Ascen Inc. Privacy Policy

‍

Effective Date: June 28, 2025

‍

1. Introduction

‍

This Privacy Policy (“Policy”) explains how personal information about you is collected, used, and disclosed by Ascen Inc. and its subsidiaries and affiliates (collectively, “Ascen,” “we,” “us,” or “our”). Ascen operates the website www.ascen.com (the “Website”) and provides related employer of record, payroll, and back-office services for staffing organizations (the “Services”).

‍

This Policy is designed to help you understand our privacy practices in a clear and transparent manner. It forms a part of our agreements with our clients and users. By using our Website or Services, you agree to the collection and use of your information in accordance with this Policy.

‍

2. Scope and Application

‍

This Policy applies to all personal information we collect from or about the following individuals:

‍

· Website Visitors: Individuals who visit our Website, including those who request a demo or submit an inquiry through a contact form.

· Clients: The organizations that use our Services, including their representatives and authorized users who access the Ascen platform.

· Managed Employees and Contractors: The employees, independent contractors, and other workers whose personal information we process on behalf of our Clients to provide our Services.

· Candidates: Individuals who apply for employment with Ascen.

· Partners and Suppliers: Representatives of our business partners, subprocessors, and vendors who provide products or services to Ascen.

· Event and Marketing Participants: Individuals who participate in our webinars, surveys, conferences, or receive marketing communications.

For clarity, we refer to all individuals covered by this Policy as “you” or “Data Subjects”. This Policy applies to all personal information collected through our Website and Services, regardless of how you access them.

‍

3. Information We Collect

‍

Summary: We collect personal information you provide when you interact with our website or apply for a job. To provide our core payroll and HR services, we also collect sensitive information—such as identification, financial, and health data—which may be provided either by you directly during onboarding or by our Client. We also collect technical information automatically when you use our Website.

We collect several categories of personal information from and about you. The specific information we collect depends on your relationship with us. Providing your personal information may be required to receive our Services, or it may be voluntary. We will inform you when the provision of certain information is required.

For clarity, we do not collect precise geolocation data from your mobile device, nor do we use "geofencing" to track your presence near any physical locations.

‍

a. Information You Provide

When you create an account, request a demo, apply for a position at Ascen, or otherwise communicate with us, you may provide us with the following:

· Contact Information: Your full name, email address, physical address, and phone number.

· Account and Communications Data: Your login credentials, feedback, survey responses, and the content of your communications with us.

· Client Representative Data: To comply with our legal obligations, we may collect professional and identification data from the representatives and beneficial owners of our prospective and current Clients for "Know Your Customer" (KYC) and anti-money laundering (AML) screening purposes.

‍

b. Information We Collect to Provide Our Services

To provide our Employer of Record and payroll Services, we collect information required for onboarding, payroll, benefits administration, and legal compliance. This information may be provided by you directly when you onboard to our platform, or it may be provided by our Client on your behalf. This includes:

‍

· Identification Data: Your name, date of birth, government-issued identification numbers (such as Social Security Number or passport number), and nationality.

· Employment and Professional Data: Your job title, start and end dates, compensation, benefits information, tax-related information, employment contracts, performance information, and professional history (such as from a resume or CV).

· Financial Data: Your bank account details for salary and expense disbursement.

· Health and Benefits Data: In connection with managing benefits, this may include information about sick leave, medical certificates, fitness to work, and insurance enrollment details.

· Dependent and Beneficiary Data: To administer benefits on your behalf, we may collect personal information about your dependents, beneficiaries, and emergency contacts, such as their names, contact information, and other data required by the benefits provider.

· Biometric Data: To verify your identity and prevent fraud, we may receive a photo of you (a “selfie”) and a copy of your government-issued ID. We use facial recognition technology to match your photo to your ID, which involves processing scans of face geometry.

· Criminal History Data: Where permitted by law and required for your role, we may receive information about criminal history from background checks.

c. Information We Collect Automatically

When you visit our Website or use our platform, we automatically collect certain technical and usage data to maintain security, for analytics, and to improve our Services:

· Technical and Device Data: Your IP address, browser type and version, device characteristics, operating system, and time zone setting.

· Usage Data: Information about how you use and interact with our Website and Services, such as which pages you visit, the links you click, and the duration of your visit. This information is collected through technologies like cookies, as detailed in our Cookie Notice.

d. Information We Receive from Other Sources

We may also receive personal information about you from other third-party sources to supplement the information we have, for purposes such as identity verification and risk assessment:

· Identity Verification Providers: We use third-party services to help verify your identity and prevent fraud.

· Financial Institutions: We may receive information from financial institutions in connection with processing payments.

· Public Sources: We may collect information from publicly available sources, such as public social media profiles or company registries.

‍

4. How We Use Your Information (and Our Legal Basis)

‍

Summary: We use your personal information to provide our Services, which includes running payroll, managing benefits, and ensuring legal compliance. We also use your data to secure our platform, communicate with you, improve our products, and for marketing purposes where you have agreed to receive such communications. We only process your data for specific, lawful reasons.

‍

We use the personal information we collect for the business and commercial purposes outlined below. For individuals in regions like the European Economic Area (EEA), United Kingdom (UK), and Switzerland, we are required to have a “lawful basis” for each of our processing activities. We have identified these bases in the table below.

‍

The table also details the categories of personal data involved in each activity and the period for which that data is typically retained. Please note that these are our default retention periods, which may be extended where necessary to comply with legal obligations, such as a litigation hold or a government investigation.

‍

Processing Activity

Purpose of Processing

Lawful Basis (under GDPR)

Data Categories Involved (from Section 3)

Data Retention Period

‍

Account & Identity Management

To create and manage user accounts; verify identity; facilitate access to the Ascen platform; and conduct required “Know Your Customer” (KYC) checks on clients.

Performance of a Contract; Legal Obligation (for KYC/AML); Legitimate Interest (fraud prevention).

Identification Data; Contact Information; Account Data; Biometric Data.

For the duration of the user's account and for a subsequent period as required by applicable legal and financial auditing obligations. Biometric Data is retained in accordance with the specific, shorter retention schedule outlined in Section 7.

EOR, Payroll & Payment Processing

To onboard employees and contractors; calculate and disburse salaries and other compensation; manage taxes and deductions; and ensure compliance with employment and tax laws.

Performance of a Contract; Legal Obligation.

Identification Data; Employment and Professional Data; Financial Data; Health and Benefits Data.

For the duration of the employment or contractor relationship, and for a subsequent period as required by applicable tax, payroll, and employment laws in the relevant jurisdiction

Benefits & HR Administration

To manage employee benefits such as health insurance; administer leave requests; and provide other HR-related support services on behalf of our Clients.

Performance of a Contract.

Identification Data; Employment and Professional Data; Health and Benefits Data.

For the duration of the employment or contractor relationship, and for a subsequent period as required to administer benefits and comply with applicable employment laws.

Platform Security & Fraud Prevention

To monitor and protect our systems; detect and prevent fraudulent, illegal, or unauthorized activities; and ensure the security and integrity of our platform and Services.

Legitimate Interest (protecting our platform and users); Legal Obligation.

Identification Data; Technical and Device Data; Usage Data; Financial Data.

For a period necessary to ensure the security of our platform, investigate potential incidents, and comply with legal obligations for maintaining security logs and audit trails.

Customer Support & Communications

To respond to your inquiries; provide technical assistance; resolve issues; and send you important administrative or service-related messages.

Performance of a Contract; Legitimate Interest (improving customer service).

Contact Information; Account Data; Communications Data; Technical and Device Data.

For a period necessary to resolve the inquiry and as required by our internal record-keeping policies.

Marketing & Sales

To promote our Services; send promotional materials and newsletters; and engage with potential and existing clients.

Consent (for marketing to new contacts); Legitimate Interest (direct marketing to existing clients).

Contact Information; Employment and Professional Data; Usage Data.

Until you withdraw your consent or for as long as we have a legitimate business relationship with you, subject to periodic review of your engagement with our communications.

Analytics & Service Improvement

To analyze user behavior; monitor platform performance; identify trends; and improve the functionality and user experience of our platform.

Legitimate Interest (enhancing our service quality and product development).

Usage Data; Technical and Device Data; Anonymized or Aggregated Data.

Raw data is retained for a limited period necessary to generate aggregated insights. Anonymized and aggregated data is retained indefinitely as it is no longer personal information.

Legal & Regulatory Compliance

To comply with applicable laws, regulations, and legal processes; respond to governmental requests; and establish, exercise, or defend legal claims.

Legal Obligation.

All categories of personal data, as required by law or legal process.

For the duration required by the specific law, regulation, or legal proceeding giving rise to the obligation.

Automated Decision-Making

Ascen does not use your personal information to make decisions based solely on automated processing, including profiling, that would produce a legal or similarly significant effect on you.

‍

5. How and Why We Share Your Information

‍

Summary: We share your information only when necessary to provide our Services, comply with the law, or protect our rights. This includes sharing data with our direct Client and, where applicable, the worksite client where you perform your services. We also share data with our trusted service providers, corporate affiliates, and government authorities when legally required. We do not sell your personal information.

We will only share your personal information with the third parties listed below for the purposes described in this Policy. We want to assure you that we do not sell, rent, or trade your personal information.

‍

We may share your information with the following categories of third parties:

‍

· Our Client and Your Worksite Client: Our relationship is with our direct customer (our “Client”). In some cases, our Client is the company where you perform your day-to-day services (the “Worksite Client”). In other cases, our Client may be a staffing firm or other workforce intermediary that places you at a separate Worksite Client. To provide our Services, we share your information with our Client. As necessary for human resources and worksite management purposes, and as directed by our Client, we may also share your personal information with your Worksite Client.

‍

· Service Providers and Subprocessors: We rely on trusted third-party service providers and subprocessors to help us operate our business and provide the Services. These partners are contractually required to keep your information confidential and are only permitted to use it to perform tasks on our behalf. These may include:

· Cloud hosting and data storage providers.

· Payment processors and financial institutions.

· Identity verification services.

· Customer support and communications tool providers.

· Data analytics and information security providers.

· In-Country Payroll and Legal Partners to ensure local compliance.

‍

· Corporate Affiliates: We may share information with our subsidiaries and other companies within the Ascen corporate group to help provide, maintain, and improve our Services on a global basis.

‍

· Government, Regulatory, and Law Enforcement Authorities: We may disclose your information if we believe in good faith that it is necessary to:

· Comply with a legal obligation, a court order, or a valid subpoena.

· Protect the security or integrity of our business, our users, and the public.

· Prevent or address fraudulent, illegal, or unethical activity.

‍

· Parties Involved in a Corporate Transaction: In the event of a merger, acquisition, divestiture, or sale of all or a portion of our assets, we may disclose or transfer your personal information to the other party involved in the transaction.

‍

· Advertising and Marketing Partners: Where you have provided consent, we may share certain information with third-party advertising partners, such as Google, LinkedIn, and Meta (Facebook), to deliver personalized advertisements (“ads”) about our Services. For example, we may participate in programs like Meta’s Custom Audience service, which involves sharing identifiers like your email address (in a hashed, unreadable format) to show you relevant Ascen ads on their platform. The use of these technologies is further detailed in our Cookie Notice, where you can also manage your preferences and opt out of such targeted advertising.

‍

6. Cookies and Tracking Technologies

‍

Summary: We use cookies and similar technologies on our website to help it function, to understand how visitors use it, and to support our marketing efforts. For detailed information on the specific technologies we use and to manage your preferences, please see our Cookie Notice.

We use cookies, web beacons, and other similar technologies to distinguish you from other users of our Website and Services. “Cookies” are small text files that are stored on your device when our Website is loaded on your browser.

‍

These technologies help us provide you with a secure and personalized experience, understand how our products are used, and improve our Services and marketing.

‍

For comprehensive information about the types of cookies we use, why we use them, and how you can control your cookie preferences, please review our Cookie Notice (https://www.ascen.com/cookie-notice).

‍

7. Biometric Data Collection and Policy

‍

Summary: To keep your account secure and prevent fraud, we may use technology to verify your identity by comparing a photo of your face (a “selfie”) to your government-issued ID. This process involves collecting biometric data (specifically, face geometry). We are committed to protecting this data: we never sell it, we share it only when legally required, and we permanently delete it once it is no longer needed for its original purpose, or after three years at the latest.

‍

a. Notice of Collection and Purpose

‍

To automatically verify your identity, prevent fraud, and maintain the security of our platform, Ascen and its trusted identity verification partners may collect your Biometric Data. Specifically, this process involves collecting a photo of you and a photo of your government-issued identification document. Using facial recognition technology, information from your photo is compared against the information on your identification document. This process creates a scan of your face geometry, which is a Biometric Identifier. The sole purpose of collecting and using this Biometric Data is to verify your identity and protect your account and our Services from fraud and other unauthorized access.

‍

b. Biometric Data Defined

‍

For the purpose of this Policy, “Biometric Data” refers to “Biometric Identifiers” and “Biometric Information” as defined under Illinois law.

· A “Biometric Identifier” is a retina or iris scan, fingerprint, voiceprint, or a scan of hand or face geometry.

· “Biometric Information” is any information, regardless of how it is captured or stored, that is based on a Biometric Identifier used to identify an individual.

‍

c. Data Retention and Destruction Policy

‍

This section serves as our publicly available written policy establishing a retention schedule and guidelines for the permanent destruction of Biometric Data, as required by BIPA.

Ascen will permanently destroy an individual’s Biometric Data on the earlier of:

1. The date on which the initial purpose for collecting or obtaining such data has been satisfied (for example, upon the termination of your employment or contractual relationship with our Client); or

2. Within three (3) years of the individual’s last interaction with Ascen.

d. Disclosure and Prohibition on Sale

Ascen may disclose Biometric Data to its third-party identity verification vendors to facilitate the security and identity verification process. We contractually prohibit our vendors from any further disclosure of Biometric Data unless required by law.

‍

Ascen does not and will not sell, lease, trade, or otherwise profit from your Biometric Data. Any disclosure of your Biometric Data will only be made with your consent or if required by applicable law, a valid warrant, or a subpoena issued by a court of competent jurisdiction.

‍

8. Data Security and Retention

‍

Summary: We take the security of your data very seriously. Our security program is designed to protect your information and is certified against recognized industry standards like SOC 2. We use a range of technical and organizational measures, including encryption and strict access controls. We only keep your personal information for as long as we need it for its original business purpose and to meet our legal obligations.

‍

a. Data Security

We have implemented and will maintain a robust security program with appropriate technical and organizational measures designed to protect the confidentiality, integrity, and availability of your personal information. We take great care in protecting your data from unauthorized access, use, disclosure, alteration, or destruction.

‍

Our security commitments include:

‍

· Certification: Our security program has been certified and attested by independent auditors to be in compliance with SOC 2 standards.

‍

· Encryption: We use industry-standard encryption protocols to protect your data during transmission (in transit) and while it is stored on our systems (at rest).

‍

· Access Controls: We limit access to your personal information on a “need-to-know” basis. Access is restricted to authorized personnel who are subject to confidentiality obligations and managed through role-based access controls and strong authentication methods like multi-factor authentication.

‍

· Testing and Assessment: We regularly test, assess, and evaluate the effectiveness of our security measures to identify and address risks, including through periodic risk assessments and vulnerability testing.

Please be aware that no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

‍

b. Data Retention

We will retain your personal information only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements.

‍

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process it, and all applicable legal requirements.

For more detailed information on the retention periods associated with specific data processing activities, please refer to the “Data Retention Period” column in the table in Section 4, “How We Use Your Information.”

‍

9. International Data Transfers

‍

Summary: To provide our global services, your personal information may be stored and processed in countries outside of your own, including the United States. When we transfer your data across borders, we use legally recognized safeguards, such as Standard Contractual Clauses, to ensure your information remains protected to a high standard.

‍

Ascen is a global company that provides services to clients and individuals around the world. To facilitate our operations, your personal information may be transferred to, stored in, and processed in countries other than where you live, including the United States. These countries may have data protection laws that are different from the laws of your country.

‍

However, we take steps to ensure that any international transfer of personal information is managed carefully and in compliance with all applicable Data Protection Laws. We will only transfer your personal information to a country that is deemed to have an adequate level of protection or where we have put in place appropriate legal safeguards to protect your data.

‍

For transfers of personal information from the European Economic Area (EEA), United Kingdom (UK), or Switzerland, we rely on the following legal mechanisms:

‍

· Standard Contractual Clauses (SCCs): We use the Standard Contractual Clauses approved by the European Commission (and the UK equivalent) for the transfer of personal data to our service providers and corporate affiliates in other countries.

· Adequacy Decisions: We may transfer personal information to countries that the European Commission or other relevant data protection authorities have deemed to provide an adequate level of data protection.

‍

10. Your Privacy Rights

‍

Summary: You have rights over your personal information, including the right to access, correct, or request the deletion of your data. We are committed to honoring these rights for all our users, regardless of your location. This section explains your rights and how you can exercise them by contacting us.

Ascen respects your rights regarding your personal information. In line with our commitment to transparency and trust, we believe all our users should have control over their data, no matter where they live. Subject to applicable law, you have the following rights concerning your personal information:

‍

· The Right to Access: You have the right to confirm whether we process your personal information, request a copy of the personal information we hold about you, and receive information about how we process it.

· The Right to Correction (Rectification): You have the right to request that we use commercially reasonable efforts to correct any incomplete or inaccurate information we hold about you, considering the information’s nature and processing purposes.

· The Right to Erasure (Deletion): You have the right to request that we delete your personal information where there is no good reason for us to continue processing it. Please note that we may not always be able to comply with your request for specific legal reasons, such as legal or regulatory retention requirements, which will be communicated to you, if applicable, at the time of your request.

· The Right to Object to Processing: You have the right to object to the processing of your personal information where we are relying on a legitimate interest as our legal basis and there is something about your particular situation that makes you want to object to processing on this ground.

· The Right to Restrict Processing: You have the right to ask us to suspend the processing of your personal information in certain scenarios, for example, if you want us to establish the data’s accuracy.

· The Right to Data Portability: You have the right to request the transfer of your personal information to you or to a third party in a structured, commonly used, machine-readable format.

· The Right to Withdraw Consent: Where we are relying on your consent to process your personal information, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.

· The Right to Non-Discrimination: You have the right not to be discriminated against for exercising any of your privacy rights.

‍

Important Note on Our Role as a Service Provider (Processor)

Much of the personal information we process is done on behalf of our Clients to provide our EOR and payroll Services. In these situations, Ascen acts as a “Data Processor” or “Service Provider,” and our Client is the “Data Controller” or “Business.”

If your personal information has been provided to us by our Client, you should direct any requests to exercise your privacy rights to our Client first. We will assist our Clients in responding to your requests in accordance with our contractual and legal obligations.

‍

How to Exercise Your Rights

To exercise any of the rights described above, please submit a request to us by email at: privacy@ascen.com.

Please note that to protect your information and the integrity of our Services, we may need to request specific information from you to help us confirm your identity before we can process your request. This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Certain information may be exempt from the rights described above under applicable law. If we deny your request in whole or in part, you may have the right to appeal the decision. In such circumstances, we will provide you with information regarding the appeals process. Depending on your location, you may also email privacy@ascen.com with the subject “Data Privacy Request Appeal” to provide us with details about why you are appealing the decision.

‍

There is not usually a fee to access your personal information or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

‍

11. Region-Specific Disclosures

‍

Summary: If you live in certain regions, such as California, other U.S. states, or Europe, you may have additional privacy rights under your local laws. This section provides specific information required by those laws, such as the categories of data we collect under California law and details about our role as a Data Controller under the GDPR.

This section provides additional information for residents of certain jurisdictions to supplement the information provided throughout this Policy.

‍

a. Notice to Residents of U.S. States

‍

Various U.S. states, including but not limited to California, Colorado, Connecticut, Utah, and Virginia, provide their residents with certain privacy rights. The rights outlined in Section 10 of this Policy are intended to meet these state-level requirements.

‍

We do not “sell” your personal information, nor do we “share” it for cross-context behavioral advertising, as those terms are defined under the California Consumer Privacy Act (CCPA) and other applicable state laws.

‍

Categories of Personal Information Collected (California CCPA)

The CCPA requires us to disclose the categories of personal information we have collected from California residents over the past 12 months. We collect the following categories of personal information:

‍

b. Notice to Individuals in the EEA, UK, and Switzerland

‍

This notice applies to individuals located in the European Economic Area (EEA), United Kingdom (UK), and Switzerland.

· Data Controller: For the purposes of the GDPR, Ascen is the Data Controller for the personal information we process, except where we act as a Data Processor on behalf of our Clients as described in Section 102. Our legal basis for collecting and using the personal information described in this Policy is detailed in Section 4, “How We Use Your Information.”

· Your Rights: As an individual in these regions, you have the specific rights detailed in Section 10 of this Policy.

· Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority if you have a concern about our processing of your personal information that we are not able to resolve. Contact details for your local authority can be found here.

‍

c. Notice to Residents of Canada

‍

If you are a resident of Canada, please be aware that we are committed to processing your information in compliance with the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws. The rights detailed in Section 10 of this Policy are intended to meet our obligations under Canadian law.

‍

12. Children’s Privacy

‍

Summary: Our services are not designed for or directed to children under the age of 16. We do not knowingly collect personal information from children for our own purposes. However, to administer benefits on behalf of our Clients, we may process information about children who are dependents, which is provided to us only by their parent, legal guardian, or an insurance carrier.

‍

Our Website and Services are not directed to children under the age of 16, and we do not knowingly collect personal information directly from children.

‍

However, if an employee of our Client enrolls a child as a dependent on a benefits plan that we administer, we may process information about that child (solely as needed to provide the benefits service). This information is provided to us by the child’s parent or legal guardian (the employee), or by insurance carriers and third-party administrators, not by the child directly.

‍

If you believe that we have inadvertently collected personal information from a child in violation of this policy, please contact us at the email address provided below, and we will take steps to remove that information.

‍

13. Do Not Track

‍

Some web browsers may transmit “Do Not Track” (DNT) signals to the websites you visit. At this time, there is no universally accepted standard for how to interpret and respond to DNT signals. Therefore, like many other websites and online services, we do not currently alter our practices when we receive a DNT signal from a visitor’s browser.

‍

14. Changes to This Privacy Policy

‍

We reserve the right to update or change this Privacy Policy at any time. We will post any changes on this page, and the “Effective Date” at the top of this Policy will be revised. For material changes to this Policy, we will provide a more prominent notice, such as through a notice on our Website’s homepage.

‍

Your continued use of the Website or our Services after we post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Policy. We encourage you to review this Privacy Policy periodically for any changes.

‍

15. Contact Information

‍

If you have any questions or concerns about this Privacy Policy or our data protection practices, please feel free to contact us.

Email: privacy@ascen.com

‍