Privacy | FPS Inc

Privacy Policy

1. INTRODUCTION

Full Potential Solutions, LLC and its affiliates (collectively, "FPS," "we," "us," or "our") are committed to protecting the privacy and security of personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you:

Visit our website (www.fpsinc.com) and any related websites we operate
Use our services as a client
Interact with us as a business partner or vendor
Apply for employment with us
Communicate with us through any channel

This Privacy Policy applies to all personal data processing activities where FPS acts as a data controller. When we process personal data on behalf of our clients as a data processor, such processing is governed by our agreements with those clients and their privacy policies.

2. ABOUT FULL POTENTIAL SOLUTIONS

Full Potential Solutions is a leading Business Process Outsourcing (BPO) company providing comprehensive services including:

Customer service and support
Technical support and help desk services
Back-office operations
Data processing and management
Sales and marketing support
Financial and accounting services

We operate globally with offices and operations in:

United States (Headquarters)
Philippines
India
Colombia

3. DATA CONTROLLER INFORMATION

Full Potential Solutions, LLC
2001 NE 46th Street
Kansas City, MO 64116
United States
Email: privacy@fpsinc.com
Phone: 1-833-4700-377

Data Protection Officer
Email: dpo@fpsinc.com
Phone: 1-833-4700-377

EU/UK Representative (Article 27 EU GDPR/ UK GDPR)

EU Representative:

Rickert Rechtsanwaltsgesellschaft mbH
- FPS Innovation Labs Private Limited -
Colmantstraße 15
53115 Bonn
Germany

Email: art-27-rep-fps@rickert.law

UK Representative:

Rickert Services Ltd UK
- FPS Innovation Labs Private Limited -
PO Box 1487
Peterborough
PE1 9XX
United Kingdom

Email: art-27-rep-fps@rickert-services.uk

4. PERSONAL DATA WE COLLECT

We collect different types of personal data depending on your relationship with us. No personal data is processed for analytics or marketing purposes on our website. The following sections describe the categories of data, purposes and legal bases of processing.

4.1 Website Visitors

When you visit our website, our system automatically processes certain information that is necessary to display the website and ensure its stability and security.

Technical Data: IP address, browser type and version, operating system, device information, URL of the requested page and previously visited page (referrer), and similar log file data.
- This data is required in order to: deliver the website correctly, ensure system security and stability, detect and rectify technical errors.
- Processing is carried out on the basis of legitimate interest (Art. 6 (1)1 lit. f) GDPR), in a secure and functional website as described in Section 6.2).

Location Data: Approximate geographic location based on IP address
- No further evaluation or assignment to individual persons takes place.
- The legal basis for processing is our legitimate interest (Art. 6 (1)1 lit. f) GDPR) in ensuring the security and availability of our website and services, network and information security as described in Section 6.2).

No analytics or marketing cookies:

We do not use cookies or similar tracking technologies on our website for the purpose of analyzing user behavior, creating user profiles or conducting marketing campaigns.

Retention and recipients (website data):
Server log files and related technical data are stored only for as long as necessary for the purposes described above unless a longer storage is required in individual cases (e.g. threatened or assertion of legal claims). The data may be processed by our hosting and IT service providers as described in Section 8.2, who act as processors on our behalf and are contractually bound (Art. 28 GDPR).

When you voluntarily provide information through forms for example, contact forms or inquiry forms), we process the following categories of data:

Contact Data: Full Name, email address, phone number, company name, job title, provide free text information
Communication Data: The content of your messages, inquiries, feedback, survey responses
We process your contact and communication data in order to handle your inquiry, respond to your request, and manage any resulting correspondence. Where your request is related to the initiation or performance of a contract, the legal basis is contract performance (Art. 6 (1) 1 lit. b) GDPR), see Section 6.1). In other cases, processing is based on our legitimate interest in effectively handling incoming inquiries and correspondence (Art. 6 (1) 1 lit. f) GDPR/ UK GDPR), internal administration and improving our services as described in Section 6.2).
Marketing Data: Newsletter subscriptions, communication preferences

We store inquiries and related communication data only for as long as necessary to process your request and in accordance with statutory retention periods (e.g. commercial or tax law), where applicable.

4.2 Clients and Business Partners

For clients, prospective clients and business partners, we process personal data that is necessary to establish, perform and manage the business relationship.

Business Contact Data: Name, job title, employer, business email, business phone
Account Data: Company information, service requirements, contract details
Financial Data: Billing information, payment details, credit references
Communication Data: Emails, meeting notes, service requests, feedback
Compliance Data: Due diligence information, KYC documentation
The legal basis for this is:
- Performance and administration of contractual relationships with clients and business partners, including pre-contractual measures ((Art. 6 (1) 1 lit. b) GDPR/ UK GDPR), contract performance, see Section 6.1)).
- Compliance with legal obligations, such as accounting, tax or anti-money-laundering requirements ((Art. 6 (1) 1lit. c) GDPR/ UK GDPR), legal obligations, see Section 6.3)
- Our legitimate interests in maintaining and developing business relationships, documenting correspondence, business development and internal administration ((Art. 6 (1) 1 lit. f) GDPR), legitimate interests as described in Section 6.2, including business development, internal administration and legal claims management).
- Retention (clients and partners): We retain client and business partner data for the duration of the business relationship and thereafter in accordance with statutory retention periods (in particular commercial and tax law retention obligations) and, where necessary, for the period required to establish, exercise or defend legal claims.

4.3 Job Applicants

When you apply for a position with us, we process your personal data as part of our recruitment process.

Identity Data: Name, date of birth, gender (if provided), photograph, government ID numbers
Contact Data: Personal address, email, phone numbers
Professional Data: Resume/CV, work history, education, certifications, references and other information you choose to share with us.
Assessment Data: Interview notes, test results, background check information where legally permissible and appropriate.
Diversity Data (Optional): Optional demographic information for equal opportunity monitoring to the extent permitted by applicable law.
Processing of applicant data is carried out for the purpose of conducting the recruitment process and making a decision on the establishment of an employment relationship. The legal basis is contract performance / steps prior to entering into a contract ((Art. 6 (1) 1lit. b) GDPR), see Section 6.1) and, where applicable, Art. 88 GDPR in conjunction with the relevant national employment and data protection laws.
Diversity data is collected only on a voluntary basis and, where it qualifies as special category data (e.g. information revealing racial or ethnic origin), only on the basis of your explicit consent (Art. 6 (1) 1 lit. a), Art. 9 (2)(a) GDPR – see Section 6.4). These data are used exclusively for equal opportunity and diversity monitoring and are not used in the selection decision.
Retention (applicants):
If no employment relationship is established, we generally retain your application data only for the duration of the recruitment process and a subsequent retention period necessary to defend against potential legal claims, unless you have given consent to a longer retention (e.g. inclusion in a talent pool), or statutory retention obligations require a longer storage.

4.4 Service End Users (Processed on Behalf of Clients)

When providing BPO services to our clients, we may process personal data of end users, customers or other individuals on behalf of our clients.

This may include, depending on the specific services:
Customer contact information
Transaction data
Account information
Communication records (e.g. email correspondence, call records, service requests)
Other data as directed by our clients

Note: In this case, we act as a data processor, and our clients remain the data controllers.

We process the personal data of service end users solely on the documented instructions of our clients and in accordance with a data processing agreement (DPA) (Art. 28 GDPR). The legal basis for the processing is determined by our clients as controllers (typically contract performance, legal obligations and/or legitimate interests as set out in Sections 6.1–6.3).

Our clients remain responsible for providing the necessary information to the end user (Art. 13 and 14 GDPR) and for ensuring that there is a valid legal basis for the processing.

We implement appropriate technical and organizational measures to protect such data in accordance with the contractual agreements and applicable data protection laws

5. HOW WE COLLECT PERSONAL DATA

We collect personal data in the following ways, depending on your relationship with us (as described in Section 4). All collection methods respect data protection principles, including lawfulness, fairness and transparency.

5.1 Direct Collection

We collect personal data directly from you or your authorized representatives when you provide it voluntarily

Through our website forms and portals (e.g. contact forms, service requests, account management).
When you contact us via email, phone, or mail
During business meetings and events
Through employment applications (e.g. CVs, cover letters, interview details).
Via contracts and business agreements

5.2 Automatic Collection

Our systems automatically collect limited technical data necessary for website functionality and security (no behavioral tracking or analytics):

Server logs (IP address, browser type, device information, pages accessed, timestamps – see Section 4.1). This occurs without cookies or tracking technologies.
Security monitoring systems

6. LEGAL BASIS FOR PROCESSING

We process personal data based on the following legal grounds under the GDPR which apply to the different processing activities described in Section 4:

6.1 Contract Performance

We process personal data where this is necessary for the performance of a contract with you or for taking steps at your request prior to entering into a contract (Art. 6 (1) 1 lit. b) GDPR).

This includes in particular:

Providing our services to clients
Managing employment relationships including recruitment decisions, onboarding and ongoing HR administration (see Section 4.3).
Fulfilling contractual obligations

6.2 Legitimate Interests

We process personal data where this is necessary for the purposes of our legitimate interests or those of a third party, and where such interests are not overridden by your interests or fundamental rights and freedoms (Art. 6 (1) 1 lit. f) GDPR).

These interests include in particular:

Business development and marketing (to the extent permitted without consent, e.g. B2B marketing and client relationship management).
Network and information security and maintaining a secure and functional website (see Section 4.1).
Fraud prevention
Internal administration and operations
Improving our services
Legal claims management

We conduct legitimate interest assessments to ensure our interests don't override your rights.

6.3 Legal Obligations

We process personal data where this is necessary to comply with legal obligations to which we are subject (Art. 6 (1) 1 lit. c) GDPR).

This includes in particular:

Tax and regulatory reporting
Anti-money laundering compliance
Court orders and legal proceedings
Health and safety requirements

6.4 Consent

We process personal data on the basis of your consent where required by law (Art. 6(1)(a) GDPR and, for special categories of data, Art. 9(2)(a) GDPR).

This includes in particular:

Marketing communications (where required)
Processing special categories of data

Please note: You may withdraw your consent at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

7. HOW WE USE PERSONAL DATA

We use personal data only for specified, explicit and legitimate purposes and do not process it in a way that is incompatible with those purposes, in line with the GDPR. The main purposes are set out below and correspond to the legal bases described in Section 6 and the data categories described in Section 4.

7.1 Service Delivery

We use personal data to provide and manage our services for clients and their end users.

This includes in particular:

Providing BPO services to clients
Managing service quality and performance
Customer support and issue resolution
Service improvement and innovation

These activities are generally based on contract performance (Section 6.1) and our legitimate interests in efficient service delivery and improvement (Section 6.2).

7.2 Business Operations

We use personal data to manage our internal business operations and relationships with clients, suppliers and partners.

This includes:

Account management and billing
Business planning and analysis
Vendor and partner management
Facilities and asset management
Corporate transactions (mergers, acquisitions)

These activities are based on contract performance (Section 6.1), our legitimate interests in running and developing our business (Section 6.2) and, where applicable, legal obligations (Section 6.3).

7.3 Marketing and Communications

We use personal data to communicate with clients, prospects and other contacts in a targeted and compliant way.

This includes:

Sending service information and updates
Marketing our services (with consent where required)
Event invitations and industry news
Responding to inquiries
Managing communication preferences

These activities are based on our legitimate interests in business development and client communication (Section 6.2) and, where applicable, your consent (Section 6.4).

7.4 Legal and Compliance

We use personal data to meet our legal and regulatory obligations and to protect our rights.

This includes:

Complying with legal obligations
Preventing fraud and financial crime
Protecting our legal rights
Risk management and insurance
Audit and compliance monitoring

These activities are primarily based on legal obligations (Section 6.3) and our legitimate interests in risk management and legal claims management (Section 6.2).

7.5 Security

We use personal data to ensure the security and integrity of our systems, data and premises.

This includes:

Protecting our systems and data
Preventing unauthorized access
Investigating security incidents
Maintaining business continuity

These activities are based on our legitimate interests in ensuring network and information security and business continuity (Section 6.2) and, where applicable, legal obligations relating to security (Section 6.3).

7.6 Employment

We use personal data of applicants and employees to manage the employment lifecycle in accordance with applicable employment and data protection law.

This includes:

Recruitment and hiring
Employment administration
Performance management
Training and development

These activities are generally based on contract performance / steps prior to entering into a contract (Section 6.1), relevant employment law provisions, our legitimate interests in effective HR management (Section 6.2) and, where necessary, consent for specific processing activities (Section 6.4)

8. DATA SHARING AND DISCLOSURE

We only share personal data with recipients who have a legitimate need to receive it, under appropriate legal bases and data protection safeguards such as data processing agreements (Art. 28 GDPR/ UK GDPR). All recipients are contractually bound to protect your data.

8.1 Within FPS Group

We share data among FPS entities for:

Service delivery coordination
Centralized administration (e.g. HR, finance, IT services).
IT and security management
Compliance and reporting

8.2 Service Providers

We share data only with carefully selected, contractually bound service providers acting as processors under data processing agreements (Art. 28 GDPR).

These include:

IT infrastructure and cloud services (AWS)
Host Provider
Communication tools (email, telephony)
Payment processing
Professional services (legal, accounting, consulting) (contract-related data only)

8.3 Clients

For BPO services, we share relevant data with our clients including:

Service performance metrics
Quality assurance reports
Operational data
Compliance certifications

Note: Clients remain responsible for their own data protection obligations toward their end users.

8.4 Business Transfers

In connection with any merger, sale of assets, or acquisition, personal data may be transferred to the relevant third party, subject to appropriate confidentiality agreements. We ensure GDPR-compliant data transfers and notify affected individuals where required.

8.5 Legal Disclosures

We may disclose personal data when required by or to protect legitimate interests:

Court orders or legal proceedings
Law enforcement agencies
Regulatory authorities
Government agencies
To protect our rights, property, or safety

8.6 With Your Consent

We may share data with other parties when you provide explicit consent. You may withdraw consent at any time.

9. INTERNATIONAL DATA TRANSFERS

As part of our business relationship, we may pass on or disclose your personal data to third-party companies. These companies may be located outside the European Economic Area (EEA), i.e. in third countries. Such processing is carried out exclusively for the purpose of fulfilling contractual and business obligations, and maintaining your business relationship with us. The legal basis for this is Art. 6(1)(b) or (f) in conjunction with Art. 44 et seq. GDPR). We will inform you of the details of the respective transfer in the relevant sections.

The European Commission has certified that the data protection standards of some third countries are comparable to those of the EEA. These countries are listed alongside the relevant adequacy decisions here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en. However, in other third countries to which personal data may be transferred, there may be a lack of legal provisions, resulting in an inconsistent level of data protection. In such cases, we ensure that data protection is adequately guaranteed. For example, this can be achieved through binding corporate rules or standard contractual clauses for the protection of personal data, as set out in Art. 46(1)(2)(c) of the GDPR.

As a global organization, we transfer personal data internationally.

We ensure appropriate safeguards for all transfers:

9.1 Transfer Mechanisms

For EU/EEA Data:

To USA: EU-U.S. Data Privacy Framework (we are in the process of certification)
To Philippines/India/Colombia: Standard Contractual Clauses (SCCs)
Adequacy Decisions: Where applicable

For UK Data:

To USA: UK Extension to EU-U.S. Data Privacy Framework
To Other Countries: UK International Data Transfer Agreement (IDTA) or UK Addendum to EU SCCs

9.2 Additional Safeguards

Encryption of data in transit and at rest
Access controls and authentication
Contractual obligations on recipients
Regular security assessments

10. DATA RETENTION

The data processed by us will be deleted or restricted in their processing, in compliance with the statutory provisions, in particular in accordance with Article 17 and 18 GDPR. Unless expressly stated in this privacy policy, we delete stored data as soon as it is no longer required for the intended purpose; server log files will be deleted after 30 days. Data will only be stored after the purpose has ceased to apply, if this is necessary for other and legally permissible purposes, or if the data must be stored due to statutory retention obligations. For example, a statutory retention obligation exists due to documentation obligations under tax and corporate law.

11. YOUR PRIVACY RIGHTS

11.1 Rights Under GDPR (EU/UK Residents)

You have the following rights free of charge against any person responsible for the processing of your personal data:

Right to withdraw your consent (Art 7 (3) GDPR)
Right of access (Art 15 GDPR)
Right of rectification and erasure ("Right to be Forgotten") (Art. 16 and 17 GDPR)
Right to restriction of processing on the processing of your personal data (Art. 18 GDPR)
Right of data portability (Art. 20 GDPR)
Right to object to the processing of your personal data at any time for reasons relating to your special situation (Article 21 GDPR);
Automated Decision-Making. Not be subject to purely automated decisions with legal effects.

You can assert claims under the GDPR against the individual controllers. Should you wish to contact us by e-mail, please use an address used to access our system so that we can identify you.

You also have the right to lodge a complaint with a supervisory authority, Article 77 GDPR. An overview of all data protection authorities in the EU, along with contact details, can be found at the following link: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en

UK residents can contact the UK Information Commissioner's Office; https://ico.org.uk/make-a-complaint/data-protection-complaints/

11.2 Rights Under Other Laws

California (CCPA/CPRA):

Right to know what personal information is collected
Right to delete personal information
Right to opt-out of sale/sharing
Right to non-discrimination
Right to correct inaccurate information
Right to limit use of sensitive personal information

Philippines (Data Privacy Act):

Right to be informed
Right to access
Right to object
Right to erasure or blocking
Right to rectification
Right to file a complaint
Right to damages
Right to data portability

Other Jurisdictions: Residents of other locations may have additional rights under local laws. Contact us for more information.

11.3 Exercising Your Rights

To exercise your rights:

Email: privacy@fpsinc.com
Phone: 1-833-4700-377
Mail: Privacy Team, 2001 NE 46th Street, Kansas City, MO 64116
Online Form: www.fpsinc.com/privacy-rights

We will:

Verify your identity before processing requests
Respond within 30 days (may extend by 60 days for complex requests)
Not charge a fee unless requests are manifestly unfounded or excessive
Provide reasons if we cannot fulfill a request

12. DATA SECURITY

12.1 Security Measures

We implement appropriate technical and organizational measures including:

Technical Measures:

Encryption (AES-256 at rest, TLS 1.2+ in transit)
Multi-factor authentication
Firewalls and intrusion detection systems
Regular security updates and patches
Access controls and privilege management
Data loss prevention tools
Regular vulnerability assessments

Organizational Measures:

Security awareness training
Confidentiality agreements
Access control policies
Incident response procedures
Vendor security assessments
Regular security audits
Clean desk policy

12.2 Certifications

PCI DSS Level 1 Compliance
SOC 2 Type II Certification
ISO 27001 (in progress)

12.3 Data Breach Response

In the event of a personal data breach:

We will notify affected individuals without undue delay where required
We will notify relevant supervisory authorities within 72 hours where required
We will document all breaches and actions taken
We will work to minimize any potential harm

13. CHILDREN'S PRIVACY

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information.

14. THIRD-PARTY LINKS

Our website may contain links to third-party websites.

Social Media:

You will find links to our profiles on various social networks on our website. You will only be redirected to the corresponding platform when you click on one of these links, where data about you (IP address, date, time and pages visited) may be collected.

Note for logged-in users: If you are logged into one of the social networks when you visit our website, the data collected can be directly assigned to your personal profile. To protect your privacy, we recommend that you log out of the relevant networks before visiting our website or clicking on the links. Please familiarize yourself with the privacy policies of the respective networks.

The following social networks are integrated into our site:

Facebook: Meta Platforms Inc. 1601 Willow Road Menlo Park California 94025, USA. Privacy Policy: https://www.facebook.com/privacy/policy

Instagram: Meta Platforms Inc. 1601 Willow Road Menlo Park California 94025, USA. Privacy Policy: https://www.facebook.com/privacy/policy

We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal data.

15. DO NOT TRACK SIGNALS

Some browsers offer a "Do Not Track" (DNT) signal. Currently, there is no industry standard for responding to DNT signals. Our website does not currently respond to DNT signals, but you can manage your tracking preferences through our Cookie Policy.

16. AUTOMATED DECISION-MAKING

We may use automated systems for:

Fraud detection and prevention
Website personalization
Marketing segmentation

You have the right to request human intervention, express your point of view, and contest decisions based solely on automated processing that produces legal or similarly significant effects.

17. MARKETING COMMUNICATIONS

17.1 Opt-In/Opt-Out

We will obtain your consent before sending marketing emails where required
You can opt-out of marketing communications at any time
Opt-out links are included in all marketing emails
You can manage preferences through your account or by contacting us

17.2 Types of Communications

Even if you opt-out of marketing, we may still send:

Service-related communications
Legal notices
Security alerts
Account information

18. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated effective date. Material changes will be communicated via:

Website notice
Email notification (for registered users)
For significant changes, we may seek renewed consent where required

We encourage you to review this Privacy Policy regularly.

19. COMPLAINTS

If you have concerns about our privacy practices:

Email: privacy@fpsinc.com
Phone: 1-833-4700-377

Supervisory Authorities: You may lodge a complaint with:

EU: Your local Data Protection Authority
UK: Information Commissioner's Office (ico.org.uk)
Philippines: National Privacy Commission (privacy.gov.ph)
California: California Attorney General (oag.ca.gov)

20. CONTACT INFORMATION

Privacy Team

Full Potential Solutions, LLC
2001 NE 46th Street
Kansas City, MO 64116
United States
Email: privacy@fpsinc.com
Phone: 1-833-4700-377

Data Protection Officer

Email: dpo@fpsinc.com
Phone: 1-833-4700-377

EU/UK Representative

EU Representative:

Rickert Rechtsanwaltsgesellschaft mbH
- FPS Innovation Labs Private Limited -

Colmantstraße 15

53115 Bonn

Germany

Email: art-27-rep-fps@rickert.law

UK Representative:

Rickert Services Ltd UK

- FPS Innovation Labs Private Limited -

PO Box 1487

Peterborough

PE1 9XX

United Kingdom

Email: art-27-rep-fps@rickert-services.uk

For Service-Related Processing

If your inquiry relates to data we process on behalf of our clients, please contact the relevant client directly, as they are the data controller for that processing.

APPENDIX A: GLOSSARY

Personal Data: Any information relating to an identified or identifiable natural person

Processing: Any operation performed on personal data (collection, use, storage, disclosure, deletion, etc.)

Data Controller: Entity that determines the purposes and means of processing personal data

Data Processor: Entity that processes personal data on behalf of a data controller

Data Subject: The individual to whom personal data relates

GDPR: General Data Protection Regulation (EU) 2016/679

SCCs: Standard Contractual Clauses for international data transfers

DPF: EU-U.S. Data Privacy Framework

APPENDIX B: SPECIFIC JURISDICTIONAL INFORMATION

California Residents

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Categories of Personal Information Collected: As described in Section 4

Sources: As described in Section 5

Business Purposes: As described in Section 7

Categories Sold or Shared: We do not sell personal information. We may share data for cross-context behavioral advertising (with opt-out available)

Sensitive Personal Information: Government ID numbers, account credentials, precise geolocation, racial/ethnic origin (optional, for diversity)

Retention: As described in Section 10

Rights: As described in Section 11.2

EU/UK Residents

Additional information for GDPR compliance:

Legal Basis: As described in Section 6

International Transfers: As described in Section 9

Automated Decision-Making: As described in Section 16

Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing

Philippines Residents

Under the Data Privacy Act of 2012:

Lawful Basis: Compliance with contract, legal obligation, legitimate interests, consent

Data Privacy Rights: As described in Section 11.2

National Privacy Commission: File complaints at https://privacy.gov.ph/