Last Updated: 09-01-2023
FORVIS, LLP ("FORVIS"), a Delaware Limited Liability Partnership, complies with the EU-U.S. Data Privacy Framework (“DPF”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information that is transferred from the European Economic Area ("EEA") to the United States within the scope of its certification.
FORVIS, LLP and all subsidiaries, parent entities, divisions, departments, and affiliates of FORVIS, LLP respect the privacy of the information you have entrusted to us. This EU-US DPF Privacy Notice applies to both the online and offline collection of personal information that we process in connection with our website and services.
FORVIS has certified that it adheres to the DPF Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability. If there is any conflict between the terms in this notice and the DPF Principles, the Principles shall govern.
To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, visit https://www.dataprivacyframework.gov.
FORVIS receives and processes personal information from or relating to FORVIS, LLP and other legally separate entities in the context of the provision of products, services, and support to these entities, acting as a data processor with respect to this information. Personal information received by FORVIS will be treated in accordance with their instructions or pursuant to FORVIS contractual arrangements with them, consistent with the DPF requirements. Instances information can be collected may include:
Contact Information– Information such as name, employer, job title, address, phone number, email address and/or other pertinent information. This information can be collected if provided during marketing efforts, event registration and/or other similar instances.
Client Information – Information of clients engaging FORVIS Assurance, Tax, Advisory or other service lines. This can consist at times of personal information which is related to your client relationship with FORVIS.
Employment/Applicant Information – Information of FORVIS personnel or prospective applicants that can consist of name, email address, physical address, phone and/or qualifications.
Disclosures of Personal Information
FORVIS will disclose personal information only as authorized by the relevant data controller. We may use a limited number of third-party service providers to assist us in providing our services or in meeting internal business operation needs. These third parties will access information only to perform tasks on our behalf.
FORVIS is accountable for the onward transfer of data to third party service providers or agents who assist us in providing services. FORVIS maintains contracts with these third parties in compliance with our DPF obligations and other obligations and accepts liability if those parties fail to meet these obligations and we are responsible for the event giving rise to the damages.
Personal Information may also be disclosed as part of a corporate transaction such as a sale, divestiture, reorganization, merger or acquisition.
Disclosures of personal information may also be required to law enforcement, regulatory, or other government agencies for purposes of national security, professional bodies or to other third parties, in each case to comply with legal or regulatory obligations or requests and professional standards. FORVIS will notify the applicable data controller of any such request unless prohibited by law.
FORVIS strives to maintain industry standard administrative, technical, physical and organizational safeguards. These safeguards implemented to assist in protecting data from unauthorized, accidental or unlawful disclosure, destruction, loss or modification.
Questions and Complaints
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, FORVIS commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. In compliance with the DPF Principles, FORVIS commits to resolve complaints about our collection or use of your personal information. EU and UK individuals with inquiries or complaints regarding our DPF policy should first contact FORVIS at:
FORVIS Privacy Office
4350 Congress Street, Suite 900
Charlotte, NC 28209
FORVIS has further committed to refer unresolved DPF complaints to the American Arbitration Association, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.icdr.org/dpf for more information or to file a complaint. The services of the American Arbitration Association are provided at no cost to you. It is also possible, under certain conditions (i.e., those set forth in Annex I of the Data Privacy Framework Principles), to invoke binding arbitration with regard to Data Privacy Framework complaints that have not been resolved by other means.
FORVIS has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Data Privacy Framework complaints concerning human resources data transferred from the EU in the context of the employment relationship and the UK Information Commissioner’s Office (ICO) with regard to unresolved Data Privacy Framework complaints concerning human resources data transferred from the UK in the context of the employment relationship.
The U.S. Federal Trade Commission (FTC) has jurisdiction over FORVIS’ compliance with the DPF and FORVIS is subject to the investigatory and enforcement powers of the FTC. This notice may be amended to be consistent with the requirements of the EU-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. Data Privacy Framework. When we update this Notice, we will also revise the "Last Updated" date at the top of this page.