360 Property Data
CoreLogic powers businesses with unrivaled property data, insights and technology.
Explore Our DataEffective: April 29, 2024
CoreLogic, Inc. and our U.S. entities and subsidiaries Symbility Solutions Corp., Next Gear Solutions, LLC, and CoreLogic Solutions, LLC (together, “CoreLogic,” “our,” “we” or “us”) have certified our participation in the EU-U.S. Data Privacy Framework, the UK extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework (together, “DPF”) with the U.S. Department of Commerce. This certification relates to CoreLogic’s processing of HR Personal Data received from the European Economic Area (“EEA”), the United Kingdom and Gibraltar, and Switzerland. The Swiss-U.S. Data Privacy Framework will not be relied upon for transfers of any HR Personal Data to the U.S. from Switzerland until the date of entry into force of Switzerland’s recognition of adequacy (i.e., entry into force of the recognition by the Swiss Federal Administration that the Swiss-U.S. DPF ensures data protection consistent with Swiss law). If there is any conflict between the terms of this notice and data subject rights under the DPF Principles, the DPF Principles shall govern.
To learn more about the DPF program, please visit https://www.dataprivacyframework.gov/s/. The U.S. Department of Commerce maintains an authoritative list of U.S. organizations that have self-certified to the DPF (“DPF List”). The DPF List can be found at https://www.dataprivacyframework.gov/s/participant-search. With respect to HR Personal Data received or transferred pursuant to the DPF, CoreLogic is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
Please also see the CoreLogic Privacy Policy, California Privacy Notice, and DPF Notice for more information regarding our data handling practices. With respect to HR Personal Data subject to the DPF, this HR Data Privacy Framework Notice (“HR DPF Notice”) shall govern in the event of a conflict with any other policy or notice.
In this HR DPF Notice:
“Data Subject” means an identified or identifiable individual who is subject to the GDPR, UK GDPR, or FADP and is a past or present employee of CoreLogic.
“EU DPF” means the EU-U.S. Data Privacy Framework.
“FADP” means Federal Data Protection Act of Switzerland.
“GDPR” means the Regulation (EU) 2016/679 (General Data Protection Regulation).
“HR Personal Data” means Personal Data about CoreLogic’s past or present employees collected in the context of the employment relationship. HR Personal Data does not include statistical reporting relying on aggregate employment data or the use of anonymized data.
“Personal Data” means data about an identified or identifiable individual that are within the scope of the GDPR, UK GDPR, or FADP, received by CoreLogic in the United States from the EEA, United Kingdom and Gibraltar, or Switzerland, and recorded in any form.
“Sensitive Personal Data” means Personal Data regarding an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, or sexual life.
“Swiss DPF” means the Swiss-U.S. Data Privacy Framework.
“UK DPF” means the UK Extension to the EU DPF.
“UK GDPR” has the meaning in section 3 of the UK Data Protection Act 2018.
CoreLogic commits to comply with the DPF Principles with respect to HR Personal Data received from or regarding Data Subjects in connection with their past or present employment at CoreLogic. This HR DPF Notice does not apply to Personal Data transferred under Standard Contractual Clauses or any approved derogation under EU data protection law.
The collection of HR Personal Data and its processing prior to transfer will be subject to the national laws of the EEA member state, United Kingdom and Gibraltar, or Switzerland, depending on where the HR Personal Data was collected. We will respect any restrictions on transfer of such Personal Data according to those laws.
CoreLogic commits to processing HR Personal Data in accordance with the DPF Principles as follows:
CoreLogic’s Privacy Policy notifies Data Subjects covered by this HR DPF Notice about the categories of HR Personal Data that CoreLogic collects and the purposes for collection and use of their Personal Data. CoreLogic will only process HR Personal Data in ways that are compatible with the purpose for which CoreLogic collected it or for purposes subsequently authorized.
The types of HR Personal Data CoreLogic collects from Data Subjects are as follows:
Identifying information, including name, address, telephone number, date and place of birth, nationality and citizenship, gender, civil/marital status, number of children, mobility information, photograph/image, and passport and/or visa information.
Professional details, including your qualifications, current and prior employment roles, job title, role description, seniority, promotions, career development and performance, training programs completed, time and attendance, and periods of absence.
Financial details, including wage and salary data, bank account details, and income tax details.
Emergency contact details, including information about beneficiaries and dependents, and their contact information.
HR Personal Data that other Data Subjects provide to us, including working style, development areas, personality traits, leadership and management skills, and technical capabilities. We use this Personal Data to verify, enhance, or supplement your information.
All HR Personal Data is collected to recruit employees, commence your employment and onboard employees, provide Data Subjects with employment benefits, handle expense management, pay Data Subjects a salary and provide payroll services, provide references for former employees, deliver IT services, run training and development programs, notify designated emergency contacts in the event of an emergency, conduct surveys, report to regulators when required and comply with law and regulations, protect intellectual property and trade secrets, safeguard our interests in the event of potential claims or disputes, ensure security of the premises and safety of employees, and carry out human resources functions.
Before CoreLogic uses HR Personal Data for a purpose that is materially different from the purpose for which we collected it or that was later authorized, CoreLogic will provide Data Subjects with the opportunity to opt out.
Please also see the CoreLogic Privacy Policy, California Privacy Notice, and DPF Notice for more information regarding our data handling practices.
Opt-Out: When CoreLogic collects HR Personal Data, we will give Data Subjects the ability to opt-out whenever DPF and applicable law requires, including before we make certain disclosures of HR Personal Data to third parties or use HR Personal Data for a different purpose than that purpose for which it was collected or subsequently authorized by the Data Subject. In the event that we disclose HR Personal Data to a third party acting as our agent to perform tasks on our behalf and under our instruction, we may not provide an opportunity to opt-out. In such cases, we will always enter into a contract with the agent to ensure that HR Personal Data processing is compliant with DPF.
Opt-In: If/when CoreLogic collects Sensitive Personal Data, we will obtain opt-in consent whenever DPF requires, including before we disclose Sensitive Personal Data to a third party or use Sensitive Personal Data for a purpose other than that for which it was originally collected or later authorized. We may not be required to obtain opt-in consent with respect to Sensitive Personal Data where (i) the processing is in the vital interests of the Data Subject or another person, (ii) it is necessary for the establishment of legal claims or defenses, (iii) it is required to provide medical care or diagnosis, (iv) it is carried out in the course of legitimate activities by a foundation, association or any other non-profit body provided that the processing relates solely to the members of the body or to persons who are regularly in contact with it in connection to its purposes, (v) it is necessary to carry out our employment law obligations, and (vi) it is related to HR Personal Data that are made public by the Data Subject.
CoreLogic will make reasonable efforts to accommodate employee privacy preferences, which may include restricting access to HR Personal Data from recipients, anonymizing certain HR Personal Data, or assigning codes or pseudonyms when possible. Note that the above choices offered to Data Subjects will not be used to restrict employment opportunities or take any punitive action against Data Subjects in their employment capacity. However, to the extent needed to avoid prejudicing our ability to make promotions, appointments, or other similar employment decisions, we will not offer the above choices.
Please submit requests to limit the uses or disclosures of Personal Data and Sensitive Personal Data at HR Data Subject Request.
CoreLogic may disclose Personal Data collected through the Services as follows:
To Vendors: We disclose Personal Data to our vendors to perform services on our behalf or provide services to you, including IT access, HR vendor services, benefits and insurance services, and other services that may be offered within the scope of your employment. Such vendors act in the capacity of our processor or service provider.
Companies within our corporate group: We may disclose HR Personal Data within our corporate group to enable your employment and facilitate discussions regarding employment opportunities.
To comply with law: We may disclose Personal Data to abide by applicable law or protect the rights and interests of others.
Please also see the CoreLogic Privacy Policy, California Privacy Notice, and DPF Notice for more information regarding our data handling practices.
If CoreLogic discloses HR Personal Data covered by this HR DPF Notice to a third party, CoreLogic takes reasonable and appropriate steps to ensure that each third-party transferee processes HR Personal Data in a manner consistent with our obligations under the DPF Principles. CoreLogic will ensure that each transfer is consistent with any notice provided to Data Subjects and any consent they have given. CoreLogic requires a written contract with any third party receiving HR Personal Data that ensures that the third party (i) processes the HR Personal Data for limited and specified purposes consistent with any consent provided by Data Subjects, (ii) provides at least the same level of protection as is required by the DPF Principles, (iii) notifies CoreLogic if it cannot comply with DPF; and (iv) ceases processing HR Personal Data or takes other reasonable and appropriate steps to remediate. For our occasional employment-related operational needs, such as the booking of travel accommodations or insurance coverage, CoreLogic may disclose HR Personal Data of a small number of Data Subjects without entering into a contract with a third party.
Under certain circumstances, CoreLogic may be required to disclose HR Personal Data in response to valid requests by public authorities, including to respond to national security or law enforcement requests.
CoreLogic remains liable under the DPF Principles if an agent processes HR Personal Data covered by this HR DPF Notice in a manner inconsistent with the DPF Principles unless CoreLogic is not responsible for the event giving rise to the damage.
CoreLogic takes reasonable and appropriate measures to protect HR Personal Data covered by this HR DPF Notice from loss, misuse, and unauthorized access, disclosure, alteration, unavailability, and destruction. In determining these measures, CoreLogic considers the risks involved in the processing and the nature of the HR Personal Data.
CoreLogic takes reasonable steps to ensure that HR Personal Data is reliable for its intended use, accurate, complete, and current. CoreLogic adheres to the DPF Principles for as long as it retains HR Personal Data in identifiable form. CoreLogic takes reasonable and appropriate measures to comply with the requirement under the DPF to retain HR Personal Data in identifiable form only for as long as it serves a permissible purpose of processing.
CoreLogic limits the collection of HR Personal Data covered by this HR DPF Notice to information that is relevant for the processing purpose. CoreLogic does not process HR Personal Data in a way that is incompatible with the purpose for which it was collected or subsequently authorized by a Data Subject.
A Data Subject whose HR Personal Data is covered by this HR DPF Notice has the right to access their Personal Data and to correct, amend, or delete the Personal Data if it is inaccurate or processed in violation of the DPF Principles. We will make a good faith effort to provide access to HR Personal Data upon request. However, CoreLogic is not required to grant the rights to access, correct, amend, and delete HR Personal Data if the burden or expense of providing access, correction, amendment, or deletion is disproportionate to the risks to the Data Subject’s privacy, if the rights of persons other than the Data Subject would be violated, and for other enumerated reasons.
We endeavor to respond to requests within a reasonable time period and in a reasonable manner. If we decline to act on a request, CoreLogic will explain why the request was denied and provide a contact point for further inquiries.
For our occasional employment-related operational needs, such as the booking of travel accommodations or insurance coverage, CoreLogic may transfer HR Personal Data of a small number of Data Subjects without offering the rights enumerated above. We may also deny access to HR Personal Data in the event that such access may prejudice employee security investigations or grievance proceedings, or in connection with employee succession planning and corporate reorganization.
Please submit requests for access, correction, amendment, or deletion at HR Data Subject Request.
In compliance with the DPF Principles, CoreLogic commits to resolve complaints about your privacy and our collection or use of your HR Personal Data transferred to the United States pursuant to DPF. Data Subjects with DPF inquiries or complaints should first contact CoreLogic at [email protected].
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, CoreLogic commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See DPF Annex 1 at https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2 for more information.
CoreLogic commits to periodically review and verify its compliance with the DPF Principles and to remedy any issues arising out of failure to comply with the DPF Principles. CoreLogic acknowledges that its failure to provide an annual self-certification to the U.S. Department of Commerce will remove it from the Department’s list of DPF participants.
CoreLogic may amend this HR DPF Notice consistent with the requirements of the DPF, including providing notice about any amendment.
How to Contact CoreLogic
If you have any questions about this HR DPF Notice, please contact us at [email protected]. If you would like to request access to your Personal Data, please submit a request at HR Data Subject Request.
Contact Information in UK/EU
Symbility Solutions, Ltd. Attention: Data Protection Officer Contact: [email protected]
Symbility Solutions GmbH Attention: Data Protection Officer Contact: [email protected]
CoreLogic Solutions Ltd CoreLogic UK Limited Attention: Data Protection Officer [email protected]