Navigation SearchNavigation ContactNavigation Products

HR Privacy Shield Data Privacy Policy

Development Dimensions International and its Subsidiaries

1. Introduction

This document sets forth Development Dimensions International’s (DDI) HR Privacy Shield Data Privacy Policy (the “Policy”) governing the Company’s use of Personal Data (as defined below). This Policy is applicable to all employees of DDI and its subsidiaries. This group of companies is referred to in this Policy document variously as DDI or as the “Company”.

2. Scope

DDI’s policy is to respect and protect Personal Data collected or maintained by or on behalf of the Company. In furtherance of the Company’s commitment to this Policy, DDI has certified to adhere to the Privacy Principles set forth in the US-EU Privacy Shield Framework (alternatively, “Accord”) regarding Personal Data related to employees of DDI resident in the European Economic Area ("EEA") and processed in support of DDI human resources operations. DDI adheres to the Privacy Shield principles as respectively agreed to by the U.S. Department of Commerce and the European Commission.  With respect to Personal Information received or transferred pursuant to Privacy Shield, DDI is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. The Company’s commitment to participate in the Privacy Shield program can be found at the following DOC website located at that officially lists all U.S. entities that have registered for the program. DDI has further committed to cooperate with EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of the employment relationship.

This Policy sets forth the principles under which DDI manages the processing of Personal Data that it receives from its employees in the EEA in support of its human resources operations. In connection with DDI human resources operations, DDI may now and/or in the future transfer or provide access to Personal Data regarding employees of the EEA to the United States.

In accordance with the Privacy Shield framework, this Policy contains provisions relating to the following data privacy principles, all of which are described in greater detail in Section 4 of this Policy and which are hereinafter referred to as the “Principles”:

  • Notice
  • Choice
  • Accountability For Onward Transfer
  • Security
  • Data Integrity And Purpose Limitation
  • Access
  • Recourse, Enforcement, And Liability

This Policy outlines DDI’s general position and its practices about its commitment to implement the Principles set forth in this Section 2, including the types of Personal Data DDI collects, the purpose and use of the Personal Data and the notice and choice affected Data Subjects have regarding DDI use of their Personal Data, their ability to correct that information, and the internal contact mechanism to correct information as well as to make inquiries and/or lodge a complaint about adherence to the Principles. This Policy does not address additional local privacy requirements that the Company may need to adhere to.

This Policy applies to all Personal Data processed by DDI related to employees of DDI resident in the EEA whether in electronic or tangible format.

3. Definitions

  1. Agent. “Agent” means any third party that processes Personal Data under the instructions of and solely for DDI or to which DDI discloses Personal Data for use on its behalf.
  2. Data Subject. “Data Subject” is a natural person resident in the EEA who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity. For purposes of this Policy, Data Subject shall be restricted to any current and former DDI employees, including but not limited to, temporary and permanent employees, retirees, and other former employees as well as dependents of such employees.
  3. Personal Data (“Personally Identifiable Data”). “Personal Data” means any information or set of information in any form that relates to a Data Subject.
  4. Processing of “Personal Data”. Processing of “Personal Data” (“processing”) shall mean any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction
  5. Sensitive Personal Data. “Sensitive Personal Data” means Personal Data that reveals race, ethnic origin, political opinion, religious or philosophical beliefs, trade union membership, any information that concerns health or sex life, or information relating to the commission of a criminal offense.
  6. Third Party Agent. “Third Party Agent” shall mean any natural or legal person that is not a subsidiary, employee or director of Development Dimensions International or its subsidiaries.

4. Principles

  1. Notice.  DDI shall inform Data Subjects that it participates and subjects itself to the Principles of the Privacy Shield program, the purpose for which it collects and uses Personal Data and the types (or identity) of Third Party Agents to whom the Company discloses or may disclose that Personal Data. DDI will provide notice in clear and conspicuous language when Data Subjects are first asked to provide Personal Data to the Company, or as soon as practicable thereafter, and in any event before the Company uses or discloses the Personal Data for a purpose other than that for which it was originally collected.
  2. Choice. DDI collects Personal Data about its employees for human resources or compliance related functions, including, without limitation, recruiting, onboarding, performance appraisals and payroll or benefit distribution. If DDI intends to use Personal Data for purposes outside of the Company’s human resources related functions (such as marketing communications) and (i) discloses Personal Data to a Third Party or (ii) uses the Personal Data for a purpose other than the purpose for which it was originally collected or subsequently authorized by the Data Subject, the Company will offer the Data Subject the opportunity to affirmatively or explicitly consent (opt-out) whether their Personal Data is (1) to be disclosed to a Third Party or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the Data Subject.
  3. Accountability for Onward Transfers. Prior to disclosing Personal Data to a Third Party, DDI shall notify the Data Subject of such disclosure and allow the Data Subject the choice to opt-out of such disclosure unless the disclosure meets an employment requirement or is made to an Agent. DDI shall enter into contracts to ensure that any Third Party to whom Personal Data may be disclosed is aware of and adheres to the Principles or is subject to law providing the same level of privacy protection as is required by the Principles and agrees to provide an adequate level of privacy protection. The Company shall also, upon notice, take reasonable and appropriate steps to stop and remediate unauthorized processing by third party agents and agrees to provide a summary or a representative copy of the relevant privacy provisions of its contracts with agents of the DOC upon request.

    The storage by Company of Personal Data on servers and/or on software made available or hosted by Third Party vendors shall not be considered disclosures of Personal Data to a Third Party so long as the Third Party vendor does not have direct access to the Personal Data stored or hosted. In all events, DDI shall ensure by contract that any such Third Party vendor (a) is aware of the Principles or (b) is subject to laws providing the same level of privacy protection as is required by the Principles or (c) has contractual safeguards in place to protect the Personal Data.
  4. Security. DDI takes reasonable and appropriate administrative, technical and physical measures to protect the confidentiality, integrity and availability of Personal Data, whether in electronic or tangible, hard copy form. DDI shall take reasonable steps to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction.
  5. Data Integrity and Purpose Limitation. DDI limits the collection, use and retention of Personal Data to that which is germane for the intended purposes for which it was collected or authorized by the Data Subject and takes reasonable steps to ensure that all Personal Data is reliable, accurate, complete and current. DD depends on its employees to keep Personal Data reliable, accurate, complete and current and will rely on its employees to maintain the integrity of all Personal Data they provide to the Company. The Company shall also adhere to the Principles for as long as it retains such Personal Data.
  6. Access.  DDI shall allow Data Subjects to access their Personal Data and to correct, amend or delete inaccurate information or information that is processed against the Principles, except (i) where the burden or expense of providing access would be disproportionate to the risks to the privacy of the Data Subject in the case in question, (ii)  for requests which are manifestly abusive, based on unreasonable intervals or their number or repetitive or systematic nature, or  (iii) where the rights of persons other than the Data Subject would be violated.

    DDI is not required to identify the sources of Personal Data when such identification is not possible through reasonable efforts, or where the rights of persons other than the affected Data Subject would be violated. If there are compelling grounds to doubt the legitimacy of a Data Subject’s request for rectification, amendment or deletion of his or her Personal Data, DDI may require further justifications before performing the Data Subject’s request. DDI is not required to notify Third Parties to whom the Personal Data has been disclosed of any rectification, amendment or deletion when such notification involves a disproportionate effort or unreasonable burden
  7. Recourse, Enforcement, and Liability. DDI uses a self-assessment approach to assure compliance with this Policy and periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, is disseminated to its employees, is completely implemented and accessible and is in conformity with the Principles set forth in this Policy. DDI encourages interested persons to raise any concerns using the contact information provided below and will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of Personal Data in accordance with the Principles. In addition, DDI has agreed to cooperate with the European Data Protection Authorities for the purpose of handling any unresolved complaints regarding Personal Data concerns. Data Subjects (employees) may engage their local Data Protection and/or Labor Authority concerning adherence to the Principles and the Company shall respond directly to such authorities with regard to investigations and resolution of complaints.

5. Limitation on Scope of Principles

DDI adheres to the Principles except, as required or allowed by law, to meet legal, governmental, law enforcement or national security obligations, or to protect the health or safety of an individual.

6. Changes to this Policy

This Policy may be amended consistent with the requirements of Privacy Shield. When DDI updates the Policy, it will also revise the “Last Updated” date at the bottom of this document. Any material changes to this Policy will also be posted on DDI intranet.

Complaints Resolution

In compliance with the Privacy Shield Principles, DDI commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact DDI at:, by phone at +1-412-376-5803, or by postal mail sent to:

Attn: DDI Data Protection Officer
1225 Washington Pike
Bridgeville, PA 15017

DDI has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of the employment relationship.

If your complaint involves human resources data transferred to the United States from the EU in the context of the employment relationship, and DDI does not address it satisfactorily, DDI commits to cooperate with the panel established by the EU data protection authorities (DPA Panel) and to comply with the advice given by the DPA panel with regard to such human resources data.

7. Contact Information

Questions or comments regarding this Policy or DDI Personal Data processing practices can be mailed or emailed to:

Attn: DDI Data Protection Officer
1225 Washington Pike
Bridgeville, PA 15017

Effective Date:  November 23, 2016
Last Updated:  May 21, 2018

Talk to an Expert: HR Privacy Shield Data Privacy Policy
* Denotes required field
Consent to DDI Marketing *

I consent to DDI emailing me, collecting my personal data, and processing that information in the provision of services and for the purposes of marketing and research. I am aware of my rights and the ways in which my data will be used as referenced in DDI’s Data Privacy Policy. I am aware I have the right to revoke this consent at any time.

Please enter the number this image
 Security code