ESAC Program Overview

Privacy Policy

TRUSTe online privacy certification(Updated 12/1/16)

Your privacy is extremely important to us at the Employer Services Assurance Corporation (ESAC), and we're committed to protecting and maintaining the confidentiality and security of the information that you provide to us. This privacy policy applies to and owned and operated by ESAC.

As part of its privacy policy, ESAC will notify users of:

  • What personally identifiable information ESAC collects;
  • What personally identifiable information third parties collect through the website.
  • How ESAC uses the information;
  • With whom ESAC may share user information;
  • What choices are available to users regarding collection, use and distribution of the information;
  • What measures ESAC takes to protect the information under its control; and
  • How users can correct any inaccuracies in the information.

If you have questions or concerns regarding this statement, please contact ESAC by sending an e-mail to

This privacy policy describes the information we collect about you and what may happen to that information. We have prepared a detailed policy because we believe you should know as much as possible about ESAC's practices so you can make an informed decision about submitting information for the accreditation process. Please review this privacy policy posted on the ESAC site from time to time, as it may be amended without notice for some changes (for example, minor changes not affecting personally identifiable information). We will always post our most current privacy policy on the ESAC site. Minor changes to our privacy policy will be effective upon such posting. By using the ESAC site, you consent to the use of your information as expressed in this privacy policy.

Notwithstanding the above provisions, ESAC agrees to not resell, trade or rent any of your personally identifiable information to any third party. Your personal information may be shared with third parties only in the ways that are described in this privacy policy.


Visiting the ESAC Site:
The ESAC site collects two kinds of information: (i) information that identifies you or your company (collectively, "Personally Identifiable Information"); and (ii) information that does not identify any person or company (such as browser type, operating system type, access time and page views) (collectively, "Non-Personally Identifiable Information"). As a general policy, only Non-Personally Identifiable Information is automatically collected from your visit to the ESAC site.

Information Collected During the Application and Accreditation Process:
If you choose to apply for accreditation, you will be asked to provide us with certain specific information about yourself and/or your company currently collected offline. This information will include (i) contact information such as your name, phone number, fax number, mailing/e-mail address, and your company's name, phone number, fax number, mailing/e-mail address and primary contact person (collectively, "Contact Information"); and (ii) information about your company’s policies, procedures, operations and staff as they pertain to the financial, ethical and operational standards required for accreditation (collectively, "Business Information"). During the application process and initial accreditation process, we will only share your Contact Information and Business Information with the ESAC staff and service providers that are involved in verifying your company’s compliance with the accreditation requirements. None of these individuals will be employed by or own a financial interest in any other company in the same or similar business as your company, and all of these individuals will have executed a non-disclosure confidentiality agreement with respect to information provided to them by ESAC. Your Contact Information and Business Information will only be shared with Independent Directors on the ESAC Board of Directors if it is determined by ESAC staff and service providers that, in their opinion, your company is in compliance with the requirements for accreditation. These Directors also will have executed a non-disclosure confidentiality agreement similar to the agreement executed by ESAC staff. You will be invited to be present or to send a representative when your application is discussed by the ESAC Independent Directors. You also have the right to request the recusal of any Director that you believe has a conflict of interest with you or your company. ESAC will not share your Business Information with any Director that has been recused at your request. If the ESAC Independent Directors approve your company for accreditation, ESAC will make a press release and update the ESAC site identifying by company name, address, phone number and website address the fact that your company is now accredited, but no other Contact Information or Business Information will be released to the public without your express written permission. ESAC will also make available your company’s Contact Information and Business Information to any state and federal regulator to whom you have authorized access to such information on the ESAC site as part of your request to take advantage of ESAC’s alternative registration/licensing compliance program as approved by that state or federal agency. It will be your responsibility to notify ESAC of your desire to cancel any such access to this confidential information.

The Internet service provider that hosts our website will have a site administrator with the ability to access all such information as part of website maintenance, but this company and its programmers have signed a non-disclosure agreement with us. We will maintain your Contact Information and Business Information in our secure and protected information databases as long as you maintain the accreditation. If you or we terminate your accreditation application or your accreditation status for any reason, we will deactivate this information unless you submit a written request that we retain this information pending future accreditation actions.

If you wish to take advantage of a voluntary and free subscription to the ESAC Edge, ESAC's e-newsletter, your e-mail address will only be used to send newsletter issues to you. If you wish to opt-out of receiving the ESAC Edge, please follow the unsubscribe link within the welcome e-mail or in the footer of each newsletter OR you may e-mail us at to have your e-mail address removed.

We do not resell, trade or rent any of your personally identifiable information to anyone.

Non-Personally Identifiable Information:
We may aggregate Non-Personally Identifiable Information to create statistical data, which will be used to help analyze site traffic and improve our services. We may also use such aggregated information to describe ESAC's website services to potential partners or other third parties. At no point, however, will the aggregated information identify you, your business or your clients.


We reserve the right to disclose any Personally Identifiable Information or Non-Personally Identifiable Information if required to do so by law or if we believe that such action is necessary in order to (i) conform with the requirements of the law or to comply with legal process served on ESAC; (ii) to protect or defend the legal rights or property of ESAC, the ESAC site, or its users; or (iii) in an emergency to protect the health and safety of ESAC's website users or the general public.


Technologies such as cookies, beacons, tags and scripts are used by ESAC and our analytics and programming service providers. These technologies are used in analyzing trends, administering the site, tracking users' movements within the site and gathering demographic information about our user base. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.

We use cookies to remember user settings. Users can control the use of cookies at the individual browser level. If you reject cookies, you may still use our site, but your ability to use some features or areas of our site may be limited, including the application section of the ESAC site which will not function properly if you refuse to accept a cookie or choose to disable your cookies setting. The only information that will be stored in permanent cookies created by the ESAC site is the Applicant ID information that the ESAC site assigns to you. The session cookies will only store the Session ID for your visit.


As is true of most websites, we gather certain information automatically and store it in log files. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data.

We use this information, which does not identify individual users, to analyze trends, to administer the site, to track users’ movements around the site and to gather demographic information about our user base as a whole. We do not link this automatically-collected data to personally identifiable information.


The ESAC site may contain links to other sites, including websites of certified firms and service suppliers that are not maintained by ESAC. We cannot guarantee the security of your Personally Identifiable Information on those sites. Please review their privacy policy before submitting any Personally Identifiable Information to such websites.


Our website includes social media widgets, such as the Share this button or interactive mini-programs that run on our site. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our site. Your interactions with these features are governed by the privacy policy of the company providing it.


We have security measures in place to protect against the loss, misuse and alteration of the information under our control, both online and offline.

The ESAC site operates secure data networks protected by industry standard firewall and password protection systems. We use a reputable third party company for 128-bit encryption of data being sent via the Internet between the browser and our servers. The servers on which we store your personally identifiable information are kept in a secure environment using industry-standard back-up and security procedures and protections.

All application, accreditation and user information is restricted in our offices. Only employees who need the information to process your accreditation or provide the Services are granted access to personally identifiable information. All employees have been verified as having a history of honesty and trustworthiness and have signed a non-disclosure agreement prohibiting the unauthorized disclosure, use or distribution of any client or user-related information. Furthermore, all employees are kept up-to-date on our security and privacy policies and practices and on the importance of maintaining and working with all client information in a secure and confidential manner.

Access to ESAC's office is restricted after normal business hours with security cards required for entry into the building and keys required for office access. The building is also equipped with security cameras and a burglar alarm system and has a security guard on the premises after normal business hours and on weekends.

Although we strive to protect our users' personally identifiable information and privacy, please be advised that we cannot guarantee that the security precautions we take will prevent third parties from illegally obtaining your information. However, our procedures provide you with authentication, confidentiality, and data integrity that meets established industry standards.

Be advised that anyone providing a testimonial will have their name, title and possibly the name of their company displayed for public viewing. If you wish to update or delete your testimonial, you can contact us at


If another entity acquires us or all or substantially all of our assets, your Contact, Business Information, Non-Personally Identifiable Information and any other information about your business that we have stored in our databases will be transferred to such entity as one of the transferred assets, but ESAC agrees that any such transfer will continue to be subject to this or an equivalent privacy policy to be legally binding on the acquiring party and its assigns. If, as a result of this transfer, users' personally identifiable information is to be used in a manner different than that stated at the time of collection, users will have a choice consistent with our 'Notification of Changes' section below.


If we decide to change our privacy policy, we will post those changes to this privacy policy on the ESAC site and other places we deem appropriate so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. We will use information in accordance with the privacy policy under which the information was collected. If, however, we are going to use users' personally identifiable information in a manner different from that stated at the time of collection we will notify users via e-mail prior to the change becoming effective. Users will have a choice as to whether or not we use their information in this different manner. However, if users have opted out of all communication with the site, or deleted/deactivated their account, they will not be contacted nor will their personally identifiable information be used in this new manner.


We will retain your information for as long as needed to provide you services. If you wish to terminate your accreditation or request that we no longer use your information to provide you services contact us at We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.


Each participating user can access and update their personally identifiable information online. Each participating firm also has one or more designated account administrators that can add or delete users and access and update the information of the participating firm and that of all of its users.

Also, if you wish to (i) change or modify any of the information you have provided to us, (ii) terminate your accreditation process or accreditation status, or (iii) ask us questions about this privacy policy, please contact us by e-mail at, by phone at 501.219.2045, or by mail or delivery service at One Financial Centre, 650 S. Shackleford Road, Suite 327, Little Rock, AR 72211-3503. We will respond to your request within a reasonable time frame.