Privacy Policy

Privacy Policy

Richard Fleischman & Associates (“RFA”), RFA UK, Limited, RFA S.a.r.l. is committed to the security of all personal data collected, stored and processed within RFA systems. RFA has developed this Privacy Policy (this “Policy”) to advise you of the ways in which RFA collects, uses, shares and protects your information. Any person accessing, browsing or otherwise using a website where this Privacy Statement is posted (a “Site”) either manually or via an automated device or program, is a “User” for purposes of this Policy.

RFA, together with RFA UK, Limited and RFA S.a.r.l., are hereinafter referred to as “RFA.”


RFA is committed to meeting all European Union General Data Protection Regulation (“GDPR”) requirements, and the California Consumer Protection Act (“CCPA”). RFA complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States.  RFA has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit

Personal Data We Collect

During the course of conducting business operations, RFA collects, stores and processes specific personal data including, but not limited to:

  • Personal information regarding current, former and prospective employees for the purposes of business operations, performing human resource administration, recruitment, and maintaining contact with the individual employees.
  • Personal information regarding current, former and prospective clients and their personal data for the purposes of providing services and support, maintaining client relationships, business operations and ongoing development of business activities.
  • Personal information regarding our third parties, including vendors and service providers, and their personnel for the purposes of managing and maintaining business operations and business relationships with third parties.
  • Personal information from publicly available resources in order to respond to inquiries or provide information related to business operations.

Collected personal data may include: names, work addresses, work email addresses, work telephone number(s), title, company name, general contact information.

How We Use Personal Data Collected

RFA uses the Information collected from Users to respond to Users’ questions and/or comments, market or provide products, services or information to Users, process Users’ purchases, or provide related account status to the applicable User. Personal information, non-personal information, and anonymous browsing information may be used to gather broad demographic information used in marketing, promotion, analytics, or similar activities. This information may be aggregated to measure the number of visits, average time spent, page views and other statistics about Users of a Site. RFA also may use this Information to monitor Site performance and to make a Site easier and more convenient to use. RFA also may use Information collected from its Users to enforce its agreements with Users, prevent fraud and other prohibited or illegal activities, for other legally permissible purposes and generally to ensure that RFA complies with applicable laws.

Sharing of Personal Data

RFA does not sell Personal Data to third parties. Personal Data will not be shared with third parties, except as provided below. We may disclose Personal Data to the following categories of recipients:

  •  external services providers;
  • subcontractors;
  • professional advisors;
  • public authorities and administrations;
  • clients or business partners of RFA;
  • affiliated companies of RFA.

RFA may disclose Personal Data in the following circumstances:

  • In the event of a legal request and/or investigation when, in our opinion, such disclosure is necessary to prevent crime or fraud, or to comply with any statute, law, rule or regulation of any governmental authority or any order of any court of competent jurisdiction;
  • If we outsource some or all of the operations of our business to third party service providers, as we do from time to time. In such cases, it may be necessary for us to disclose Personal Data to those service providers. Sometimes the service providers may process some Personal Data on behalf of and under the instructions of RFA. We restrict how such service providers may access, use, disclose, and protect that Personal Data;
  • In case of business transfers in the event of the sale or acquisition of companies, subsidiaries, or business units. In such transactions, Personal Data may be part of the transferred business assets but remain subject to the protections in any pre-existing privacy statement;

When we believe release is appropriate or necessary to conduct the company’s business, comply with the law, enforce or apply our policies and other agreements, or protect the rights, property or safety of RFA, our employees, or others.

In such circumstances, RFA ensures that Personal Data is kept secure from unauthorized access and disclosure. RFA commits to cooperate with EU data protection authorities (DPAs) and comply with the advice given by such authorities with regard to non-human resources data and human resources data transferred from the EU in the context of the employment relationship.

User Consent

With User consent, other than as set out above, Users will receive notice when personal information might go to third parties, and Users will have an opportunity to choose not to share the information.

Access, Change, Deletion of Data

Individuals whose personal information is covered by this Privacy Policy have the right to access the personal information that RFA maintains about them. Individuals may contact us to correct, amend or delete such personal information if it is inaccurate (except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to the individual’s privacy, or where the rights of persons other than the individual would be violated). Requests for access, correction, amendment or deletion should be sent to: Under certain conditions, there is the possibility for individuals to invoke binding arbitration.

Children’s Privacy Policy Protection

RFA’s Site is not directed towards children under 13 years of age, and RFA does not knowingly collect any information from children under 13 years of age through any Site. If you are under 13 years of age, you are not permitted to submit any information to RFA through any Site.


RFA’s Site has commercially reasonable security measures to protect against the loss, theft, misuse, and alteration of Information that is submitted to RFA and remains under RFA’s control. You should be aware, however, that RFA has no control over the security of other websites that you might visit or use, even when a link to those websites is available on or through the Site. If you share your Equipment or use Equipment that is accessed by the general public, remember to sign off and close your browser when you finish using the Site.

RFA makes no representations or warranties with regard to the sufficiency of its security measures. RFA shall not be responsible for any damages, including without limitation consequential damages, resulting from a lapse in compliance with this Policy as a result of a security breach or technical malfunction. Certain information may be transmitted to you by email. Although it is illegal to intercept or disclose such messages under U.S. Federal law, such transmissions are not secure. In addition, Users’ communications through a Site are, in most cases, viewed only by you and anyone to whom you address your message. As the operator of a Site, RFA may need to review or monitor your electronic mail and other communications through a Site from time to time as may be required by law. Therefore, you should not expect to have a right to privacy in any of your electronic communications through a Site.

In the event of a breach of the confidentiality or security of your personal information, RFA will notify you if reasonably possible and as reasonably necessary under applicable law so that you can take appropriate protective steps. RFA may notify you under such circumstances using the email address or addresses that it has on record for you. You should also take care with how you handle and disclose your personal information. RFA is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Please refer to the U.S. Federal Trade Commission’s website for information about how to protect yourself against identity theft.

Policy Modifications and Changes

RFA may update this Policy at any time by publishing an updated version here.

Rights of Third Parties

This Policy does not create rights enforceable by third parties.

Non-HR Data Recourse, Enforcement and Liability

In compliance with the Privacy Shield Principles, RFA commits to resolve complaints about our collection or use of your personal information.  EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact RFA at:

RFA has further committed to refer unresolved Privacy Shield complaints to the EU Data Protection Authorities (“EU DPAs”). If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit for more information. The services of the EU DPAs are provided at no cost to you.

With regards to personal information, or information collected in the context of an employment relationship, we will cooperate with the appropriate data protection authorities and comply with the advice of such authorities.

Personal Data will not be transferred to third parties outside of the categories of recipients and circumstances set forth in the Sharing of Personal Data section above. Under Privacy Shield, RFA is liable if its agent processes such personal information in a manner inconsistent with the Principles, unless RFA proves that it is not responsible for the event giving rise to the damage.

California Privacy Rights

If you are a California resident, note that RFA does not share or sell Personal Data to third parties. Under the CCPA law, you may request (a) a notice disclosing the categories and specific pieces of personal information collected about you during the preceding calendar year, and (b) that RFA delete any information collected. To request either or both of these actions, please submit your request using the instructions listed under the Information and Requests section below. 

RFA will not discriminate against you for exercising any of your CCPA rights. RFA will not deny you goods or services, charge different prices or rate for goods or services, provide a different level or quality of goods and services, or suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Information and Requests

For any information or requests concerning this Policy, please contact RFA using the below information.

Call: 212.867.4600



Legal Department – Privacy
330 Madison Avenue
19th Floor
New York, NY 10017