Alight Privacy Policy
Last Updated: March 2024
Alight Solutions LLC is committed to protecting your privacy. This Privacy Policy ("Policy") explains how Alight Solutions LLC, our subsidiaries and affiliates (collectively, "Alight," "we," "our" or "us") collect, use and share your Personal Information when you access any website, mobile app or software application (the "Sites") administered by us or engage with us in business activities. This Policy applies to Personal Information collected in connection with your use of the Sites or when you interact with us in other communication channels such as via phone or email.
Personal Information means any information relating to an identified or identifiable individual.
This Policy applies to our internal colleagues, clients, client employees, prospective clients, job applicants, contingent workers, vendor or partner employees, and Site visitors.
Please note that the applicability of certain details of this Policy may vary depending on your relationship with us, where you reside, and, if applicable, the services Alight provides to you, your employer or plan sponsor or that are otherwise made available to you on your behalf or at the request of your employer or plan sponsor.
The following topics are covered below:
How does Alight collect your personal information?
We collect Personal Information about you when you interact with us, including when you visit and use the Sites. We also collect Personal Information about you from your employer, its service providers or otherwise publicly available sources. Alight also automatically collects information about the devices you use to interact with the Sites.
Data protection laws in different jurisdictions distinguish between “controllers” and “processors” of Personal Information. While other jurisdictions and laws use similar terminology, the concept remains the same. Alight may be a controller (meaning, the entity deciding over how Personal Information is being processed) or a processor (meaning, the entity that processes Personal Information on behalf of the controller), depending on the nature of the relationship with clients and/or individuals.
What type of information does Alight collect?
Depending on the Sites you visit, or the services Alight provides to you, we may collect information from or about you listed in the below categories including, but not limited to, the following:
- Identifiers, such as your name, alias, (business, professional or personal) email address, date of birth, (business, professional or personal) phone number or mobile number, (business, professional or personal) postal address, IP address or other unique online identifiers, username, password, account PIN, employee ID, driver’s license number, passport number or similar, financial information (such as bank account number or salary), insurance details, national identification number or other similar identifiers, employment history including previous employers and job titles/positions, background information (such as your academical and professional qualifications, education, details included in your CV/résumé (which might include details of any memberships or interests constituting sensitive personal information), and employment references, details about your immigration/visa status, criminal offence information and any other information you voluntarily provide. We may provide this information to our service providers, business partners, or third parties as required by law or as part of our service delivery offering to you.
- Information Subject to Protection under California Law, such as the Identifiers above, your signature, bank account number, and we may use our Service Providers to collect your credit card number or debit card number. We may provide this information to our service providers, business partners, or third parties as required by law.
- Characteristics of Protected Classifications, such as your racial or ethnic origin or sexual orientation. For more information, please see the “Sensitive Information” description below.
- Geolocation Data, but not your precise geolocation. We collect location information provided by a mobile or other device interacting with the Sites or associated with your IP address or other online or device identifier. We may provide this information to our service providers, business partners, or third parties as required by law or as part of our service delivery offering to you.
- Biometric Information. Alight does not collect or process Biometric Information for the purpose of unique identification of an individual.
- Audio, electronic, visual, thermal, olfactory, or similar information, we may collect voiceprints and other audio files of your voice, visual recordings such as in a webinar recording, CCTV when you are on our premises or a picture on an ID entry card.
- Sensitive Information related to life, health, financial details, physical characteristics and description, race, gender, marital status, sexual orientation, professional liability and workers compensation insurance programs, employee benefit program participation and coverage information, membership of a trade organization or union, or veteran/military status. We do not use or disclose your sensitive personal information for any purpose other than as permitted by applicable law. We may provide this information to our service providers, business partners, or third parties as required by law.
- Internet or other Electronic Network Activity Information when you access our Sites, we may automatically collect information about your devices, including, but not limited to, IP address, device type, browser type, browsing history, search history, geographic location and information regarding your interaction with our Sites. We may collect this information through the lawful use and deployment of cookies and other online tracking technologies as set forth in the Cookie Notice on the Site you visit. When using the Alight mobile application, we collect certain information from your device such as device make and model.
- Professional Information, such as date of hire, employment status, pay history, tax withholding information, performance records, leave information, and date of termination. We may provide this information to our service providers, business partners, or third parties as required by law or as part of our service delivery offering to you.
- User Profiles, we may aggregate the information that we collect about you or that your employer provides in order to provide you with information on the Sites, deliver and enhance the services we provide to you, and secure our Sites against fraud. We do not share or sell the user profiles that we create with third parties. We may provide this information to our service providers, business partners, or third parties as required by law or as part of our service delivery offering to you.
Where we collect and process sensitive information (as described above), and where applicable, we rely on one of the exceptions listed in Art.9(2) of the European Union's General Data Protection Regulation ("GDPR") to permit that processing, including the affected person's consent. Otherwise, we process your Personal Information as necessary for the performance of a contract, in compliance with our legal obligations or any other identified legitimate interest.
Your Choice to Provide Information: When you fill out a contact form, we may ask you to provide us with information such as name, contact information, company, job title, and country of residence. You may choose not to provide Personal Information to Alight by refraining from, among other things, using the Sites. You also may refrain from submitting information directly to us. However, if you do not provide personal information when requested, we may not be able to provide you with the full range of our products and services, or with information about our products and services, promotions, and other opportunities. Where you receive our services through your employer, we recommend that you contact your employer directly about the processing of your Personal Information.
How does Alight use your personal information?
We may use the Personal Information we collect for the following business purposes:
- To provide information and services requested by you or your employer;
- Provide services on behalf of your employer;
- To carry out employer, third party service provider, and user communications, services, billing and administration;
- To send you communications in accordance with the services provided by Alight to you on behalf of your employer;
- To provide you with information about our products and services in accordance with your marketing preferences (including calls and emails);
- To respond to customer service inquiries;
- To enable you to post your resume, search job postings, and contact or be contacted by prospective employers to the extent such activities are in accordance with our services;
- To implement third party services for us or behalf of your employer;
- To manage our everyday business needs and operations, such as administering and improving the Sites and our services;
- Undertake troubleshooting and detect malfunctions within the Sites and services we provide as well as improving user-experience;
- To prevent fraud, enforce our Terms of Use, comply with applicable laws and Alight's reporting obligations (including sharing information, where applicable, with statutory authorities, government institutions, law enforcement agencies and other official bodies), securing our Sites and your account and enforcing our agreements;
- To conduct processing necessary to fulfill other contractual obligations to your employer;
- To manage our internal operations.
If you are an Alight employee (full- or part time including a contractor), we may use your information to support HR administration and management including maintaining and processing records necessary to manage the employment or worker relationship.
Job Applicants
We use your information to manage all parts of the applicant administration process including evaluating resumes, interviewing, selecting and hiring staff and conducting background check investigations.
In certain circumstances, and to comply with applicable laws and regulations, we may need to collect, or request, some Sensitive Personal Information for legitimate recruitment-related purposes: for example, information about your racial/ethnic origin, gender and disabilities for the purposes of equal opportunities monitoring, to comply with anti-discrimination laws and for government reporting obligations; or information about your physical or mental condition to consider accommodations for the recruitment process and/or subsequent job role. For the most part, the provision of this information will be entirely voluntary, however, where the processing of this information is required, we will make this clear at the relevant time you may provide, on a voluntary basis, other Sensitive Personal Information during the recruitment process.
If you are accepted for a role or position at Alight, the information collected during the recruitment process will form part of your ongoing employee record and will be processed in accordance with our privacy policies.
We will not use your information for automated individual decision-making as contemplated under Article 22 of the GDPR.
Legal Basis for Processing your Personal Data: Your information will be processed by us in accordance with Alight's policies or as requested by your employer. We will process Personal Information only when we have a legal basis to do so. The legal basis we rely on will be one of the following:
- You have consented to the processing of your Personal Information, for example, when you applied to a job posting or agreed to receive marketing material;
- The processing is necessary to perform a contract with you, your employer or plan sponsor, or fulfill a request that you have made;
- The processing is necessary to comply with a legal obligation that applies to Alight; or
- The processing is necessary for purposes that are in Alight's legitimate interests, such as protecting the security of the Sites, conducting market research to improve our products and services, improving the functioning of the Sites, providing you promotional materials about products in which you have expressed an interest.
In order to process any special category of Personal Information under the GDPR (or similar laws and regulations), we rely on the consents that we or your employer obtain from you in order to provide you with the services or any other applicable basis for processing that applies to your employer.
If we intend to use Personal Information for a purpose other than the purpose for which we collected the data, we will provide you with information about this secondary purpose, the legal basis for processing and, where required, obtain your consent, before we engage in further processing.
When and to whom Alight discloses your information?
Your information may be disclosed for a variety of business purposes:
- With your consent or at your direction: We may disclose your Personal Information if you tell us or ask us to do so.
- With your employer: As part of the services we provide, we disclose your Personal Information to your employer if that organization is a customer of Alight. Certain enquiries or requests will always be responded directly by your employer instead of Alight.
- With our service providers: We may disclose your information to our service providers and contractors who perform services on our behalf but only if (a) your Personal Information is necessary for them to carry out such services and (b) those service providers and contractors are required to use any Personal Information they receive in accordance with Alight's instructions and pursuant to a data processing agreement that complies with the requirements of applicable data privacy law.
- With our business partners: We may provide your information to our business partners with whom we work to provide you with products and services or to perform one or more of the business purposes identified above. For example, this may include your employer, your employer-sponsored benefit plan, or a third business partner of your employer. We may also provide your information to our business partners as directed by you.
- In the event of corporate change or internal audits: We may disclose personal information to a successor to all or part of our business or in connection with a corporate merger; consolidation or restructuring; sale of substantially all of our stock and/or assets; or other corporate change, including, without limitation, during the course of any due diligence process. If necessary and legally required, we will obtain your separate consent in this regard. Disclosure may also be required for company audits or to investigate a complaint, security threat, privacy violation or any other breach of Alight internal policies.
- To comply with legal requirements: We will disclose your information (i) if we are required to do so by law or legal process, (ii) in response to lawful law enforcement authority or other government official requests, (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, (iv) in connection with an investigation of suspected or actual illegal activity including any legal proceedings or prospective legal proceedings in order to establish, exercise or defend our or a third party's legal rights or (v) as required for company audits or to investigate a complaint or security threat, privacy violation or any other breach of Alight internal policies.
- To companies within our corporate family: We may disclose your personal information to our corporate affiliates across the globe for organizational purposes based on a legitimate interest. To the extent that our corporate affiliates have access to your personal information, they will follow practices that are at least as restrictive as the practices described in this Policy, will use your information solely for the purpose for which it was provided, and will not further disclose your information.
We do not sell any personal information to third parties and have not done so for the past 12 months.
How does Alight protect your personal information?
Alight has implemented physical, technical, and administrative security safeguards, designed to protect personal information from loss, misuse, alteration, exfiltration, or destruction; taking into account the sensitivity of the information and the purpose for which it was collected. However, no method of data storage or transmission is 100% secure. You are responsible for maintaining the security of your password or other forms of authentication involved in accessing password-protected or secured Sites.
Alight’s technical and organizational security measures includes ISO 27001 certification and adherence to the EU Cloud Code of Conduct (ID: 2020LVL02SCOPE014).
Our Sites may contain links to other sites that are outside of our control and are not covered by this Policy. If you access other sites using the links provided, the operators of those sites may collect information from you which will be used by them in accordance with their own privacy policies. We encourage you to read the privacy policies on other websites you visit. Alight is not responsible for the content or privacy practices of linked sites or any use of those sites.
Data Retention
Unless provided otherwise in this Policy, we will retain your information for as long as your account is active or for as long as necessary for the relevant purposes of processing. We may also retain and use your information for longer periods in case it is necessary to comply with our legal obligations, resolve disputes, and/or enforce our agreements. To the extent possible, Alight will de-identify, or take reasonable steps to delete from its records, information no longer required for the purposes identified in this Policy, other than information which we are required by law to retain.
Your Rights
Depending on the nature of your relationship with Alight and where you reside, we provide you the ability to exercise your rights regarding our collection, use, storage, and sharing of your information. Please note that for some of these rights, we will need to verify your identity before we are able to respond to your request, including using commercially reasonable efforts to confirm your identity including by matching the information provided in your request with the information we have on file about you. Depending on the sensitivity of the information involved in the request, we may also utilize more stringent verification methods to protect against fraud and ensure your request is fulfilled in a transparent and secure manner.
To exercise any of the rights described below, you can complete the online form, or write to us at the address provided below (see “Contact Us” below), and we will respond as soon as possible in accordance with all applicable laws and regulations.
Right to Access and Data Portability: The right to access and data portability applies differently depending on where you live. If you are a California resident, you have a right to know the categories and specific pieces of Personal Information we have collected about you, including a description of the categories of sources from which we have collected that information, the business or commercial purpose for collecting or sharing that information, and the categories of third parties with whom we have shared that information. You may also designate an authorized agent to submit a request on your behalf by submitting proof of written authorization along with your request. If you are living within the European Economic Area (EEA), you have the right to obtain confirmation as to whether your Personal Information is being processed, and if so, the right to access your Personal Information. If we maintain your Personal Information, you can also request that we provide you a copy of your data in a structured, commonly used, and machine readable format and request the transfer of certain of your Personal Information to another party under certain conditions.
Right to Correct/Rectification: Regardless of where you live, you have a right to correct or amend the information we have about you.
Right to Non-Discrimination: We will not discriminate against individuals for exercising any of their data rights under applicable law. This means that if you exercise any of your rights in connection with your Personal Information, we will not deny you goods or services; charge you different prices or rates for goods or services; or provide different levels or quality of goods or services to you.
Right to Delete / Erasure: The right to delete / erasure also applies differently depending on where you live. If you are a California resident, you have a right to ask that we delete your information subject to appropriate exceptions. You may also designate an authorized agent to submit a request on your behalf by submitting proof of written authorization along with your request. If you live in the EEA, where the conditions provided by the applicable legislation are met, and subject to applicable law, you may request that we erase your Personal Information.
Right to Object to Processing: If you live in the EEA, you may object to the processing of your personal information in certain circumstances when we (i) process your information for the purposes of our legitimate interests, (ii) use your personal information for direct marketing; or (iii) use your personal information for statistical purposes.
Right to Restrict Processing: If you are located in the EEA, you have the right to request restriction of your Personal Information under certain circumstances
Right to Withdraw Consent: If you are located in the EEA, and when our legal basis for processing your information is your consent, you may withdraw your consent at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
California Notice of Sale: We do not sell the personal information of California residents, nor have we sold California resident personal information in the past 12 months. We have no actual knowledge of selling the personal information of minors under the age of 16.
Notice to Residents of Nevada: We do not sell any personal information we collect to any third parties. If we were to do so in the future, we will update this Statement, and provide Nevada residents with the opportunity to opt-out of the sale of their personal information.
Complaints: If you have concerns about the way in which we have handled your information, please contact us (see “Contact Us” below) so that we can try to resolve the issue. If you are located in the EEA, you also have the right to lodge a complaint with the supervisory authority applicable in the jurisdiction in which you are located, and with relevant judicial authorities.
If you live in Australia, you may complain to the Office of the Australian Information Commissioner. Contact details can be found at www.oaic.gov.au.
You can access, correct, update, and request deletion of your Personal Information via your online account, by telephoning the call center dedicated to your employer or plan sponsor, or by directing your query to your employer. We (or your employer, where applicable) will respond to your request within 30 days.
Alternatively, you may request assistance by submitting your request here. We may sometimes need to verify your identify before we fulfil your request.
In some circumstances, only your employer, and not Alight, may have the authority to update, correct, or delete your personal information. In these instances, please contact your employer directly. Otherwise, we will forward your request to your employer.
How can I opt-out of receiving messages?
Email: If you request electronic communications, such as an e-newsletter, you will be able to unsubscribe at any time by following the instructions included at the bottom of the email communication. However, you cannot opt-out of emails we are required to send as part of our ongoing relationship with you.
How does Alight use cookies and other tracking technology?
When you visit the Sites, we may place pieces of code, commonly referred to as "cookies," or similar technology on your device. To learn more about what cookies and related technology we use, please see our Cookie Notice.
Do Not Track: Some browsers have "do not track" features that allow you to tell a website not to track you. These features are not all uniform and we do not respond to those signals.
How does Alight protect children's privacy?
The Sites are intended for a general audience and are not directed at children under the age of 16. If you are under the age of 16 please do not provide personal information to us through the Sites. If we obtain actual knowledge that any information we collect has been provided by a child under the age of 16, we will promptly delete the information.
Does Alight transfer personal information to other countries?
Information that you provide to us may be stored on servers and with third-party service providers in the United States and other countries in which we do business and whose data protection laws may differ from the jurisdiction in which you live. When we transfer the personal information of users who are located in the EU to a location outside of the European Economic Area for processing, we use an approved transfer mechanism such as the European Commission approved standard contractual clauses. To learn more about the transfer mechanism that we use to effect such transfer, you may contact us at privacy.info@alight.com.
Notice to Residents of California
If you are a California resident, California law provides you with certain rights.
California Civil Code Section 1798.83 permits you to opt out of the disclosure of your personal information by Alight to third parties for those third parties' direct marketing purposes. We do not disclose your personal information to third parties for the third parties' direct marketing purposes unless you affirmatively agree to it. You may opt-out of this disclosure by contacting us at the information provided below.
If you are an employee of a client (i.e., your employer) receiving services from Alight, Alight receives your information on the Sites solely as a service provider of your employer. We only use your information for the purposes of completing a business purpose of our clients and do not use or disclosure your information except as necessary to accomplish the business purpose for which we received your information. In these circumstances, Alight's client remains primarily responsible for your information. As a result, if you were to make a request to know, access or delete your data pursuant to California Civil Code 1798.100 et seq., the California Consumer Privacy Act of 2018 ("CCPA"), we may re-direct that request to our client for response. If you are trying to exercise your CCPA rights, please contact your employer directly.
Alternatively, you may request assistance by submitting your request here. We may sometimes need to verify your identify before we fulfil your request.
Changes to this Privacy Policy
Please read this Policy from time to time as we may modify the Policy at any time in our sole discretion. The most current version of this Policy will be published on our Sites.
Contact Us
For assistance with your personal benefits or questions around your account, please click here to find your HR Website on alight.com. You can also contact your employer service center with any questions about your benefits account.
If you have any questions or concerns about Alight Solutions' use of your personal information or about this Policy, you can email us at privacy.info@alight.com. Our Data Protection Officer can also be reached using this email address.
You may also write to us at:
Alight Solutions
ATTN: Chief Privacy Officer
Legal Department
320 South Canal Street
50th Floor, Suite 5000
Chicago, Illinois 60606