Last updated August 12, 2024

Hey there! We're Mobility Empowered, Inc. ("Mobility Empowered", "we", "us", "our"), and we know that your privacy is kind of a big deal.

When does this Privacy Statement apply?

This Privacy Statement is like a roadmap that tells you how we collect, use, store, share, transfer, or otherwise process your Personal Data. "Personal Data" can mean different things depending on where you live, but generally, it includes info that can identify you, like your name, phone number, address, email, and online identifiers.

This Privacy Statement has got you covered when:

• You're using our snazzy Mobility Empowered web and mobile applications (we'll call these the "Applications").
• We're providing you with our top-notch professional services to help with employee relocation (the "Professional Services").
• You're visiting or interacting with us via our website at mobilityempowered.com (the "Website").
• We're selling or offering to sell our Professional Services to you, or when we're doing our marketing thing ("Sales and Marketing Activities").

In this Privacy Statement, we'll refer to the Applications, the Professional Services, use of the Website, and our Sales and Marketing Activities collectively as the "Services".

Just so you know, this Privacy Statement doesn't apply to info collected by our corporate customers or partner suppliers who are doing their own thing, or if you're applying for a job or already work at Mobility Empowered.

Who's in charge of your Personal Data?

In the context of this Privacy Statement, Mobility Empowered is the data controller. That means we're the ones calling the shots on why we collect your Personal Data and how we use it.

Why do we collect your Personal Data?

In our Applications, we process your Personal Data to:

• Give you access and let you use the Applications.
• Help with your relocation as given the thumbs up by your employer (our corporate customer).
• Send you push notifications and milestone updates about your relocation or profile in the Applications.
• Get your feedback when you rate how we're doing with our Services.
• Let you keep an eye on how your employees' relocations are going.
• Respond to your questions and requests related to the Applications or our Professional Services.
• Comply with legal stuff and exercise/defend our legal rights.

With our Professional Services, Website, and Sales and Marketing Activities, we process your Personal Data to:

• Handle and respond to your inquiries and requests sent via our Website or related to our Professional Services.
• See how satisfied our customers are.
• Take care of accounting and HR management.
• Help with sales and marketing of our Professional Services.
• Analyze and understand how you've used our Website.

What Personal Data do we collect?

In our Applications, we collect:

• Your username and sign-in credentials.
• Bio data, like your name, your relatives' and kids' names (if applicable), and your age.
• Contact data, like work, home, and temporary addresses, phone numbers, and email addresses.
• Relocation data, like your departure and destination location, address, dates.
• Professional and employment data, like your employer and employee number.
• Education data, including your formal qualifications.
• Compensation data, including your relocation package and benefits from your employer.
• Financial data, like your bank account and financial account numbers.
• National identifiers, like your national ID, social security, and passport numbers.
• Citizenship and residency status.
• Data from your passport or national ID documents.
• Technical and log data when you use the Applications, including login date/time.
• Metadata like IP addresses and device identifiers.
• Photos of you, your family, and documents.
• Data in files on your device's storage.

Under the California Consumer Privacy Act (CCPA), we've got to categorize this data into distinct buckets: Identifiers, Signature, physical characteristics or description, telephone number, state ID card number, insurance policy number, education, bank account number/information, financial information, medical information, health insurance information; California Customer Records Personal Information Categories, Protected Classification Characteristics Under California or Federal Law, Professional or Employment Related Information, Non-public Education Information, Internet or Other Electronic Network Activity information, Visual Information, and Geographic Information.

With our Professional Services and Website, we collect:

• Biographic data, like your first and last name.
• Contact data, like your work email and phone number.
• Professional data, like your company name and job title.
• Web analytics data.
• Any other data you decide to send us via email.

Under the CCPA categories, the bio and contact data are Identifiers, professional data is Professional or Employment Related Information, web analytics data may be Internet or Other Similar Network Activity, and anything else you send us could fall under any CCPA category.

How do we get your Personal Data?

We receive your Personal Data when:

• You give it to us directly - on calls, via email, or through our Website.
• You provide it when using our Applications.
• Your spouse/partner gives it to us.
• Representatives of our corporate customers (including employees, contractors, and others) give it to us.
• Our service providers give it to us, including from B2B sales and marketing platforms like ZoomInfo and analytics services like Google Analytics.
• When a friend, partner supplier, business service provider, corporate customer, or employee refers you to our Services and gives us your Personal Data.
• We use essential cookies and similar tech to access and navigate our services, strictly for essential and operational uses without tracking personal info for advertising.

How long do we keep your Personal Data?

If you're a relocating employee, we'll keep your Personal Data for the time we agreed on with our corporate customer. Usually, we've got to keep this info for up to 7 years after the file (or employee) has been authorized for relocation services. This might be different for each customer, so if you want to know how long we're keeping your data, hit us up.

We also keep limited amounts of your Personal Data for reasonable periods as needed to comply with legal obligations, resolve disputes, and enforce our agreements, guided by our internal retention policies. But, we'll respect your requests to delete your Personal Data, subject to the limitations in this Privacy Statement.

Who do we share your Personal Data with?

When you use our Applications, we share your Personal Data with our business service providers, including those providing:

• Web and mobile app development support
• Managed IT services and support
• Online survey tools
• Accounting software
• Chatbots

We may also provide limited amounts of your Personal Data to our corporate customers (only your employer) through the Application.

With our Professional Services, Website, and Marketing and Sales Activities, we share your Personal Data with business service providers for:

• Customer relationship management software
• Online survey tools
• Email marketing
• Web analytics
• Accounting software
• Work management platforms
• Domain services
• IT and security
• Email services
• Software for responding to RFPs and security questionnaires
• Sales and marketing management
• Cloud services
• Video conferencing

We're still responsible for protecting your Personal Data when we transfer it to our service providers, except if we're not the ones responsible for any unauthorized or improper processing.

If you're a relocating employee, we'll also share your Personal Data with partner suppliers who help with specific relocation services. Like if you need to find a new rental in your destination country, we'll share your data with our partner real estate agents in the area to help you out. Keep in mind, many of our partner suppliers have their own reasons and methods for collecting and processing your Personal Data, and their use of your data is governed by their own terms and privacy notices.

In all cases where we share your personal data with service providers. we will only share the data necessary for the service provider to complete their specific task. We remain liable if the agent processes your personal information in a manner inconsistent with these principles. We have contracts in place with all service providers that require them to protect your data and comply with data protection laws. These contracts include obligations for the service provider to:

• Use your data for limited and specified purposes related to the service being provided.
• Implement appropriate technical and organizational measures to protect your data.
• Notify us if they can no longer meet their obligations under the contract.

We require these third parties to keep your Personal Data confidential and protected in compliance with applicable laws.

As required by the CCPA, in the last 12 months, we've disclosed these categories of Personal Data for business purposes:

• Identifiers
• California Customer Records Personal Information Categories
• Protected Classification Characteristics Under California or Federal Law
• Professional or Employment Related Information
• Internet or Other Electronic Network Activity information
• Visual Information
• Geographic Information
• Non-public Education Information

We may also disclose your Personal Data:

• If required by law or if we have a good-faith belief that disclosure is necessary to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to: in response to subpoenas, search warrants, or court orders. If we have to disclose your Personal Data to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that the recipients of your Personal Data will maintain its privacy or security.
• If we sell or transfer all or part of our company's business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring, or other company change.
• To our subsidiaries or affiliates in Ireland, India, and the Philippines, but only if necessary for business and operational purposes.

We reserve the right to use, transfer, sell, and share aggregated, anonymized, or de-identified data (which isn't Personal Data) about our Services' users as a group for any legal business purpose, like analyzing usage trends and seeking compatible advertisers, sponsors, and customers.

Where do we store and transfer your Personal Data?

Mobility Empowered's HQ is in Colorado, USA. We use a lot of US-based service providers and partner suppliers. This means your Personal Data is mainly stored in the US by us, our service providers, and our partner suppliers.

But, we operate globally through our subsidiaries, service providers, and partner suppliers. So, we may store and transfer your data to our subsidiaries, service providers, and partner suppliers in different countries if it's relevant to the Services. If you're a relocating employee, where we transfer your Personal Data to and from also depends on where you're relocating to and from.

For folks whose Personal Data is regulated by data protection laws in the UK or European Economic Area (EEA), when we transfer data from these regions to third parties in countries that aren't recognized as providing an adequate level of protection to Personal Data, we use appropriate safeguards. These include the EU 2021 Standard Contractual Clauses (SCCs), UK International Transfer Addendum, UK International Data Transfer Agreement, and any approved certification mechanisms. We also review our compliance with the latest guidance and obligations for valid data transfers under applicable privacy and data protection regulations. If we need to update the data transfer mechanism we use, we'll update this Privacy Statement accordingly.

Basis of Processing

Within the scope of this Privacy Statement and where required by applicable privacy and data protection laws, we rely on these legal grounds for processing your Personal Data:

• Your consent. If we process your Personal Data based on your consent, you can withdraw it at any time. This won't affect the lawfulness of processing based on consent before withdrawal, or processing done on other lawful grounds.
• The need to perform our obligations under a contract or related pre-contractual duties at your request. When we get your Personal Data directly from you to provide our Services, we need it to perform our contractual obligations to you. Without the necessary Personal Data, we won't be able to provide Services to you.
• Our legitimate interests or a third party's legitimate interests, like facilitating employee and family relocation. When we rely on legitimate interests, you can ask us for more info on how we chose this legal basis. Just use the contact details in the Contact Us section of this Privacy Statement.
• The need to comply with a legal obligation we're subject to.
• Any other ground required or permitted by law in the specific context.

If we stop having a legal basis for processing your Personal Data (like if you submit a valid request objecting to the processing and no other basis exists), we'll stop processing your Personal Data except as strictly necessary to comply with your request.

Do we sell or share your Personal Data?

Nope! In the past 12 months, we haven't "sold" or "shared" your Personal Data as defined in applicable data protection laws.

How do we protect your Personal Data?

We've implemented and will maintain technical, organizational, and physical security measures reasonably designed to help protect Personal Data from unauthorized processing, like unauthorized access, disclosure, alteration, or destruction.

Your Privacy Rights

You've got certain privacy rights related to our collection of your Personal Data. If you are a relocating employee and your Personal Data has been provided to us by your employer, please be aware that certain privacy rights, such as the right to deletion, may not apply once your data becomes operational. As a data processor and service provider, we are legally and contractually obligated to process and retain your Personal Data in accordance with our agreements with our corporate customers as well as other legal or governmental obligations. Both GDPR and CCPA, as well as similar legislation, acknowledge these obligations and provide exclusions for service providers in such situations. If you have any questions or concerns regarding the processing of your Personal Data, we recommend that you contact your employer or your designated Mobility Empowered Advisor. privacy@mobilityempowered.com

Here's a summary of your Privacy Rights:

Right to Know What We Do With Your Personal Data

This is the right to be informed. It means you have the right to get all the info from us about our Personal Data processing activities that concern you (or your child), like how we collect and use your Personal Data, how long we'll keep it, and who we'll share it with, among other things.

We're informing you about how we process your Personal Data in this Privacy Statement.

We'll always try to inform you about how we process your Personal Data. But, if we don't collect the Personal Data directly from you, certain data protection laws let us off the hook for informing you if (i) providing the info is impossible or unreasonably expensive; (ii) gathering and/or transmitting it is required by law; or (iii) the Personal Data has to stay confidential due to professional secrecy or other statutory secrecy obligations.

Right to Know What Personal Data We Have About You

This is the right of access. It lets you ask for full details of the Personal Data we have about you.

If you use our Applications, you can review your Personal Data through your portal with your own login credentials.

You have the right to request a copy of, or access to, Personal Data and certain related info from us. You can also get confirmation of whether or not we process your Personal Data (or your child's).

Once we receive and confirm that the request came from you or your authorized agent, we'll disclose to you:

• The categories of your Personal Data that we process
• The categories of sources for your Personal Data
• Our purposes for processing your Personal Data
• Where possible, the retention period for your Personal Data, or if not possible, the criteria used to determine the retention period
• The categories of third parties we share your Personal Data with
• If we do automated decision-making, including profiling, meaningful info about the logic involved, as well as the significance and the envisaged consequences of such processing for you
• The specific pieces of Personal Data we process about you in an easily sharable format
• If we sold or disclosed your Personal Data for a business purpose, the categories of Personal Data and categories of recipients for both sale and disclosure
• If we rely on legitimate interests as a lawful basis to process your Personal Data, the specific legitimate interests
• The appropriate safeguards used to transfer Personal Data from the EEA or UK to a third country, if applicable

Under some circumstances, we may deny your access request. If we do, we'll tell you why.

The CCPA doesn't allow us to disclose Social Security numbers, driver's license numbers or other government-issued IDs, financial account numbers, health insurance or medical identification numbers, account passwords, or security questions and answers. We can tell you that we have this info generally, but we may not provide the specific numbers, passwords, etc. to you for security and legal reasons.

Right to Change Your Personal Data

This is the right to rectification. It gives you the right to ask us to correct, without undue delay, anything you think is wrong with the Personal Data we have on file about you (or your child), and to complete any incomplete Personal Data. In our Applications, you can edit a lot of your Personal Data by accessing your account with your own login credentials.

Right to Delete Your Personal Data

This is the right to erasure, deletion, or the right to be forgotten. It means you can ask us to delete your Personal Data. Sometimes we can delete your info, but in certain situations as a data processor, we may not be able to delete your Personal Data due to our contractual obligations with our corporate customers or other legal or technical requirements. Once we receive your Personal Data from our corporate customers and their instructions to begin the contracted services, the data becomes operational. As a data processor and service provider, we are legally and contractually obligated to process and retain your Personal Data in accordance with our agreements. In such situations, we may not be able to delete your Personal Data upon request, as both GDPR, CCPA and similar legislation provide exclusions for service providers in these scenarios. If you are a relocating employee and your Personal Data has been provided to us by your employer, please contact your employer or your designated Mobility Empowered Advisor to discuss any concerns or questions you may have regarding the processing of your Personal Data. Also you may contact our Privacy Officer via email at privacy@mobilityempowered.com

If we've made your Personal Data public, we'll take all reasonable steps, including technical measures, to inform third parties processing your Personal Data of your request to erase any copy or replication of your Personal Data.

Right to Ask Us to Limit How We Process Your Personal Data

This is the right to restrict processing. It's the right to ask us to only use or store your Personal Data for certain purposes. You have this right in certain instances, like if you think the data is inaccurate or the processing is unlawful.

Right to Ask Us to Stop Using Your Personal Data

This is the right to object. It's your right to tell us to stop using your Personal Data. You have this right where we rely on a legitimate interest of ours (or a third party's). You can also object at any time to the processing of your Personal Data for direct marketing purposes.

We'll stop processing the relevant Personal Data unless: (i) we have compelling legitimate grounds for the processing that override your interests, rights, or freedoms; or (ii) we need to keep processing your Personal Data to establish, exercise, or defend a legal claim.

If we've received your Personal Data in reliance on the DPF, you may also have the right to opt out of having your Personal Data shared with third parties and to revoke your consent to our sharing your Personal Data with third parties. You may also have the right to opt out if your Personal Data is used for any purpose that's materially different from the purpose(s) it was originally collected for or that you originally authorized.

Right to Port or Move Your Personal Data

This is the right to data portability. It's the right to ask for and receive a portable copy of your Personal Data that you've given us or that you've generated by using our services, so you can move it, copy it, keep it for yourself, or transfer it to another organization.

We'll provide your Personal Data in a structured, commonly used, and machine-readable format. When you request this info electronically, we'll give you a copy in electronic format.

Plus, for folks using the Applications, they have access to their own portal with their Personal Data and can port the info as needed.

Right Related to Automated Decision Making

Sometimes we use computers to study your Personal Data. We might use this data to see how you use our services. For decisions that may seriously impact you, you have the right not to be subject to automatic decision-making, including profiling. In those cases, we'll always explain when we might do this, why it's happening, and the effect.

Right to Revoke or Limit Consent and Opt-Out

You may also have the right to opt out of having your Personal Data shared with third parties, and you can revoke your consent that you've previously given for us to share your Personal Data with third parties, except as required by law.

You also have the right to opt out if your Personal Data is used for any purpose that's materially different from, but still compatible with, the purpose(s) it was originally collected for or that you authorized.

Right to Opt Out of Receiving Direct Marketing

You can opt out of receiving our newsletters or marketing emails by following the unsubscribe instructions in the email, or by contacting us.

Right to Opt Out of the Sale or Sharing of Your Personal Data

Some laws give you the right to opt out of the sale or sharing of your Personal Data, which means you can ask us not to sell or share your Personal Data at any time. We don't currently sell or share your Personal Data.

EEA and UK Supervisory Authority Oversight

If you're in the EEA and subject to EEA data protection laws, you have the right to lodge a complaint with a data protection regulator in one or more European Union member states.

If you're in the UK, you can lodge a complaint with the UK Information Commissioner's Office.

Non-Discrimination

We won't discriminate against you for exercising any of your privacy rights. Unless permitted by law, we won't:

• Deny you goods or services
• Charge you different prices or rates for goods or services, including through discounts, benefits, or penalties
• Provide you a different level or quality of goods or services
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services

Response Timing and Format of Our Responses

We'll confirm receipt of your request within 10 business days and describe our identity verification process (if needed) and when you should expect a response, unless we've already granted or denied the request.

Please allow us up to a month to reply to your requests from the day we received your request. If we need more time (up to 90 days total), we'll let you know why and the extension period in writing.

If we can't satisfy a request, we'll explain why in our response. For data portability requests, we'll choose a format to provide your Personal Data that's readily useable and should allow you to transmit the info from one entity to another without difficulty.

We won't charge a fee for processing or responding to your requests. But, we may charge a fee if we determine that your request is excessive, repetitive, or manifestly unfounded. In those cases, we'll tell you why we made that determination and give you a cost estimate before completing your request.

Verification of Your Identity

To correctly respond to your privacy rights requests, we need to confirm that YOU made the request. So, we may require additional info to confirm that you are who you say you are.

For requests submitted via password-protected accounts in our Applications, your identity is already verified. For requests sent by other means, we may verify your identity by contacting you by phone or email and asking you to provide us with info that matches the info we have about you.

Verification of Authority

If you're submitting a request on behalf of someone else, we'll need to verify your authority to act on their behalf. When contacting us, please give us proof that the individual gave you signed permission to submit the request, a valid power of attorney on their behalf, or proof of parental responsibility or legal guardianship. Or, you can ask the individual to directly contact us at privacy@mobilityempowered.com to verify their identity and confirm they gave you permission to submit the request.

Alternatively, we'll ask you to provide us with appropriate proof of authority.

Children's Privacy

Our Services aren't directed at or intended for use by children. We don't knowingly allow anyone under 18 to use our Services. Children should always get permission from a parent or guardian before sending their Personal Data over the Internet. If you think your child may have given us their Personal Data, you can contact our Privacy Officer using the info in the Contact Us section of this Privacy Statement and we'll delete the Personal Data.

Note that when we provide you with the Services and you're a relocating employee relocating with your family (including your children), we may collect some Personal Data related to your child directly from you to provide the Services.

Data Privacy Framework ("DPF")

For Personal Data in the scope of this Privacy Statement that's processed by our web or mobile Applications, Mobility Empowered, Inc. complies with the EU-U.S. Data Privacy Framework ("EU-U.S. DPF"), the Swiss-U.S. Data Privacy Framework ("Swiss-U.S. DPF") and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. Mobility Empowered has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles ("EU-U.S. DPF Principles") with regard to the processing of Personal Data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Mobility Empowered has also certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles ("Swiss-U.S. DPF Principles") with regard to the processing of Personal Data received from Switzerland in reliance on the Swiss-U.S. DPF. If there's any conflict between the terms in this Privacy Statement and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit Data Privacy Framework website.

Dispute Resolution

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Mobility Empowered commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF should first contact Mobility Empowered at privacy@mobilityempowered.com.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Mobility Empowered commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS Data Privacy Framework Dispute Resolution Procedure. JAMS is an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.

If your dispute or complaint can't be resolved by us or through the dispute resolution program established by JAMS, you may have the right to require that we enter into binding arbitration with you under the Data Privacy Framework's Recourse, Enforcement and Liability Principle and Annex I of the Data Privacy Framework.

U.S. Regulatory Oversight

The Federal Trade Commission has jurisdiction over Mobility Empowered’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).

Mobility Empowered is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

Changes to the Privacy Policy

We periodically update this Privacy Policy to reflect changes in our practices or relevant laws, with all amendments posted on our website and notified to users upon their next login.

Data Protection Officer (DPO)

Mobility Empowered has appointed a Data Protection Officer (DPO) to oversee our data protection practices and serve as a point of contact for users. You can reach the DPO at dpo@mobilityempowered.com.

Contact Information

For inquiries or concerns about our privacy practices, please reach out to us at privacy@mobilityempowered.com.