BOOK A DEMO

Data Privacy Framework Policy

Effective Date: December 19, 2024 

This Data Privacy Framework Policy (“Policy”) describes how RegDesk, Inc. (“RegDesk”, “we” , “or”, “us”) collects, uses, and discloses certain personally identifiable information that we receive in the United States (“US”) from the European Union (“EU”), the United Kingdom (“UK”), and Switzerland (“Personal Data”). This Policy supplements our RegDesk Privacy Policy located at https://www.regdesk.co/privacy-policy/, and unless specifically defined in this Policy, the terms in this Policy have the same meaning as the RegDesk Privacy Policy.

RegDesk complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. RegDesk has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. RegDesk has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/. To view the entire DPF List, visit https://www.dataprivacyframework.gov/list.

For purposes of enforcing compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, RegDesk is subject to the investigatory and enforcement authority of the US Federal Trade Commission.

Personal Data Collection and Use

Our RegDesk Privacy Notice located at https://www.regdesk.co/privacy-policy/ describes the categories of Personal Data that we may receive in the US as well as the purposes for which we use that PersonalData. Please note that we may receive the following categories of Personal Data in the US: name, email address, phone number, mailing address, job title and professional certifications or affiliations, purchase history and account information, payment data, and correspondence data or data submitted on a website form or survey. We may collect Personal Data associated with the use of our website or digital platform, including IP address, data and time of access, pages and content viewed, language preferences, websites linked to or from, whether emails or other communications are received or opened and links clicked on within those emails, information from mobile devices or computers about interactions with the website or online services, including unique device identifier, mobile network information, type of device used and the operating system on that device, browser type, a list of files downloaded or pages viewed, and any errors encountered. We may collect human resources data associated with employees, contractors, and staff in the EU, UK, or Switzerland. Such data may include: contact information; bank account information; health insurance and other benefits information; investment information; insurance claims data; salary and other payment data; information related to your supervisors, job titles, and duties; information related to HR investigations and background and suitability checks; drug testing information; disciplinary information; leave/vacation dates and locations; data related to any health and wellness services you utilize offered through RegDesk, including mental health and counseling services; and other data associated with your employment.

We process Personal Data for the following purposes:

  • provide our website and digital platform;
  • communicate with users regarding the regulatory process;
  • permit login/access to our digital platform;
  • manage our business relationships;
  • address inquiries submitted to us;
  • develop analytics to understand our audiences;
  • develop business strategies and marketing plans;
  • provide information about new or related products or services we offer;
  • maintain, analyze, and improve user experience on our website and digital platform;
  • communicate with users and provide customer and technical support;
  • monitor and enforce our contracts and legal terms;
  • detect and prevent fraud;
  • fulfill the purpose for which users provided information to us;
  • to facilitate employment and support our employees, contractors, and other staff, and for other legitimate purposes as set forth in our RegDesk Privacy Notice.

RegDesk will only process Personal Data in ways that are compatible with the purpose for which RegDesk collected it, or for purposes the individual later authorizes. Before we use Personal Data for a purpose that is materially different than the purpose for which we collected it or that an individual later authorized, we will (at a minimum) provide the opportunity to opt out. RegDesk maintains reasonable procedures to help ensure that Personal Data is reliable for its intended use, accurate, complete, and current.

Data Transfers to Third Parties

Third-Party Agents or Service Providers. We may transfer Personal Data to our third-party agents, service providers, or other third parties who perform functions on our behalf. As further described in our website Privacy Notice, the types of third parties to which we disclose personal information and the purposes for such disclosures include:

  • Affiliated Organizations. We may share personal information with our parent organizations, subsidiaries, affiliates, joint ventures, or other organizations or entities under common control with us in order to operate our business.
  • Service Providers. We work with service providers to help us provide our website and digital platform and to support internal operations, including: data hosting, storage, and cloud service providers; platform and/or application security service providers; technical and customer support providers; marketing and analytics providers; and other third parties.
  • Professional Advisors, Law Enforcement and Regulators. We share information with our professional advisors who provide legal, compliance, auditing, accounting, banking, consulting, or other professional services, and with regulators, law enforcement, or government agencies.
  • We may otherwise disclose personal information in the event that we believe such disclosure is
    1. necessary to provide our services or operate our business;
    2. in accordance with purposes we describe to individuals when they share data with us;
    3. permitted by law; or
    4 with consent or at an individual’s direction.

We may also share personal data in the event of a transaction or reorganization impacting RegDesk, such as a sale or merger.

We take reasonable and appropriate steps to ensure that third-party agents and service providers process Personal Data in accordance with our EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF obligations and to stop and remediate any unauthorized processing. As required by law, RegDesk remains liable under the DPF Principles if its agent processes such personal information in a manner inconsistent with the DPF Principles, unless another party is responsible for the event giving rise to the damage.

Disclosures for National Security or Law Enforcement. Under certain circumstances, RegDesk may be required to disclose your Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

RegDesk may make additional disclosures as indicated in our Privacy Notice.

Access Rights

Pursuant to the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain Personal Data relating to you in the United States. Upon request, we will provide you with access to the Personal Data that we hold about you. You may also correct, amend, or delete the Personal Data we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF should direct their query to privacy@regdesk.co. If requested to remove data, we will respond within a reasonable timeframe as required by law.

We will provide an individual opt-out choices, or opt-in choices for sensitive data (including personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual), before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your Personal Data, please submit a written request to privacy@regdesk.co. RegDesk may limits its response to your exercise of rights as permitted by law.

Questions or Complaints

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, RegDesk commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK, or Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF should first contact privacy@regdesk.co.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, RegDesk commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to VeraSafe, an alternative dispute resolution provider based in the United States.  If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://verasafe.com/privacy-solutions/data-privacy-framework-dispute-resolution-program/ for more information or to file a complaint.  The services of VeraSafe are provided at no cost to you.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, RegDesk commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.

Binding Arbitration

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms with respect to personal data received or transferred pursuant to the Data Privacy Framework.

RegDesk, Inc.

2450 Holcombe Blvd, Suite X

Houston, TX 77021

+1 267 607 3375

RegDesk Reviews
RegDesk Reviews

© 2025 RegDesk, Inc. All rights reserved

#WednesdayWebinar Join us for our upcoming webinar Global Regulatory Changes to Expect in 2025 January 22, 2025 at 10 AM ET

Register Now