Last updated: 9/23/2021
WE ENCOURAGE YOU TO READ THIS PRIVACY STATEMENT CAREFULLY TO UNDERSTAND OUR PRIVACY PRACTICES. BY USING OUR WEBSITE, YOU ACKNOWLEDGE THAT YOU HAVE READ AND YOU UNDERSTAND THIS PRIVACY STATEMENT. IF YOU DO NOT AGREE TO THE TERMS AND CONDITIONS OF THIS PRIVACY STATEMENT, PLEASE DO NOT USE OUR WEBSITE.
We at CrossCountry Consulting LLC (“CrossCountry,” “we,” “us” or “our”) respect your concerns about privacy and value the relationship that we have with you. This Privacy Statement explains what information we collect, how we intend to use that information, with whom we share it, how long we keep it and how to contact us if you have any queries or concerns about our use of your personal information.
Your use of this website is subject to your agreement with this Privacy Statement.
This Privacy Statement applies only to the websites and services controlled by CrossCountry, where this Privacy Statement is posted (the “Site(s)”). Your use of the Sites is also subject to our Terms and Conditions.
When we refer to our Site, we mean the specific webpages of CrossCountry-Consulting.com and to specific webpages with a URL starting with the following:
In this Privacy Statement, the term “personal information” means data relating to a living individual, who is, or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, our possession, and includes personal data as described in Data Protection Law (as defined below).
Please read the following carefully. Registering for an account (“Your Account”) on our Site(s) or any mobile application, use of Your Account, or our Site or otherwise accepting the terms of this Privacy Statement indicates that you have reviewed this Privacy Statement and have agreed to be bound by it. If you do not agree to these terms, you must leave our website immediately. If you no longer consent to our processing of your personal data, you may request that we cease such processing by contacting us via the “How to Contact Us” below.
We will handle your personal information in accordance with Data Protection Law. “Data Protection Law” means any applicable law or regulation relating to the processing of personal information and to privacy in electronic communications, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Data Protection Acts 1988 to 2018 in Ireland and the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 and includes any supplement, amendment, revision or replacement of such laws or regulations from time to time.
We are a Controller (as defined in Data Protection Law) in relation to any personal information which we collect from you through your (or any other user’s) use of the Service and the set-up of your account. This Privacy Statement sets out the basis on which any such personal information will be processed by us.
To contact us with questions about this Privacy Statement, or any other privacy-related issues, see “How to Contact Us,” below.
CrossCountry and its compliance with this Privacy Statement are subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) in the United States and the Data Protection Commission in Ireland.
In light of the judgment of the Court of Justice of the EU in Case C-311/18, although personal CrossCountry does not rely on the EU-U.S. Privacy Shield Framework as a legal basis for transfers of personal data, it continues to adhere to the principles of the EU-US Privacy Shield framework. Please refer to the Privacy Shield website (external) for more information.
Information We Collect
In general, you can visit our Site without telling us who you are, but you may choose to subscribe to our blog, apply for a job, or contact us. In these cases, you will be asked to provide personal information such as those below:
- Contact information: First name, last name, email address, phone number
- Employment information: Company name, resume content
- Social media information: LinkedIn profile
- Other information you provide to us: Additional content and information that you voluntarily provide us, such as when you post a comment, submit a complaint, or send us feedback
If you object at any time to the collection or processing of any of the data categories above, or other data that is collected during your interactions with us, we may not be able to continue providing some or all of our services to you as a candidate or client.
Personal Information We Collect from Third parties About You
In addition to the information we collect on our own, the personal information we process collected from third parties may include:
- Contact information: First name, last name, email address, phone number
- Demographic information: Gender, age, date of birth, ethnicity, and social security number
- Employment information: Company name, resume content
- Social media information: LinkedIn profile
How We Use Your Personal Information
CrossCountry uses your personal information for a number of purposes, including the following:
- Provide and administer our services to you
- Provide you with support and to respond to inquiries
- Measure and improve those services and features
- Internal record keeping
- Invite you to participate in surveys or research about CrossCountry
- Alert you to updated information from CrossCountry or other third parties, or to forward promotional materials
- To inform you of upcoming events
- Analyze and improve the activities and content offered by the CrossCountry website to provide you with the most user-friendly navigation experience. We may also use and disclose information in aggregate (so that no individuals are identified) for marketing and strategic development purposes
- Notify you about a material change to this Privacy Statement, if necessary, or to contact you in response to sign-up forms
- Protect the rights of CrossCountry and others. There may be instances when we may disclose your personal information, including situations where we have a good faith belief that such processing is necessary, in order to:
- Protect, enforce, or defend the legal rights, privacy, safety or property of CrossCountry, our affiliates or their employees, agents and contractors (including enforcement of our agreements and terms and conditions)
- Protect the safety, privacy and security of users of our Site(s) or members of the public
- Protect against fraud or for risk management purposes.
- Comply with applicable laws or legal process and/or respond to requests from public and government authorities.
- For any other legitimate business reasons
Our Legal Bases for Processing
We process personal information per applicable law and with transparency and fairness. Our processing activities are conducted on one of the following bases for processing:
- With your consent
- In order to fulfil our contractual obligations to you
- For the legitimate purpose of operating our business, including to improve and develop our services to members, for fraud prevention purposes, and to improve users’ experience
- As otherwise determined in compliance with the law
Will We Contact You for Marketing Purposes?
CrossCountry will contact you for marketing purposes where you have provided us with consent to do so in accordance with applicable law.
Please see “Your Rights Regarding Your Personal Information” for information on how to change your communication preferences, including opting-out of future marketing communications.
Information We Share
We restrict access to your personal information to employees, contractors, and agents who need such access, in order to operate, develop, or improve our service. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination, civil litigation and/or criminal prosecution, if they fail to meet these obligations. We will use your personal information within CrossCountry for the purposes for which it was obtained. CrossCountry may share your personal information with the following categories of recipients:
- Service providers helping to administer the services, products, programs, and events. Our service providers are required by contract to protect the confidentiality of the personal information we share with them and to use it only to provide specific services on our behalf.
- Subsidiaries and affiliates to better serve CrossCountry and its evolving needs.
- Third parties who provide products and services of interest to CrossCountry clients.
- Competent authorities including law enforcement, in order to comply with applicable laws or court orders.
Your Rights Regarding Your Personal Information
Under Data Protection Law, you have the following rights:
- the right of access to your personal information
- the right to correct any mistakes in your personal information
- the right to ask us to stop contacting you with direct marketing
- rights in relation to automated decision making
- the right to restrict or prevent your personal information being processed
- the right to have your personal information ported to another data controller
- the right to erasure
- the right to complain to the relevant data protection supervisory authority if you believe we have not handled your personal information in accordance with Data Protection Law
- the right to withdraw your consent
- Obtain equal services and pricing
These rights are explained in more detail below, but if you have any comments, concerns or complaints about our use of your personal information, please contact us (see ‘How to Contact Us’ below. We will respond to any rights that you exercise within one month of receiving your request, unless the request is particularly complex in which case we will respond within three months (we will inform you within the first month if it will take longer than one month for us to respond).
- Right of access to your personal information
You may ask to see what personal information we hold about you and be provided with:
- a summary of such personal information and the categories of personal information held (see “Information We Collect” above);
- details of the purpose for which it is being or is to be processed (see “How We Use Your Personal Information” above);
- details of the recipients or classes of recipients to whom it is or may be disclosed, including if they are outside the EEA and what protections are used for those transfers outside the EEA (see “Information We Share” above and “International Data Transfers” below);
- details of the period for which it is held or the criteria we use to determine how long it is held (see “How Long Your Personal Information is Stored” below);
- details of your rights, including the rights to rectification, erasure, restriction, or objection to the processing (see below);
- any information available about the source of that data (see “Personal Information We Collect from Third parties About You” above);
- whether or not we carry out automated decision-making, or profiling, and where we do, information about the logic involved and the envisaged outcome or consequences of that decision making or profiling (see below); and
- where your personal information is transferred out of the EEA, what safeguards are in place (see “International Data Transfers” below).
Details in respect of the above points are all set out in this Privacy Statement; however, if you need further clarification, please contact us (see ‘How to Contact Us’ below).
Requests for your personal information must be made to us (see ‘How to Contact Us’ below) specifying what personal information you need access to, and a copy of such request may be kept by us for our legitimate purposes in managing the service. To help us find the information easily, please give us as much information as possible about the type of information you would like to see. If, to comply with your request, we would have to disclose information relating to or identifying another person, we may need to obtain the consent of that person, if possible. If we cannot obtain consent, we may need to withhold that information or edit the data to remove the identity of that person, if possible.
We are also entitled to refuse a data access request from you where (i) such request is manifestly unfounded or excessive, in particular because of its repetitive character (in this case, if we decide to provide you with the personal information requested, we may charge you a reasonable fee to account for administrative costs of doing so), or (ii) we are entitled to do so pursuant to Data Protection Laws.
- Right to update your personal information or correct any mistakes in your personal information
You can require us to correct any mistakes in your personal information which we hold free of charge. If you would like to do this, please:
- email or write to us (see “How to Contact Us” below);
- let us have enough information to identify you (e.g. name, registration details); and
- let us know the information that is incorrect and what it should be replaced with.
If we are required to update your personal information, we will inform recipients to whom that personal information have been disclosed (if any), unless this proves impossible or has a disproportionate effort.
It is your responsibility that all personal information provided to us is accurate and complete. If any information you have given us changes, please let us know as soon as possible (see “How to Contact Us” below).
- Right to ask us to stop contacting you with direct marketing
We have a legitimate interest to send you electronic communications in connection with the service and related matters (which may include but shall not be limited to newsletters, announcement of new features etc. and which may also appear on social media platforms such as Facebook, LinkedIn, Twitter or Instagram). We may also ask you for your consent to send you direct marketing from time to time. You may be able to select your preferences with respect to direct marketing when registering Your Account. We may also ask you different questions for different services, including competitions. We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
You can ask us to stop contacting you for direct marketing purposes. If you would like to do this, please:
- Click on ‘unsubscribe’ in our email.
- Contact us as set out under “How to Contact Us” below.
We will provide you with information on action taken on a request to stop direct marketing – this may be in the form of a response email confirming that you have ‘unsubscribed’. Unsubscribing from direct marketing does not unsubscribe you from essential electronic communications in respect of the administration of Your Account.
- Rights in relation to automated decision making
You may ask us to ensure that, if we are evaluating you, we don’t base any decisions solely on an automated process and have any decision reviewed by a member of staff. Profiling may occur in relation to your personal information for the purposes of targeted advertising and de-targeting you from specified advertising. This allows us to tailor our services or marketing of our services to the appropriate customers and helps to minimise the risk of you receiving unwanted advertising. These rights will not apply in all circumstances, for example where the decision is (i) authorised or required by law, (ii) necessary for the performance of a contract between you and us, or (ii) is based on your explicit consent. In all cases, we will endeavour that steps have been taken to safeguard your interests.
- Right to restrict or prevent processing of your personal information
In accordance with Data Protection Laws, you may request that we stop processing your personal information temporarily if:
- you do not think that your personal information is accurate (but we may start processing again once we have checked and confirmed that it is accurate);
- the processing is unlawful, but you do not want us to erase your personal information;
- we no longer need the personal information for our processing; or
- you have objected to processing because you believe that your interests should override the basis upon which we process your personal information.
If you exercise your right to restrict us from processing your personal information, we will continue to process the personal information if:
- you consent to such processing;
- the processing is necessary for the exercise or defence of legal claims;
- the processing is necessary for the protection of the rights of other individuals or legal persons; or
- the processing is necessary for public interest reasons.
- Right to data portability
In accordance with applicable Data Protection Laws, you may ask for an electronic copy of your personal information that you have provided to us and which we hold electronically, or for us to provide this directly to another party. This right only applies to personal information that you have provided to us – it does not extend to data generated by us. In addition, the right to data portability also only applies where:
- the processing is based on your consent or for the performance of a contract; and
- the processing is carried out by automated means.
- Right to erasure
In accordance with Data Protection Laws, you can ask us (please see “How to Contact Us” below) to erase your personal information where:
- we do not need your personal information in order to process it for the purposes set out in this Privacy Statement;
- if you had given us consent to process your personal information, you withdraw that consent and we cannot otherwise legally process your personal information;
- you object to our processing and we do not have any legal basis for continuing to process your personal information;
- your personal information has been processed unlawfully or has not been erased when it should have been; or
- the personal information must be erased to comply with law.
We may continue to process your personal information in certain circumstances in accordance with Data Protection Laws. Where you have requested the erasure of your personal information, we will inform recipients to whom that personal information have been disclosed, unless this proves impossible or involves disproportionate effort. We will also inform you about those recipients if you request it.
- Right to complain to the data protection supervisory authority
If you do not think that we have processed your personal information in accordance with this Privacy Statement, please contact us in the first instance (please see “How to Contact Us” below). If you are not satisfied, you can complain to the relevant data protection supervisory authority. In Ireland, this is the Data Protection Commission: https://www.dataprotection.ie.
- Right to withdraw your consent
If you have consented to our processing your personal information in respect of any matter referred to in this Privacy Statement, you may withdraw such consent at any time by contacting us via the “How to Contact Us” facility referred to below. Please note that if you withdraw your consent to such processing, it may not be possible for us to provide all/part of the service to you. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
How Long Your Personal Information is Stored
We will retain your personal information for the period necessary to fulfil the purposes outlined in this Privacy Statement, unless a longer retention period is 1) necessary for the relevant activities or services, 2) subject to a mandated retention period required by litigation or investigation, or 3) otherwise required or permitted by law.
International Data Transfers
For individuals located in the European Economic Area (EEA), your personal information may be transferred to countries outside the EEA… in particular, to the United States. We have appropriate and suitable safeguards in place to protect your personal information and the transfer of your personal information. Prior to sharing your personal information with such third-party service providers, we take steps to ensure an adequate level of data protection as required under Data Protection Laws. These include entry by us into appropriate contracts with all transferees of such data, a decision of the European Commission confirming an adequate level of data protection in the respective non-EEA country and/or standard contractual clauses approved by the European Commission or the Data Protection Commission and any relevant supplementary measures. Please contact us for further information on the means to ensure an adequate level of data protection and the transfer mechanism we rely upon for such transfers.
If you choose to provide us with personal information, it will be stored in the US and may be stored in other jurisdictions. CrossCountry may transfer that information to its staff operating outside the EEA who work for it, service providers, affiliates and subsidiaries, across borders, and from your country or jurisdiction to other countries or jurisdictions around the world. If you are visiting the Site from the EU or other regions with laws governing data collection and use, please note that your personal information is transferred to the US and may be transferred to other jurisdictions. The US does not, and these other jurisdictions may not, have the same data protection laws as the EU and may not afford many of the rights conferred upon data subjects in the EU.
Links to Other Sites
Occasionally we may provide links to third-party websites for your convenience and information. The fact that we include links to other websites does not mean that CrossCountry approves of or endorses any other third-party website or the content of that website. These sites operate independently from CrossCountry and are not under our control. CrossCountry takes no responsibility for the content of external Internet sites. These sites may have their own privacy notices in place, which we strongly suggest that you review if you choose to visit any linked websites. With the exception of any site(s) to which we refer you to apply for a job with CrossCountry or to receive other CrossCountry specific services, we are not responsible for the content of these sites, any products or services that may be offered through these sites, or any other use of these sites. We accept no liability for any statements, information, products, or services that are published on or are accessible through any websites owned or operated by third parties.
CrossCountry maintains reasonable physical, administrative, and technical safeguards to protect your personal information against unauthorized disclosure, use, alteration, or destruction, and we require the third-party service providers and business partners that we work with to do the same. No data transmissions over the Internet can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of any information you transmit to us and you understand that any information you transfer to CrossCountry is done at your own risk.
Once we receive your transmission, we make commercially reasonable efforts to ensure security on our systems. If we learn of a security systems breach, we may attempt to notify you electronically so that you can take appropriate protective steps. By using the Sites or providing personal information to us, you agree that we can communicate with you electronically regarding security, privacy and administrative issues relating to your use of the Sites. We may post a notice on our Sites if a security breach occurs. We may also send an email to you at the email address you have provided to us in these circumstances. Depending on where you live, you may have a legal right to receive notice of a security breach in writing.
CrossCountry’s Site and consulting services are not directed to or intended for use by children under age 16. Accordingly, we do not knowingly collect information directly from anyone under 16 years of age. Where appropriate, CrossCountry will specifically instruct children not to submit such information to our Site. If we become aware that a child has provided us with personal information without parental consent, or a parent or guardian of a child contacts us as shown in “How to Contact Us” below, we will delete the child’s information from our databases.
Do Not Track Mechanisms
At this time our Sites do not recognize automated browser signals regarding tracking mechanisms, which may include “Do Not Track” instructions.
Choice of Law
This Privacy Statement has been made in, and shall be governed, construed and enforced in accordance with the laws of the Commonwealth of Virginia, without giving effect to any conflict of law principles. Notwithstanding the provision in the preceding paragraph with respect to applicable substantive law, any arbitration conducted pursuant to the terms of this Privacy Statement shall be governed by the Federal Arbitration Act (9 U.S.C. §§ 1-16).
Changes or Updates to this Privacy Statement
We may update or change this Privacy Statement from time to time and without prior notice to you. We will post a notice on our Site to notify you of any significant changes to our Privacy Statement and indicate at the top of the Privacy Statement when it was most recently updated.
How to Contact Us
Your visit to the Sites is subject to this Privacy Statement and Terms and Conditions. If you have any questions, comments or concerns regarding our privacy practices or this Privacy Statement, please contact us at the postal and email addresses below.