Privacy Policy
Cielo Management Consulting, LLC (Cielo) respects and is committed to protecting your privacy. Cielo has established safeguards to protect the privacy of personally-identifiable information that is collected on its client’s behalf or received from its clients in the United States, EU, Switzerland, or any other country. Cielo's EU-U.S. Data Privacy Framework Principles certification applies to US-EU data transfers. The EU-U.S. Data Privacy Framework Principles certification does not apply to US-Switzerland data transfers.
This privacy policy applies to all personally-identifiable information that Cielo processes including manually or electronically processed data in electronic, written, or verbal formats. Personally-identifiable information is any information that can be directly or indirectly linked to or used to identify a living individual including name, email, address, phone number, race, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or other identifying characteristics. Personally-identifiable information does not include publicly available information that is not combined with non-public personal information or information which has been encoded or anonymized.
All Cielo employees and contractors are required to read and comply with these policies when using personally-identifiable information.
EU-U.S. Data Privacy Framework
Cielo complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce. Cielo has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
EU-U.S. Data Privacy Framework Principles
Notice
Cielo performs management and human resources consulting services for clients including employee assessments and surveys. As part of its consulting work, Cielo may collect or be given access to personally-identifiable information to process, analyze, or report. Personally-identifiable data that is collected for the purpose of employee assessment will be shared with the client. Personally-identifiable data that is collected for the purpose of surveying employees on their attitudes and opinions will be kept confidential. Cielo may share data collected for either purpose with third party sub-contractors or vendors working for Cielo provided that they comply with Cielo’s privacy policy and are subject to the DPF Principles. Cielo may also use data collected for either purpose as part of scientific research provided it has received permission from the client.
Choice
Cielo does not disclose any personal information that it has collected for or received from a client to any other third parties except as required by law or instructed by the client. Third party sub-contractors or vendors working for Cielo that have access to personal data are required to comply with Cielo’s privacy policy and are subject to the DPF Principles of the European Commission’s Directive on Data Protection. Cielo may transfer data to third parties or additional vendors when instructed to do so by the client.
Accountability for Onward Transfer
Cielo will not transfer personal information to any third party except (1) as required by law, (2) in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, (3)as direct by the client, or (4) to a third party working for Cielo that has agreed to comply with Cielo’s privacy policy and the DPF principles of the European Commission’s Directive on Data Protection. All third party sub-contractors or vendors working for Cielo are required to execute a written confidentiality and non-disclosure agreement. This agreement stipulates the confidential nature of data collected by and transferred to the third party working on Cielo’s behalf. It also prohibits the third party working for Cielo from releasing or disclosing information or data to any other parties without Cielo’s express written permission. When Cielo does onward transfer of personal information on behalf of its clients, Cielo shall remain liable under the DPF principles if Cielo processes the personal information in a manner inconsistent with the DPF principles.
Security
Cielo maintains reasonable precautions to protect personal data from loss, misuse and unauthorized disclosure, alteration or destruction. Data are stored and maintained such that access is limited only to authorized users. All authorized users are bound by Cielo’s confidentiality and non-disclosure agreements.
Data Integrity and Purpose Limitation
Cielo is committed to only collecting data authorized by the client and analyzing any client data in a manner consistent with the purposes for which it has been collected or subsequently authorized by the individual. To the extent possible, Cielo will take reasonable steps to ensure that any data it collects or analyzes are reliable for its intended use, accurate, complete, and current. However, the responsibility for ensuring the reliability of the data that are provided by the client rests with the client.
Access
If directed to do so by its client, Cielo will correct, revise, or remove any inaccurate data in a manner consistent with the principles of proportionality and reasonableness. Any requests by a client’s employees for corrections, revisions, or removal of any inaccurate data must be made through the client. Any requests by a client’s employees to limit the use and disclosure of personal information must be made through the client.
Enforcement, Recourse, and Liability
Cielo will allow its clients reasonable access to verify adherence to the DPF principles. Cielo will thoroughly investigate any and all complaints, and take prompt and appropriate remedial action where necessary if violations of DPF principles are found. Cielo will cooperate with the EU Data Protection Authorities and the Federal Trade Commission to resolve any complaints and disputes arising in connection with its privacy policy. Cielo will use the EU Data Protection Authorities as the sole independent recourse mechanism if complaints regarding human resources data or non-human resources data cannot be resolved between Cielo and the client. In compliance with the EU-U.S. DPF, Cielo commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF. Cielo will comply with any advice given by the EU Data Protection Authorities where the EU Data Protection Authorities take the view that Cielo needs to take specific action to comply with the DPF principles, including remedial or compensatory measures for the benefit of individuals affected by any non-compliance with the Principles, and will provide the EU Data Protection Authorities with written confirmation that such action has been taken. Cielo is subject to the investigatory and enforcement powers of the Federal Trade Commission. As a DPF participant, Cielo commits to binding arbitration at the request of the individual to address any compliant relating to our privacy policies that has not been addressed by other recourse and enforcement mechanisms.
Contacting Cielo Management Consulting, LLC
Cielo Management Consulting, LLC
401 E. 89th St. #16F
New York, NY 10128
information@cielomanagementconsulting.com
www.cielomanagementconsultingllc.com
Policy Updated on 2/11/24