Introduction
Morley Companies, Inc. is a corporation incorporated under
the laws of the State of Michigan, with its head office at One Morley Plaza,
Saginaw, Michigan 48603 in the United States of America.
For purposes of this Privacy Policy, references to “Morley,”
the “Company,” “we,” “our,” and “us” mean Morley Companies, Inc. Morley owns
and operates the website at www.morleycompanies.com (the “Website”) and has
three business units: Business Process Outsourcing, Meetings & Incentives,
and Exhibits & Displays. “Service” refers to any of the services of these
business units, our interaction with current or potential clients or their
customers, employees, employment candidates, or other communications related to
Morley business and operations.
We reserve the right to change, modify, add or remove
portions of this Privacy Policy from time to time. Please check back
periodically for any changes we may make to the Privacy Policy. Your continued
use of this site or our Services following the posting of changes to this
Privacy Policy means you accept these changes.
Morley’s Chief Privacy Officer ensures that obligations
arising from the Privacy Policy are enforced and that applicable laws, such as
those in the United States, Canada, the European Union (“EU”), the European
Economic Area (“EEA”) and Australia, are observed.
This statement explains what we do with your personal
information when you visit our Website, when you register to use our Service
and when you communicate with us.
If you have questions about our collection, use or
disclosure of your personal information, or if you want to exercise your
rights, explained further below, you can contact our Chief Privacy Officer by
emailing privacy@morleynet.com or by writing to us at One Morley
Plaza, Saginaw, MI 48603, Attn: Privacy Officer.
Information We May Collect About You & How We Collect It
We may collect and process the following information about
you:
Information you give us: You may give us information
about you by filling out the registration form on our registration site or by
corresponding with us by phone, email, chat, via our Website or otherwise. This
includes information you provide when you register for our Service. The
information you give us may include:
- Name
- Address
-
Email address
-
Phone number
-
Date of birth
- Passport or foreign personal identification
number
- Debit/credit card account information
- Gender
- Employer information
- Personal description or photograph
- Travel dates
- Country of origin/destination
Information we receive from third parties: We may
obtain information from third parties, such as an employer assisting us and our
client with a marketing research study. If we reached out to you to invite you
to register for our Service, it may have been because your employer or another
entity gave us your contact information to do so. Your employer or that entity
did so because they thought you would be interested in our Service or they
specifically wanted you to register for our Service for a business-related purpose
or travel experience. We also may have contacted you for business
opportunities, recruitment purposes, or other operational purposes.
Log files: As you navigate through and interact with
our Website, we automatically collect information about your computer hardware
and software. This information can include your IP address, browser type,
domain names, internet service provider (ISP), the files viewed on our site
(e.g., HTML pages, graphics, etc.), operating system, clickstream data, access
times and referring website addresses. We use this information for the
operation of the Service, to maintain quality of the Service and to provide
general statistics regarding use of the Website. For these purposes, we do link
this automatically collected data to personal information such as name, email
address, address and phone number.
Tracking technologies and advertising: You can set your
browser to refuse all or some browser cookies, or to alert you when cookies are
being sent. To learn how you can manage your Flash cookie settings, visit the
Flash player settings page on Adobe’s website. If you disable or refuse
cookies, please note that some parts of this site may then be inaccessible or
not function properly. This type of technology includes the following:
- Google Analytics: We use Google
Analytics, which Google collects, and use the information shared by sites and
apps to deliver our services, maintain and improve them, develop new services,
measure the effectiveness of advertising, protect against fraud and abuse, and
personalize content and ads you see on Google and on our partners’ sites and
apps. To learn more about the Company’s use of Google Analytics and what Google
Analytics does, please see How Google uses information from sites or apps
that use our services, linked below.
If you do not want your data collected with Google Analytics, you can install
the Google Analytics opt-out browser add-on. This add-on instructs the Google
Analytics JavaScript (ga.js, analytics.js, and dc.ja) running on websites to
prohibit sending information to Google Analytics.
To opt-out of Analytics for the web, visit the Google Analytics opt-out page and install the add-on for
your browser. For more details on installing and uninstalling the add-on,
please see the relevant help resources for your specific browser.
Updates to your browser or operating system may affect functionality of the
opt-out add-on. Learn about managing add-ons for Chrome here. If you are not using Chrome, check
directly with the manufacturer of your browser to determine whether add-ons
will function properly on the browser version that you are using.
The latest versions of Internet Explorer sometimes load the Google Analytics
opt-out add-on after sending data to Google Analytics. Therefore, if you are
using Internet Explorer, the add-on will set cookies on your computer. These
cookies ensure that any collected data is immediately deleted from the collection
server. Please make sure that third-party cookies aren’t disabled for your
Internet Explorer browser. If you delete your cookies, the add-on will, within
a short time frame, reset these cookies to ensure that your Google Analytics
browser add-on remains fully functional.
The Google Analytics opt-out browser add-on does not prevent data from being
sent to the website itself or in other ways to web analytics services.
Learn about how Google Analytics collects, uses and processes data here.
Learn about the cookies Google Analytics uses here.
Our Use of Subcontractors/Processors
We are also responsible for all personal information that we
provide to subcontractors/processors and agents for processing to help us in
serving our clients. It is the responsibility of the Morley staff person
proposing or supervising such activities to ensure that the written contract
with the outside party will afford a comparable level of protection while the
personal information is being processed by such third party.
In some cases, that will require the third party to enter
into a separate contract with us, e.g., a Data Processing Agreement that
ensures their processing of your information is compliant with all relevant and
applicable laws as they may be applicable to you. Further provisions may
include the return of all personal information to us upon completion, an
agreement not to use such information except for our purposes, and the
destruction of any remaining records in the possession of the third party.
Finally, the third party must agree to advise Morley
immediately of any concerns or objections expressed by individuals, and of any
breaches of this Privacy Policy.
Care shall be taken to select only contractors, processors
or other third parties who can guarantee the technical and organizational
requirements and security provisions necessary for the processing.
How We Use the Information We Collect
Compliance With Our Privacy Policy
We use the information we collect only in compliance with
this Privacy Policy. Customers who use Service are obligated through our
agreements with them to comply with this Privacy Policy.
We Never Sell Personal Information
We will never sell your personal information to any third
party.
Use of Personal Information
In addition to the uses identified elsewhere in this Privacy
Policy, we may collect, use or otherwise hold information to facilitate
communication and delivery of our Service that you have given us information
for in order for us to provide the Service and/or to perform our contract
obligations with our clients, which are likely your employer, your
spouse/partner’s employer, or a company with which you do business.
In addition, we may process your information and information
about you for the following purposes:
- To deliver the Service to you;
- To correspond and communicate to you with
respect to delivering the Service;
- To notify you about any changes to our Service
to you;
- To allow you to participate in the Service;
- To process your registration;
- To collect payment from you – We use
credit/debit card information solely to collect payment from you, and we use a
third-party service provider to manage that processing, and that provider is
not permitted to store, retain or use that information except for the sole
purpose of processing credit/debit information on our behalf;
-
As part of our efforts to keep you safe and
secure;
- To assist clients, including their employees and
members of their supplier and sales and distribution networks, with their event
planning, group and individual travel programs, trade show management and
participation, interactive services, including teleservices and database
management projects, market research data collection and analysis, and other
services offered by us;
- To disclose to contractors, third-party vendors
and service providers as reasonably necessary or prudent to provide, maintain
and support Service, e.g., payment processors, data centers, web-hosting
providers, transportation providers, event management providers, hotels,
restaurants, etc.
- To operate and manage customer loyalty programs
in which clients provide us with personal information related to their clients,
employees (which may include you), suppliers and distributors. Examples
include, but are not limited to, credit and debit card reward programs, sales
incentives and other loyalty-based marketing programs.
- To design, develop, operate and manage market
research studies for clients, including studies for which, to preserve the
integrity of the research, the identity of the organization commissioning the
study is not disclosed to the participants;
- If you use one of our applications to register
for an event/meeting, we will use the email address you provided to send you
information and announcements relating to that event;
- If you use one of our applications to pay for
event registration fees or for hotel incidentals or for other products or
services, we will pass that information on to payment card processors to
validate and process the payment information and to otherwise complete the
transaction;
- When you use your social media credentials to
share information or log in to one of our applications, as that functionality
might be available, we will share information with your social media account
provider, and that information will be governed by the social media platform’s
privacy, cookie and other relevant policies;
- To identify and communicate with individuals
interested in receiving information about our Service or other marketing
information;
- To comply with governmental regulations or to
respond to a subpoena or other governmental, court or administrative
order/requirement;
- To hire, train and manage our staff;
- To support the functions of our human resources
management, including employment functions and the coordination of third-party
vendors that provide insurance and personal financial services, such as
retirement planning and savings and investment accounts;
- To recruit and correspond with candidates,
potential candidates, and new hires, whether via our applicant tracking system
or otherwise;
- To operate our Website and Morley-operated
client websites in support of client projects;
- To carry on our business and serve our customers
as described above;
- For other purposes with your consent;
- To deliver to a third party in the event of a
merger, divestiture, restructuring, recapitalization, reorganization,
dissolution or other sale or transfer of some or all Morley’s assets, whether
as a continuing operating business or as part of bankruptcy, liquidation or
similar proceeding, in which personal data held by Morley about clients is
among the assets transferred;
- For our internal business purposes that include
administering access and use of our applications, data analysis, securely
identifying users upon logging on to an application, enhancing or modifying our
Service, determining the effectiveness of our promotional campaigns, billing
for the Service, and operating our business;
- As we believe to be necessary or appropriate (a)
under applicable law, including laws outside your country of residence; (b) to
respond to requests from public and government authorities including public and
government authorities outside your country of residence; and (c) to protect
against or identify fraudulent transactions;
- We may combine information received from other
sources with information you give to us and information we collect about you,
and we may use this information and the combined information for the purposes
set out above.
The collection of personal information shall be limited to
that which is necessary for the purposes identified above.
Legal Basis for Processing Personal Information (EEA visitors only)
If you are a visitor/customer located in the EEA, our legal
basis for collecting and using the personal information described above will
depend on the personal information concerned and the specific context in which
we collect it. However, we will normally collect personal information from you
only where we have your consent to do so, where we need the personal
information to perform a contract with you, where it is necessary to protect
your vital interests or those of another person, or where the processing is in
our legitimate interests and not overridden by your data protection interests
or fundamental rights and freedoms. In some cases, we may also have a legal
obligation to collect personal information from you.
If we ask you to provide personal information to comply with
a legal requirement or to perform a contract with you, we will make this clear
at the relevant time and advise you whether the provision of your personal
information is mandatory or not (as well as of the possible consequences if you
do not provide your personal information). Similarly, if we collect and use
your personal information in reliance on our legitimate interests (or those of
any third party), we will make clear to you at the relevant time what those
legitimate interests are.
Who We Share Your Personal Information With & Why
We may share non-personally identifiable information, such
as aggregated user statistics, with third parties. We do not share your
personal information with third parties for third-party marketing purposes, or
for any other purpose other than as described in this Privacy Policy.
We may share the information we have collected about you,
including personal information, as disclosed at the time you provide your
information and in the following circumstances:
Internally with our employees/agents: We will share
your information with our employees/agents who are responsible for providing
you the Service in line with the scope of their employment/agency with us.
Third parties providing services on our behalf: We
share your personal information with third parties, such as payment processors,
excursion companies, hotel/lodging accommodations, vendors, etc., to allow them
to provide you the Service as they are specific to their particular role. For
example, we share your payment information with payment processors to allow
them to charge your relevant debit/credit account for the Service. We share
your name information with hotel/lodging and accommodation entities and
excursion companies to allow them to reserve you a room/space in their
hotel/lodging facility and/or on their excursion, as relevant. This information
is shared for the sole purpose of allowing us to provide you the Service. These
companies are bound by contractual obligations to keep personal information
confidential and use it only for the purposes for which Morley discloses it to
them. We may use: (a) third-party analytics service providers and (b)
ad-serving platforms, such as Google and Facebook, which may set and access
their own cookies and web beacons on your device. These parties may have access
to usage information. They may also have access to pseudonymous or anonymous
information about you (such as a unique identification number), which may be
combined or associated with information from other sources to identify you.
Where we use subcontractors/processors to provide the
Service: Any such subcontractor/processor will only use your personal
information for the purposes of providing services to us and will have no right
to use your personal information for its own purposes or to share or otherwise
disclose your personal information. We use third-party payment processing
services when you make payment through our site. We do not have access to any
credit card or other financial information processed by the third party.
Business transfer: We reserve the right to disclose
and transfer all information related to the Service, including, without
limitation, your personal information, demographic information and usage
information: (i) to a subsequent owner, co-owner or operator of the Service or
applicable database; or (ii) in connection with a corporate merger,
consolidation, restructuring, the sale of substantially all of our stock and/or
assets or other corporate change, including, without limitation, during the
course of any due diligence process.
Legal obligations: If we are under a duty to disclose
or share your personal data in order to comply with any legal obligation, or in
order to enforce or apply our terms of use and other agreements; or to protect
the rights, property, or safety of the Company, our customers, or others. This
includes exchanging information with other companies and organizations for the
purposes of fraud protection and credit risk reduction.
Compliance: Where we are requested to provide
information by authorized third parties or regulatory or governmental agencies
investigating illegal activities.
Emergency: Where we believe that an emergency,
illegal activity or some other reasonable basis exists for notifying the
relevant authority.
Other information:
- Cross-Border Transfers & Data Storage: The
Service is hosted on U.S. servers. The data that we collect from you may be
transferred to, and stored at, a destination outside the EEA and may also be
processed by staff operating outside the EEA who work for us or for one of our
processors. Such staff may be engaged in, among other things, hosting or
maintaining our Website, the processing of your payment details and the
provision of support services. Any personal information you provide to us will
be processed and stored on servers in the U.S., the laws of which may be deemed
by other countries to have inadequate data protection.
Accordingly, if you are located outside the U.S., you consent and continue to
consent to the processing, transfer and storage of such data in the U.S. and
outside the U.S. We have agreements in place with our contractors and
processors that include standard contractual clauses to protect your rights
with respect to your data. We will take all steps reasonably necessary to
ensure that your data is treated securely and in accordance with this Privacy
Policy.
- Do Not Track: Some browsers incorporate a
“Do Not Track” (DNT) feature that, when turned on, signals to websites and
online services that you do not want to be tracked. At this time, the Service
does not respond to DNT signals.
- California Resident Privacy Rights:
Shine the Light
Pursuant to Section 1798.83-.84 of the California Civil Code, residents of
California have the right to request from a business, with whom the California
resident has an established business relationship, what types of personal
information, if any, the business shares with third parties for direct
marketing purposes by such third party and the identities of the third parties
with whom the business has shared such information in the immediately preceding
calendar year. To access this information, please contact us by emailing privacy@morleynet.com with “CA Shine the Light Privacy
Requests” in the subject line. Please note that, under the law, we are not
required to respond to your request more than once in a calendar year, nor are
we required to respond to any requests that are not sent to the
above-designated email.
The California Consumer Privacy Act as
modified by the California Privacy Rights Act
We collect information that identifies, relates to, describes, references, is
capable of being associated with or could reasonably be linked, directly or
indirectly, with a particular consumer or device (“personal information”). Below
are the categories of Personal Information we collect and the purposes for
which we intend to use this information:- Identifying information, such as your
full name, gender, date of birth, and signature.
- Demographic data, such as race, ethnic
origin, marital status, disability, and veteran or military status.
- Contact information, such as your home
address, telephone numbers, email addresses, and emergency contact information.
- Dependent or other individuals’ information,
such as their full name, address, date of birth, phone number, and Social
Security numbers (SSN).
- National identifiers, such as SSN,
passport and visa information, and immigration status and documentation.
- Educational and professional background,
such as your work history, academic and professional qualifications,
educational records, references, and interview notes.
- Employment details, such as your job
title, position, hire dates, compensation, performance and disciplinary
records, and vacation and sick leave records.
- Financial information, such as banking
details, tax information, payroll information, and withholdings.
- Health and Safety information, such as
health conditions (if relevant to your employment), job restrictions, workplace
illness and injury information, and health insurance policy information.
- Information Systems (IS) information,
such as your search history, browsing history, login information, and IP
addresses on the Company's information systems and networks.
- Biometric information, such as facial
recognition, fingerprints, iris or retina scans, keystroke, or other physical
patterns.
- Geolocation data, such as time and
physical location related to use of an internet website, application, device,
or physical access to a Company office location.
- Sensory or surveillance information, such
as COVID-19-related temperature checks and call monitoring and video
surveillance.
- Protected information categories listed in
the California Customer Records statute (Cal. Civ. Code § 1789.80(e)), such
as name, signature, SSN, physical characteristics or description, address,
telephone number, passport number, driver’s license or state identification
card number, insurance policy number, education, employment, employment
history, bank account number, credit card number, debit card number, or any
other financial information, medical information, or health insurance
information, understanding that some personal information included in this
category may overlap with other categories.
- Protected classification characteristics
under California and federal law, such as age (40 years or older), race,
color, ancestry, national origin, citizenship, religion or creed, marital
status, medical condition, physical or mental disability, sex (including
gender, gender identity, gender expression, pregnancy or childbirth and related
medical conditions), sexual orientation, veteran or military status, and
genetic information (including familial genetic information).
- Profile or summary about an
applicant/employee’s preferences, characteristics, attitudes, intelligence,
abilities, and aptitudes.
- Sensitive Information, such as Social
Security, driver’s license, state identification card, or passport number;
account login, financial account, debit card, or credit card number in
combination with any required security or access code, password, or credentials
allowing access to an account; racial or ethnic origin, religious or
philosophical beliefs, and genetic data.
The
Company collects Personal Information to use or disclose as appropriate to:
- Comply with all applicable laws and regulations.
- Recruit and evaluate job applicants and
candidates for employment.
- Conduct background checks.
- Manage your employment relationship with us,
including for:
- Onboarding
processes;
- Timekeeping,
payroll, and expense report administration;
- Employee
benefits administration;
- Employee
training and development requirements;
- The
creation, maintenance, and security of your online employee accounts;
- Reaching
your emergency contacts when needed, such as when you are not reachable or are
injured or ill;
- Workers’
compensation claims management;
- Employee
job performance, including goals and performance reviews, promotions,
discipline, and termination; and
- Other
human resources purposes.
- Manage and monitor employee access to company
facilities, equipment, and systems.
- Conduct internal audits and workplace
investigations.
- Investigate and enforce compliance with and
potential breaches of Company policies and procedures.
- Engage in corporate transactions requiring
review of employee records, such as for evaluating potential mergers and acquisitions
of the Company.
- Maintain commercial insurance policies and
coverages, including for workers' compensation and other liability insurance.
- Perform workforce analytics, data analytics, and
benchmarking.
- Administer and maintain the Company's
operations, including for safety purposes.
- For client marketing purposes.
- Exercise or defend the legal rights of the
Company and its employees, and affiliates, customers, contractors, and agents.
Do Not Sell or Share My Personal Information
We do not sell or share (in the context of cross-behavioral advertising
which means the targeting of advertising to a consumer based on the consumer’s
personal information obtained from the consumer’s activity across businesses
including distinctly-branded websites, applications, or services) your Personal
Information, including sensitive personal information, and have not in the
immediate 12 months. If we do, you will be notified of it prior to or at the
point of such collection for those purposes and provided a link to opt-out of
the selling/sharing of your personal information.
Your Privacy Rights
You have the following rights under applicable California law in relation
to your Personal Information, subject to certain exceptions:
- Right to Know: You have the right to, up
to twice in a 12-month period, request what Personal Information we collect,
use, disclose, share, and/or sell, as applicable.
- Right to Delete: You have the right to
request the deletion of your Personal Information that is collected by us.
- Right to Opt-Out of Sale: You have the
right to opt-out of the sale or sharing of your Personal Information by a
business. However, as noted above, we do not currently sell or share any
Personal Information.
- Right to Non-Discrimination: You have the
right not to receive discriminatory treatment for the exercise of the privacy
rights described above.
- Right to Correct: You have the right to
correct inaccurate Personal Information that we maintain about you.
You may submit a request to delete, correct, and/or to know by contacting
us at 800.832.7368, or by emailing us at ca-data-request@morleynet.com, subject
“California Data Subject Request.” Once we receive your request, we will follow
up in no later than 10 days, confirm receipt of your request, and request
information about you that we have collected, as set forth above, to allow us
to verify your identity to ensure that you are submitting a request on behalf
of who you say you are. You can also have an authorized representative submit a
request on your behalf, but we must have proof that the person is indeed your
authorized representative by seeing an authorization document that you have
signed. This can include a Power of Attorney or other similar authorizing
document.
For purposes of requests to delete, correct and to know, we will verify your
identity based on information we have collected about you, including your name,
address, and phone number, but will not fulfill your request unless you have
provided sufficient information that enables us to reasonably verify that you
are the consumer about whom we collected the personally identifying information
on. If we are unable to verify your identity, we may deny your request.
We will respond to your request within 45 days after receipt of your request
for a period covering 12 months and for no more than twice in a 12-month
period. We reserve the right to extend the response time by an additional 45
days when reasonably necessary and provided that consumer notification of the
extension is made within the first 45 days. We will give you notice of the
reason for this additional time needed to process our request.
We do not charge a fee to process or respond to your verifiable consumer
request unless it is excessive, repetitive, or manifestly unfounded. If we
determine that the request warrants a fee, we will tell you why we made that
decision and provide you with a cost estimate before completing your request.
These
rights are also subject to various exclusions and exceptions under applicable
laws.
We may also have to delay complying with a request to delete with respect to
data stored on an archived or backup system until such time as that system is
restored to an active system or is next accessed or used for sale, disclosure
or commercial purpose.
We currently do not collect household data. If we receive a Right to Know or
Right to Delete request submitted by all members of a household, we will
individually respond to each request. We will not be able to comply with any
request by a member of a household under the age of 13 as we do not collect
personally identifying information from any person under the age of 13.
- Children Under the Age of 13: Our
Service, including use of the Website, is not intended for children under 13
years of age. No one under age 13 may provide any personal information to or on
the Website. We do not knowingly collect personal information from children
under 13. If you are under 13, do not use or provide any information on this
Website or on or through any of its features, register on the Website, use any
of the interactive or public comment features of this Website or provide any
information about yourself to us, including your name, address, telephone
number, email address, or any screen name or user name you may use. If we learn
we have collected or received personal information from a child under 13
without verification of parental consent, we will delete that information. If
you believe we might have any information from or about a child under 13,
please contact us at privacy@morleynet.com.
Your Choices & Rights
If you choose not to provide personal information, you may
be unable to access or use the Service as we simply may not be able to perform
required functions.
User Data Subject Rights (EEA Visitors Only)
The EU General Data Protection Regulation (“GDPR”) became
effective in the European Union as of May 25, 2018. In preparation for the
GDPR, we reviewed our internal processes and put policies and procedures in place
to attempt to meet the requirements and standards of the GDPR and any relevant
data protection laws.
We are not established in the EEA; however, the following
apply to individuals whose personal information is processed in the EEA to
allow those individuals to understand and enforce their data protection rights.
Our legal basis for collecting and using your personal
information will be our legitimate interest where the processing is in our, or
a third party’s, legitimate interests and not overridden by your data
protection interests, or fundamental rights and freedoms. These interests are
to provide you with access to the Service; to send you information you have
requested; to ensure the security of our Service by trying to prevent
unauthorized or malicious activities; or, to enforce compliance with our terms
of use, contracts and other policies.
EEA Users have the following rights:
- You can request access, correction, updates or
deletion of your personal information.
- You can object to processing of your personal
information, ask us to restrict processing of your personal information or
request portability of your personal information.
- If we have collected and processed your personal
information with your consent, then you can withdraw your consent at any time.
Withdrawing your consent will not affect the lawfulness of any processing we
conducted prior to your withdrawal, nor will it affect processing of your
personal information conducted in reliance on lawful processing grounds other
than consent.
- You have the right to withdraw your consent to
our collection and/or processing of your information at any time by contacting
us.
- You have the right to complain to a data
protection authority about our collection and use of your personal information.
Contact details for data protection authorities in the EEA, Switzerland and
certain non-European countries (including the U.S. and Canada) are available.
- When the processing of your personal data is
for direct marketing purposes, you have the right to object to subject
processing.
To exercise any of your data subject rights, please contact
us at privacy@morleynet.com.
We will respond to your request without undue delay, and, in any event, within
one month of receipt of the request. That period may be extended by two further
months where necessary, taking into account the complexity and number of the
requests we receive. If we take an extension, we shall inform you within one
month of our receipt of the original request, together with the reasons for
delay.
In the event your personal data that we collected was
subject to a Personal Data Breach (defined below), we will notify you and
competent Supervisory Authority(ies) within 72 hours by email with information
about the extent of the breach, affected data, any impact, and our plan for
measures to secure the data and limit any possible detrimental effect on you. A
“Personal Data Breach” is a breach of security leading to the accidental or
unlawful destruction, loss, alteration, unauthorized disclosure of or access to
personal data transmitted, stored or otherwise processed.
Information Security & Technical & Organizational Measures
The Company takes the privacy and security of individuals
and their personal information very seriously, and we take every reasonable
measure and precaution to protect and secure the personal data that we process.
We have robust information security policies and procedures in place to protect
personal information from unauthorized access, alteration, disclosure or
destruction and have several layers of security measures, including:
- Encryption using certificates from trusted
certificate authorities
- Security by design
- Edge and internal firewalls to segregate roles
- Segregation of datasets
- Physical and digital access controls
- A complex passphrase policy
- Off-site backups
- Regular patch cycle and reporting
-
Regular penetration and vulnerability testing by
external specialists
Effective Date: February 15, 2019
Last Modified: December 22, 2022