatory authority as required by law.
5.4 RETENTION OF PERSONAL DATA
We will retain Personal Data solely for the duration necessary to fulfill the intended purpose of collection, in accordance with applicable legal requirements, and that aligns with NORDAM policies. When the data is no longer needed, we will remove it from our systems or take appropriate measures to anonymize it.
5.5 INFORMATION OWNERS
At NORDAM, we empower our Information Owners to oversee access to information and data for business purposes, ensuring that only authorized and trained Stakeholders, along with relevant non-stakeholders, can access this information. These owners are responsible for managing personal data and associated risks within their departments. They implement appropriate and effective measures to protect this data while adhering to data protection laws and Company policies.
5.6 REPORTING
Stakeholders and non-stakeholder vendors who believe that Personal Data has been mishandled, misused, or is in violation of this policy, must report the incident to the head of Ethics and Compliance immediately. In compliance with the DPF Principles. NORDAM provides a readily available and affordable independent recourse mechanism to investigate and resolve complaints. We have selected VeraSafe as our third-party dispute resolution provider. This service is provided at no cost to the individual. Further information is available at https://verasafe.com/public-resources/dispute-resolution/dispute-resolution-procedure/
In compliance with the EU-U.S. Data Privacy Framework (DPF) and the UK Extension to the EU-U.S. DPF, NORDAM is committed to resolving complaints related to DPF Principles regarding NORDAM’s collection and use of personal information. Feedback on NORDAM’s data privacy practices is important. Individuals from the EU and UK with inquiries or complaints about our handling of personal data are encouraged to first contact the NORDAM Helpline.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, NORDAM commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF in the context of the employment relationship.
5.7 WITHDRAWING CONSENT
Individuals have the right to opt out of the disclosure of their personal data to third parties or the use of their personal data for a purpose materially different from that for which it was originally collected or subsequently authorized. In cases involving sensitive data (e.g., health, racial/ethnic origin, etc.), NORDAM will obtain affirmative express consent (opt-in) prior to processing or disclosing such data. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal. This includes the option to opt out of marketing communications from NORDAM. Stakeholder requests to withdraw should be sent in writing to: AskCompliance@NORDAM.com.
5.8 CONSEQUENCES OF NON-COMPLIANCE
Violations of laws, regulations, and company policies are severe. They may subject individuals to substantial fines and/or imprisonment and may subject NORDAM to criminal, civil, and/or administrative action, including suspension, revocation, or denial of government contracts. NORDAM Stakeholders, officers, and board of managers are subject to disciplinary action up to and including termination and reimbursement to injured parties for any losses or damages resulting from conduct that violates this policy. This includes the improper conduct of third-party representatives, customers, and suppliers, known or which should have been known by the Stakeholder, officer, or board of managers.