Jump to EU-US Privacy Shield Policy
At gOE, we take your privacy very seriously and will only use your information to administer your account and to provide you with the products and services you have requested from us. The processing of your personal data, such as your name, address, e-mail address, or telephone number shall always be in in the spirit of the General Data Protection Regulation (GDPR), comply with the EU-US Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework and operate in accordance with the country-specific data protection regulations applicable to The Group for Organizational Effectiveness, Inc.
This privacy notice describes how we collect, use, disclose and otherwise process personal data collected related to our Services and otherwise in the course of our business activities, including the information practices of the websites that link to this Privacy Notice (“Sites”).
Personal Information: For the purposes of this policy, when we refer to personal information, we usually mean any information about an identifiable individual. Depending on the jurisdiction in which we operate, this may include, for example, email addresses you have provided, contact details you have given in connection with an account with us, or such other information you have given us to receive information about or use our services.
Third party: Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Processing: Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, use, restriction, erasure or destruction.
Consent: Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
PERSONAL INFORMATION THAT WE COLLECT AND WHY WE COLLECT IT
Business Contact and Customer Relationship Management
We collect and maintain information about our Customers, which may include company name, business contact name and title, phone number, email and other contact details. We may also collect billing address, subscription and license information, and usage details.
Registration, Account Setup, Service Usage
In order to obtain an account to use some of our services, for example to use gOEbase, we need to store a valid email address and name associated with your account. You need to provide this information to enable us to provide you with the contracted services and to protect against unauthorized access to the services.
Customer Support and Service
When Customers contact us for support or other customer service requests, we maintain records related to the requests, including any information provided by Customers related to such support or service requests.
Logging: Like most websites, ours automatically receive and record information from your browser when you visit the site. Collected may be (1) your browser type and version used, (2) the operating system, (3) the website from which an accessing system reaches our website, (4) the date and time (so-called timestamp) of access to the Internet site, (5) an Internet protocol address (IP address), and (6) any other similar data and information that may be used in the event of attacks on our information technology systems.
When using these general data and information, The Group for Organizational Effectiveness, Inc. does not draw any conclusions about you. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, gOE analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
Cookies: Our websites use a technology called a “cookie.” A cookie is a piece of information that our webserver sends to your computer when you access a website.
The following types of cookies are used on our sites:
- strictly necessary cookies – These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies, the services you have contracted for cannot be provided. These cookies don’t collect information that identifies a visitor.
- performance cookies – Our Sites use Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website. Although GA records data such as your geographical location, device, internet browser and operating system, and an “anonymized” version of your IP address, none of this information can be connected to you.
It is important to note that gOE does not electronically process orders directly. We use reputable ecommerce companies to do this on our behalf using the latest in secure transmission technologies. It is very important for these companies to keep accurate purchase records. If you use a shopping cart at any of our sites, you will be asked to provide consent for your information to be processed. Immediately after you purchase one of our products our ecommerce partner will notify us and will pass your contact information (e.g. name, company name, postal address, email address, telephone and fax number) together with some limited purchase order information (e.g. purchase date, order reference number, product code, product name, quantity, price and any delivery options).
This data is used to enable us to email you with necessary product codes, to identify you in order to give you the full benefits of your purchase including free technical support and to enable us to set up a user account. For security purposes the IP address of this transaction may be recorded. Please note that we do not receive a copy of your actual payment details (such as credit card numbers or wire transfer details) and we do not make any of this information available to any third parties.
SUMMARY OF HOW WE USE YOUR INFORMATION
Having accurate information about you permits us to provide you with a smooth, efficient, and customized experience. To summarize, we may use information collected about you via the Sites to:
- Create and manage your account.
- Assist law enforcement and respond to subpoena.
- Compile anonymous statistical data and analysis for use internally.
- Email you regarding your account or order.
- Fulfill and manage purchases, orders, and payments through third party vendors, and other transactions related to the Sites.
- Monitor and analyze usage and trends to improve your experience with our products/services.
- Notify you of updates to our services/products.
- Prevent fraudulent transactions, monitor against theft, and protect against criminal activity.
- Resolve disputes and troubleshoot problems.
- Respond to product and customer service requests.
Our processing of your personal data is justified on one or more of the following legal bases:
- the processing is necessary to perform a contract with you or your employer or take steps to enter into a contract at your request;
- the processing is necessary for us to comply with a relevant legal obligation; or
- you have consented to the processing.
HOW YOUR INFORMATION IS STORED
Your data is always held securely. Access to customer information is strictly controlled. The customer database system is stored on a server hosted by a third party vendor in a GDPR-compliant manner and can only be accessed by people who need it to do their job. Certain data is additionally controlled and is only made visible to members of staff who have a reason to work with it.
WITH WHOM DO WE SHARE YOUR INFORMATION?
Except as described in this Policy, we will not intentionally disclose the personal information that we collect or store to third parties without your consent. We may disclose information to third parties in the following circumstances:
Law Enforcement, Legal Process and Compliance: We may disclose Personal Data or other information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a facially valid court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies.
If we transfer your personal information, we’ll take appropriate measures to protect your privacy and the personal information we transfer. gOE is liable for appropriate onward transfers of personal data to third parties. Should we need to transfer your personal information we will obtain assurances from the third parties that they will safeguard your personal information consistent with this Policy. If we learn that an agent is using or disclosing personal information in a manner that is contrary to this Policy, we will take reasonable steps to prevent or stop it.
RETENTION OF YOUR DATA
The Group for Organizational Effectiveness, Inc. will retain your information only for as long as is necessary for the purposes set out in this policy, for as long as your account is active or as needed to provide the Services to you. We will retain and use your information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your information to comply with applicable tax/revenue laws), resolve disputes, enforce our agreements, and as otherwise described in this policy.
Our policy is to remove personal information that is no longer necessary every 6 months.
YOUR DATA RIGHTS
We respect your privacy rights and provide you with reasonable access to the Personal Data that we process for your use of the Services.
You may benefit from a number of rights in relation to your information that we process. Some rights apply only in certain limited cases, depending on your location.
Depending on your location, you may also have certain additional rights with respect to your information, such as: (i) data access and portability (including the right to obtain a copy of your personal data you provided to The Group for Organizational Effectiveness, Inc.); (ii) data correction (including the ability to update your personal data by contacting us); and (iii) data deletion (including the right to have us delete your personal information, except information we are required to retain, by contacting us).
If you wish to access or amend any other Personal Data we hold about you, or to request that we delete or transfer any information about you, you may contact us as set forth in the “How to Contact Us” section.
Please note that any deletion of your Personal Data associated with your account will preclude The Group for Organizational Effectiveness, Inc. from being able to provide to you some or all of the features and functionality of the Service.
At any time, you may object to the processing of your Personal Data, on legitimate grounds, except if otherwise permitted by applicable law. If you believe your right to privacy granted by applicable data protection laws has been infringed upon, please contact us: firstname.lastname@example.org You also have a right to lodge a complaint with data protection authorities.
SECURITY OF YOUR INFORMATION
The security of your personal information is of upmost importance to us and we take numerous measures to ensure its security. These measures will be appropriate to the risks involved and the nature of the personal data. We know that this is important to you and it is also important to us.
We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. We maintain appropriate administrative, technical and physical safeguards to protect Personal Data against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal Data in our possession. This includes, for example, firewalls, password protection and other access and authentication controls. We encrypt all communications to and from our Sites as well as encrypt certain pieces of information (e.g. passwords) stored in our databases. In addition, your account information is protected by a password. It is important that you protect against unauthorized access to your account and information by choosing your password carefully and by keeping your password and computer secure, such as by signing out after using the Services.
However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. We cannot ensure or warrant the security of any information you transmit to us or store on the Service, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. If you believe your Personal Data has been compromised, please contact us as set forth in the “How to Contact Us” section.
Where you may have provided your consent, you have the right to withdraw your consent to our processing of your information and your use of the Services. You can choose to withdraw your consent to our processing of your information and your use of the Services at any time by requesting the deletion of your account or to request that your personal information be deleted, except for information that we are required to retain.
We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
MINOR AND CHILDREN’S PRIVACY
Protecting the privacy of young children is especially important. Our Service is not directed to children under the age of 18, and we do not knowingly collect Personal Data from children under the age of 18 without obtaining parental consent. If you are under 18 years of age, then please do not use or access the Service at any time or in any manner. If we learn that Personal Data has been collected on the Service from persons under 18 years of age and without verifiable parental consent, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 18 years of age has obtained an Account on the Service, then you may alert us at email@example.com and request that we delete that child’s Personal Data from our systems.
HOW TO CONTACT US
Please contact us with any questions or comments about this Policy, your Personal Data, our use and disclosure practices, or your consent choices by email at firstname.lastname@example.org.
US-EU AND SWISS-US PRIVACY SHIELD COMPLIANCE
The United States Federal Trade Commission (FTC) is the enforcement authority with jurisdiction over this compliance with the Privacy Shield.
These are our promises to you:
- Notice. We’ll give you timely and appropriate notice describing any personal information we’re collecting, how we’ll use it, and the types of third parties with whom we may share it.Information That We CollectCommunications with Us: When you send an email or submit a web contact form, including support requests for our Services, we may collect the personal information that you provide us and may use it in order to process your inquiries, respond to your requests and improve our Services. These contact forms require users to give contact information (such as name and email address). We use this contact information to send information about our products and services and/or to provide customer service.Account Information: When you register for a Service, we may ask for and save personal information such as your name, address, phone number and e-mail address. A third-party intermediary is used to manage credit card processing where applicable. This intermediary is not permitted to store, retain, or use your billing information for any purpose except for credit card processing on our behalf.By voluntarily providing us with Account Information, you hereby represent that you are the owner of such personal information or are otherwise authorized to provide it to us.Cookies/Tracking Technologies: Our websites may use a technology called a “cookie.” A cookie is a piece of information that our webserver sends to your computer (actually to your browser file) when you access a website. Then when you return to our site, it will detect whether you have one of our cookies on your computer. Our cookies may help provide additional functionality to the site and help us analyze site usage more accurately. For instance, our site may set a cookie on your browser that keeps you from needing to re-enter a password more than once during a visit to the site.Our sites may use a technology known as web beacons – sometimes called single-pixel gifs – that allow a site to collect web log information. A web beacon is a graphic on a web page or in an e-mail message designed to track pages viewed or messages opened. Web log information is gathered when you visit one of our websites by the computer that hosts our website (called a “webserver”). The webserver automatically recognizes some non-personal information, such as the date and time you visited our site, the pages you visited, the website you came from, the type of browser you are using (e.g., Internet Explorer), the type of operating system you are using (e.g., Windows), and the domain name and address of your Internet service provider. We may also include web beacons in promotional e-mail messages in order to determine whether messages have been opened.Our websites may use Internet Protocol (IP) Addresses. An IP Address is a number assigned to your computer by your Internet service provider so you can access the Internet. Generally, an IP address changes each time you connect to the Internet (it is a “dynamic” address). Note, however, that if you have a broadband connection, depending on your individual circumstance, it is possible that your IP Address that we collect, or even perhaps a cookie we use, may contain information that could be deemed identifiable. This is because with some broadband connections your IP Address doesn’t change (it is “static”) and could be associated with your personal computer. We use your IP address to report aggregate information on use and to help improve the website.Log Files: As is true with most websites and services, our servers gather certain information automatically and store it in log files. This information includes IP addresses, browser, referring/exit pages, operating system and click stream data as well as certain personal information such as user name, user email address and other information that may be included in open textual fields. Our application log files are subject to the same strict data security policies and procedures as apply to the application databases for our Services. We may combine this automatically collected log information with other information we collect about you. We do this to improve the Services that we offer you, to improve analytics or Website functionality.Social Media Integrations: Our Websites may include social media features, such as the Facebook Like button, and “widgets,” such as the Share This button. Use of these features is optional. These features may collect your Internet protocol address, which page you are visiting on our Websites, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party and your interactions with these features are governed by the privacy statement of the company providing it.
- Choice/Opt-out. We’ll give you choices about the ways we use and share your personal information, and we’ll respect the choices you make.gOE will offer individuals the opportunity to choose (opt-out) whether their personal information is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. To do this you may email us at email@example.com.Some communications (e.g. important account notifications) are considered transactional and are necessary for all gOE customers. These communications cannot be opted-out from while you maintain an account with us.
- Security. We’ll take appropriate physical, technical, and organizational measures to protect your personal information from loss, misuse, unauthorized access or disclosure, alteration, and destruction. These measures will be appropriate to the risks involved and the nature of the personal data. We know that this is important to you and it is also important to us.
- Data integrity and Purpose Limitation. We’ll take appropriate steps to make sure the personal information in our records is accurate and relevant.We will collect only as much of Your Information as we need for specific, identified purposes, and we won’t use it for other purposes without obtaining your consent. We will correct any personal information inaccuracies that you report to us.
- Access. Under the Privacy Shield principles, you have the right and option to review and correct any of Your Information that is inaccurate. We’ll provide ways for you to access your personal information, as required by law, so you can correct inaccuracies. To do so, please contact us at firstname.lastname@example.org. The Group for Organizational Effectiveness, Inc. may restrict access to personal data in exceptional circumstances where the legitimate rights of other persons would be violated or where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy or where access could reveal confidential commercial information.
Finally, as a last resort and in limited situations, individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.
We’ll regularly review how we’re meeting these privacy promises. The Group for Organizational Effectiveness, Inc. assesses annually that it’s policies comply with the Privacy Shield Principles and we have procedures for training employees about our obligations.
We will attempt to resolve any concerns you have promptly and fairly. To access your information, ask questions about our privacy practices, or issue a complaint, contact us at: email@example.com.
Last updated: January 5, 2022