Privacy Policy

Effective Date: January 1, 2026
Last Updated: January 1, 2026

ForwardPEO (“we,” “us,” or “our”) is committed to protecting the privacy and security of the personal information we collect. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website forwardpeo.com or engage our consulting services. This policy is designed to comply with the New York Stop Hacks and Improve Electronic Data Security Act (NY SHIELD Act), as well as applicable federal and state privacy regulations.

1. Information We Collect

1.1 Information You Provide Directly

When you contact us, request a consultation, or engage our services, we may collect:

• Full name and job title
• Business name and address
• Email address and phone number
• Company size and industry information
• Current PEO provider details
• Payroll census data (employee counts, salary ranges, benefits enrollment) shared during the consulting engagement

1.2 Information Collected Automatically

When you visit our website, we may automatically collect:

• IP address and browser type
• Device information and operating system
• Pages visited and time spent on pages
• Referring website URL
• Cookies and similar tracking technologies

1.3 Sensitive Information

In the course of providing PEO consulting services, clients may share sensitive business data including employee Social Security numbers, salary information, benefits elections, and workers’ compensation records. We treat all such data with the highest level of care and security as required by the NY SHIELD Act.

2. How We Use Your Information

We use the information we collect to:

• Provide PEO comparison and consulting services
• Analyze your current PEO arrangement and recommend alternatives
• Communicate with you about our services, including follow-up consultations
• Respond to your inquiries and requests
• Improve our website and service offerings
• Comply with legal obligations

3. Data Security Safeguards (NY SHIELD Act Compliance)

In accordance with the NY SHIELD Act (N.Y. Gen. Bus. Law § 899-bb), ForwardPEO maintains reasonable administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of private information, including:

3.1 Administrative Safeguards

• Designation of an employee to coordinate our security program
• Identification of reasonably foreseeable internal and external risks
• Assessment of existing safeguards to control identified risks
• Employee training on security program practices and procedures
• Selection of service providers capable of maintaining appropriate safeguards, with contractual requirements to do so

3.2 Technical Safeguards

• Assessment of risks in network and software design
• Assessment of risks in information processing, transmission, and storage
• Detection, prevention, and response to attacks or system failures
• Regular testing and monitoring of key controls, systems, and procedures
• Encryption of private information transmitted over external networks and at rest

3.3 Physical Safeguards

• Assessment of risks of information storage and disposal
• Detection, prevention, and response to intrusions
• Protection against unauthorized access to or use of private information during or after collection, transportation, and disposal
• Secure disposal of private information within a reasonable time after it is no longer needed for business purposes

4. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following circumstances:

• With PEO Providers: When you authorize us to request quotes or proposals on your behalf, we share relevant business information with PEO providers under consideration. This is done only with your explicit consent.
• Service Providers: We may share information with trusted third-party service providers who assist us in operating our website and conducting our business, subject to confidentiality agreements.
• Legal Requirements: We may disclose information when required by law, subpoena, or other legal process, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5. Data Breach Notification

In compliance with the NY SHIELD Act (N.Y. Gen. Bus. Law § 899-aa), in the event of a breach of the security of the system involving private information, ForwardPEO will:

• Notify affected New York residents in the most expedient time possible and without unreasonable delay
• Provide notification to the New York State Attorney General, the Department of State, and the Division of State Police if more than 500 New York residents are affected
• Include in any notification the contact information for the person or business making the notification, the telephone numbers and websites of relevant state and federal agencies, and a description of the categories of information that were or were reasonably believed to have been accessed

6. Your Rights

You have the right to:

• Request access to the personal information we hold about you
• Request correction of inaccurate personal information
• Request deletion of your personal information, subject to legal retention requirements
• Opt out of marketing communications at any time
• Withdraw consent for data processing where consent is the legal basis

7. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your browsing experience. You can control cookie preferences through your browser settings. We use:

• Essential Cookies: Required for basic site functionality
• Analytics Cookies: Help us understand how visitors interact with our website
• Functional Cookies: Remember your preferences and settings

8. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Client engagement data is retained for a minimum of seven (7) years following the conclusion of services, in accordance with applicable business record retention requirements. After the retention period, data is securely disposed of in accordance with our data disposal procedures.

9. Children’s Privacy

Our services are directed to businesses and business professionals. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have collected such information, we will take steps to delete it promptly.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “Last Updated” date. We encourage you to review this Privacy Policy periodically. Continued use of our website or services after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, wish to exercise your rights, or need to report a data security concern, please contact us:

ForwardPEO
Isaac Attia, Founder
3521 Quentin Rd
Brooklyn, NY 11234
Email: isaac@forwardpeo.com
Website: forwardpeo.com

---

This Privacy Policy is provided as a framework for ForwardPEO’s data protection practices. ForwardPEO recommends periodic review by qualified legal counsel to ensure continued compliance with evolving privacy regulations.