• Introduction

    Morley Companies, Inc. is a corporation incorporated under the laws of the State of Michigan, with its head office at One Morley Plaza, Saginaw, Michigan 48603 in the United States of America.

    For purposes of this Privacy Policy, references to “Morley,” the “Company,” “we,” “our,” and “us” mean Morley Companies, Inc. Morley owns and operates the website at www.morleycompanies.com (the “Website”) and has three business units: Business Process Outsourcing, Meetings & Incentives, and Exhibits & Displays. “Service” refers to any of the services of these business units, our interaction with current or potential clients or their customers, employees, employment candidates, or other communications related to Morley business and operations.

    We reserve the right to change, modify, add or remove portions of this Privacy Policy from time to time. Please check back periodically for any changes we may make to the Privacy Policy. Your continued use of this site or our Services following the posting of changes to this Privacy Policy means you accept these changes.

    Morley’s Chief Privacy Officer ensures that obligations arising from the Privacy Policy are enforced and that applicable laws, such as those in the United States, Canada, the European Union (“EU”), the European Economic Area (“EEA”) and Australia, are observed.

    This statement explains what we do with your personal information when you visit our Website, when you register to use our Service and when you communicate with us.

    If you have questions about our collection, use or disclosure of your personal information, or if you want to exercise your rights, explained further below, you can contact our Chief Privacy Officer by emailing privacy@morleynet.com or by writing to us at One Morley Plaza, Saginaw, MI 48603, Attn: Privacy Officer.

    Information We May Collect About You & How We Collect It

    We may collect and process the following information about you:

    Information you give us: You may give us information about you by filling out the registration form on our registration site or by corresponding with us by phone, email, chat, via our Website or otherwise. This includes information you provide when you register for our Service. The information you give us may include:

    • Name
    • Address
    • Email address
    • Phone number
    • Date of birth
    • Passport or foreign personal identification number
    • Debit/credit card account information
    • Gender
    • Employer information
    • Personal description or photograph
    • Travel dates
    • Country of origin/destination

    Information we receive from third parties: We may obtain information from third parties, such as an employer assisting us and our client with a marketing research study. If we reached out to you to invite you to register for our Service, it may have been because your employer or another entity gave us your contact information to do so. Your employer or that entity did so because they thought you would be interested in our Service or they specifically wanted you to register for our Service for a business-related purpose or travel experience. We also may have contacted you for business opportunities, recruitment purposes, or other operational purposes.

    Log files: As you navigate through and interact with our Website, we automatically collect information about your computer hardware and software. This information can include your IP address, browser type, domain names, internet service provider (ISP), the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, clickstream data, access times and referring website addresses. We use this information for the operation of the Service, to maintain quality of the Service and to provide general statistics regarding use of the Website. For these purposes, we do link this automatically collected data to personal information such as name, email address, address and phone number.

    Tracking technologies and advertising: You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe’s website. If you disable or refuse cookies, please note that some parts of this site may then be inaccessible or not function properly. This type of technology includes the following:

    • Google Analytics: We use Google Analytics, which Google collects, and use the information shared by sites and apps to deliver our services, maintain and improve them, develop new services, measure the effectiveness of advertising, protect against fraud and abuse, and personalize content and ads you see on Google and on our partners’ sites and apps. To learn more about the Company’s use of Google Analytics and what Google Analytics does, please see How Google uses information from sites or apps that use our services, linked below.

      If you do not want your data collected with Google Analytics, you can install the Google Analytics opt-out browser add-on. This add-on instructs the Google Analytics JavaScript (ga.js, analytics.js, and dc.ja) running on websites to prohibit sending information to Google Analytics.

      To opt-out of Analytics for the web, visit the Google Analytics opt-out page and install the add-on for your browser. For more details on installing and uninstalling the add-on, please see the relevant help resources for your specific browser.

      Updates to your browser or operating system may affect functionality of the opt-out add-on. Learn about managing add-ons for Chrome here. If you are not using Chrome, check directly with the manufacturer of your browser to determine whether add-ons will function properly on the browser version that you are using.

      The latest versions of Internet Explorer sometimes load the Google Analytics opt-out add-on after sending data to Google Analytics. Therefore, if you are using Internet Explorer, the add-on will set cookies on your computer. These cookies ensure that any collected data is immediately deleted from the collection server. Please make sure that third-party cookies aren’t disabled for your Internet Explorer browser. If you delete your cookies, the add-on will, within a short time frame, reset these cookies to ensure that your Google Analytics browser add-on remains fully functional.

      The Google Analytics opt-out browser add-on does not prevent data from being sent to the website itself or in other ways to web analytics services.

      Learn about how Google Analytics collects, uses and processes data here.

      Learn about the cookies Google Analytics uses here.  

    Our Use of Subcontractors/Processors

    We are also responsible for all personal information that we provide to subcontractors/processors and agents for processing to help us in serving our clients. It is the responsibility of the Morley staff person proposing or supervising such activities to ensure that the written contract with the outside party will afford a comparable level of protection while the personal information is being processed by such third party.

    In some cases, that will require the third party to enter into a separate contract with us, e.g., a Data Processing Agreement that ensures their processing of your information is compliant with all relevant and applicable laws as they may be applicable to you. Further provisions may include the return of all personal information to us upon completion, an agreement not to use such information except for our purposes, and the destruction of any remaining records in the possession of the third party.

    Finally, the third party must agree to advise Morley immediately of any concerns or objections expressed by individuals, and of any breaches of this Privacy Policy.

    Care shall be taken to select only contractors, processors or other third parties who can guarantee the technical and organizational requirements and security provisions necessary for the processing.

    How We Use the Information We Collect

    Compliance With Our Privacy Policy

    We use the information we collect only in compliance with this Privacy Policy. Customers who use Service are obligated through our agreements with them to comply with this Privacy Policy.

    We Never Sell Personal Information

    We will never sell your personal information to any third party.

    Use of Personal Information

    In addition to the uses identified elsewhere in this Privacy Policy, we may collect, use or otherwise hold information to facilitate communication and delivery of our Service that you have given us information for in order for us to provide the Service and/or to perform our contract obligations with our clients, which are likely your employer, your spouse/partner’s employer, or a company with which you do business.

    In addition, we may process your information and information about you for the following purposes:

    • To deliver the Service to you;
    • To correspond and communicate to you with respect to delivering the Service;
    • To notify you about any changes to our Service to you;
    • To allow you to participate in the Service;
    • To process your registration;
    • To collect payment from you – We use credit/debit card information solely to collect payment from you, and we use a third-party service provider to manage that processing, and that provider is not permitted to store, retain or use that information except for the sole purpose of processing credit/debit information on our behalf;
    • As part of our efforts to keep you safe and secure;
    • To assist clients, including their employees and members of their supplier and sales and distribution networks, with their event planning, group and individual travel programs, trade show management and participation, interactive services, including teleservices and database management projects, market research data collection and analysis, and other services offered by us;
    • To disclose to contractors, third-party vendors and service providers as reasonably necessary or prudent to provide, maintain and support Service, e.g., payment processors, data centers, web-hosting providers, transportation providers, event management providers, hotels, restaurants, etc.
    • To operate and manage customer loyalty programs in which clients provide us with personal information related to their clients, employees (which may include you), suppliers and distributors. Examples include, but are not limited to, credit and debit card reward programs, sales incentives and other loyalty-based marketing programs.
    • To design, develop, operate and manage market research studies for clients, including studies for which, to preserve the integrity of the research, the identity of the organization commissioning the study is not disclosed to the participants;
    • If you use one of our applications to register for an event/meeting, we will use the email address you provided to send you information and announcements relating to that event;
    • If you use one of our applications to pay for event registration fees or for hotel incidentals or for other products or services, we will pass that information on to payment card processors to validate and process the payment information and to otherwise complete the transaction;
    • When you use your social media credentials to share information or log in to one of our applications, as that functionality might be available, we will share information with your social media account provider, and that information will be governed by the social media platform’s privacy, cookie and other relevant policies;
    • To identify and communicate with individuals interested in receiving information about our Service or other marketing information;
    • To comply with governmental regulations or to respond to a subpoena or other governmental, court or administrative order/requirement;
    • To hire, train and manage our staff;
    • To support the functions of our human resources management, including employment functions and the coordination of third-party vendors that provide insurance and personal financial services, such as retirement planning and savings and investment accounts;
    • To recruit and correspond with candidates, potential candidates, and new hires, whether via our applicant tracking system or otherwise;
    • To operate our Website and Morley-operated client websites in support of client projects;
    • To carry on our business and serve our customers as described above;
    • For other purposes with your consent;
    • To deliver to a third party in the event of a merger, divestiture, restructuring, recapitalization, reorganization, dissolution or other sale or transfer of some or all Morley’s assets, whether as a continuing operating business or as part of bankruptcy, liquidation or similar proceeding, in which personal data held by Morley about clients is among the assets transferred;
    • For our internal business purposes that include administering access and use of our applications, data analysis, securely identifying users upon logging on to an application, enhancing or modifying our Service, determining the effectiveness of our promotional campaigns, billing for the Service, and operating our business;
    • As we believe to be necessary or appropriate (a) under applicable law, including laws outside your country of residence; (b) to respond to requests from public and government authorities including public and government authorities outside your country of residence; and (c) to protect against or identify fraudulent transactions;
    • We may combine information received from other sources with information you give to us and information we collect about you, and we may use this information and the combined information for the purposes set out above.

    The collection of personal information shall be limited to that which is necessary for the purposes identified above.

    Legal Basis for Processing Personal Information (EEA visitors only)

    If you are a visitor/customer located in the EEA, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, where it is necessary to protect your vital interests or those of another person, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you.

    If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information). Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.

    Who We Share Your Personal Information With & Why

    We may share non-personally identifiable information, such as aggregated user statistics, with third parties. We do not share your personal information with third parties for third-party marketing purposes, or for any other purpose other than as described in this Privacy Policy.

    We may share the information we have collected about you, including personal information, as disclosed at the time you provide your information and in the following circumstances:

    Internally with our employees/agents: We will share your information with our employees/agents who are responsible for providing you the Service in line with the scope of their employment/agency with us.

    Third parties providing services on our behalf: We share your personal information with third parties, such as payment processors, excursion companies, hotel/lodging accommodations, vendors, etc., to allow them to provide you the Service as they are specific to their particular role. For example, we share your payment information with payment processors to allow them to charge your relevant debit/credit account for the Service. We share your name information with hotel/lodging and accommodation entities and excursion companies to allow them to reserve you a room/space in their hotel/lodging facility and/or on their excursion, as relevant. This information is shared for the sole purpose of allowing us to provide you the Service. These companies are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which Morley discloses it to them. We may use: (a) third-party analytics service providers and (b) ad-serving platforms, such as Google and Facebook, which may set and access their own cookies and web beacons on your device. These parties may have access to usage information. They may also have access to pseudonymous or anonymous information about you (such as a unique identification number), which may be combined or associated with information from other sources to identify you.

    Where we use subcontractors/processors to provide the Service: Any such subcontractor/processor will only use your personal information for the purposes of providing services to us and will have no right to use your personal information for its own purposes or to share or otherwise disclose your personal information. We use third-party payment processing services when you make payment through our site. We do not have access to any credit card or other financial information processed by the third party.

    Business transfer: We reserve the right to disclose and transfer all information related to the Service, including, without limitation, your personal information, demographic information and usage information: (i) to a subsequent owner, co-owner or operator of the Service or applicable database; or (ii) in connection with a corporate merger, consolidation, restructuring, the sale of substantially all of our stock and/or assets or other corporate change, including, without limitation, during the course of any due diligence process.

    Legal obligations: If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of the Company, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

    Compliance: Where we are requested to provide information by authorized third parties or regulatory or governmental agencies investigating illegal activities.

    Emergency: Where we believe that an emergency, illegal activity or some other reasonable basis exists for notifying the relevant authority.

    Other information:

    • Cross-Border Transfers & Data Storage: The Service is hosted on U.S. servers. The data that we collect from you may be transferred to, and stored at, a destination outside the EEA and may also be processed by staff operating outside the EEA who work for us or for one of our processors. Such staff may be engaged in, among other things, hosting or maintaining our Website, the processing of your payment details and the provision of support services. Any personal information you provide to us will be processed and stored on servers in the U.S., the laws of which may be deemed by other countries to have inadequate data protection.

      Accordingly, if you are located outside the U.S., you consent and continue to consent to the processing, transfer and storage of such data in the U.S. and outside the U.S. We have agreements in place with our contractors and processors that include standard contractual clauses to protect your rights with respect to your data. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

    • Do Not Track: Some browsers incorporate a “Do Not Track” (DNT) feature that, when turned on, signals to websites and online services that you do not want to be tracked. At this time, the Service does not respond to DNT signals.

    • California Resident Privacy Rights:
      Shine the Light
      Pursuant to Section 1798.83-.84 of the California Civil Code, residents of California have the right to request from a business, with whom the California resident has an established business relationship, what types of personal information, if any, the business shares with third parties for direct marketing purposes by such third party and the identities of the third parties with whom the business has shared such information in the immediately preceding calendar year. To access this information, please contact us by emailing privacy@morleynet.com with “CA Shine the Light Privacy Requests” in the subject line. Please note that, under the law, we are not required to respond to your request more than once in a calendar year, nor are we required to respond to any requests that are not sent to the above-designated email.

      The California Consumer Privacy Act as modified by the California Privacy Rights Act
      We collect information that identifies, relates to, describes, references, is capable of being associated with or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). Below are the categories of Personal Information we collect and the purposes for which we intend to use this information:
      • Identifying information, such as your full name, gender, date of birth, and signature.
      • Demographic data, such as race, ethnic origin, marital status, disability, and veteran or military status.
      • Contact information, such as your home address, telephone numbers, email addresses, and emergency contact information.
      • Dependent or other individuals’ information, such as their full name, address, date of birth, phone number, and Social Security numbers (SSN).
      • National identifiers, such as SSN, passport and visa information, and immigration status and documentation.
      • Educational and professional background, such as your work history, academic and professional qualifications, educational records, references, and interview notes.
      • Employment details, such as your job title, position, hire dates, compensation, performance and disciplinary records, and vacation and sick leave records.
      • Financial information, such as banking details, tax information, payroll information, and withholdings.
      • Health and Safety information, such as health conditions (if relevant to your employment), job restrictions, workplace illness and injury information, and health insurance policy information.
      • Information Systems (IS) information, such as your search history, browsing history, login information, and IP addresses on the Company's information systems and networks.
      • Biometric information, such as facial recognition, fingerprints, iris or retina scans, keystroke, or other physical patterns.
      • Geolocation data, such as time and physical location related to use of an internet website, application, device, or physical access to a Company office location.
      • Sensory or surveillance information, such as COVID-19-related temperature checks and call monitoring and video surveillance.
      • Protected information categories listed in the California Customer Records statute (Cal. Civ. Code § 1789.80(e)), such as name, signature, SSN, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information, understanding that some personal information included in this category may overlap with other categories.
      • Protected classification characteristics under California and federal law, such as age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, and genetic information (including familial genetic information).
      • Profile or summary about an applicant/employee’s preferences, characteristics, attitudes, intelligence, abilities, and aptitudes.
      • Sensitive Information, such as Social Security, driver’s license, state identification card, or passport number; account login, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; racial or ethnic origin, religious or philosophical beliefs, and genetic data.

         The Company collects Personal Information to use or disclose as appropriate to:

    • Comply with all applicable laws and regulations.
    • Recruit and evaluate job applicants and candidates for employment.
    • Conduct background checks.
    • Manage your employment relationship with us, including for:
      • Onboarding processes;
      • Timekeeping, payroll, and expense report administration;
      • Employee benefits administration;
      • Employee training and development requirements;
      • The creation, maintenance, and security of your online employee accounts;
      • Reaching your emergency contacts when needed, such as when you are not reachable or are injured or ill;
      • Workers’ compensation claims management;
      • Employee job performance, including goals and performance reviews, promotions, discipline, and termination; and
      • Other human resources purposes.
    • Manage and monitor employee access to company facilities, equipment, and systems.
    • Conduct internal audits and workplace investigations.
    • Investigate and enforce compliance with and potential breaches of Company policies and procedures.
    • Engage in corporate transactions requiring review of employee records, such as for evaluating potential mergers and acquisitions of the Company.
    • Maintain commercial insurance policies and coverages, including for workers' compensation and other liability insurance.
    • Perform workforce analytics, data analytics, and benchmarking.
    • Administer and maintain the Company's operations, including for safety purposes.
    • For client marketing purposes.
    • Exercise or defend the legal rights of the Company and its employees, and affiliates, customers, contractors, and agents.

    Do Not Sell or Share My Personal Information
    We do not sell or share (in the context of cross-behavioral advertising which means the targeting of advertising to a consumer based on the consumer’s personal information obtained from the consumer’s activity across businesses including distinctly-branded websites, applications, or services) your Personal Information, including sensitive personal information, and have not in the immediate 12 months. If we do, you will be notified of it prior to or at the point of such collection for those purposes and provided a link to opt-out of the selling/sharing of your personal information.

    Your Privacy Rights
    You have the following rights under applicable California law in relation to your Personal Information, subject to certain exceptions: 

    • Right to Know: You have the right to, up to twice in a 12-month period, request what Personal Information we collect, use, disclose, share, and/or sell, as applicable.
    • Right to Delete: You have the right to request the deletion of your Personal Information that is collected by us.
    • Right to Opt-Out of Sale: You have the right to opt-out of the sale or sharing of your Personal Information by a business. However, as noted above, we do not currently sell or share any Personal Information.
    • Right to Non-Discrimination: You have the right not to receive discriminatory treatment for the exercise of the privacy rights described above.
    • Right to Correct: You have the right to correct inaccurate Personal Information that we maintain about you.    

    You may submit a request to delete, correct, and/or to know by contacting us at 800.832.7368, or by emailing us at ca-data-request@morleynet.com, subject “California Data Subject Request.” Once we receive your request, we will follow up in no later than 10 days, confirm receipt of your request, and request information about you that we have collected, as set forth above, to allow us to verify your identity to ensure that you are submitting a request on behalf of who you say you are. You can also have an authorized representative submit a request on your behalf, but we must have proof that the person is indeed your authorized representative by seeing an authorization document that you have signed. This can include a Power of Attorney or other similar authorizing document.

    For purposes of requests to delete, correct and to know, we will verify your identity based on information we have collected about you, including your name, address, and phone number, but will not fulfill your request unless you have provided sufficient information that enables us to reasonably verify that you are the consumer about whom we collected the personally identifying information on. If we are unable to verify your identity, we may deny your request.

    We will respond to your request within 45 days after receipt of your request for a period covering 12 months and for no more than twice in a 12-month period. We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided that consumer notification of the extension is made within the first 45 days. We will give you notice of the reason for this additional time needed to process our request.

    We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

    These rights are also subject to various exclusions and exceptions under applicable laws.

    We may also have to delay complying with a request to delete with respect to data stored on an archived or backup system until such time as that system is restored to an active system or is next accessed or used for sale, disclosure or commercial purpose.

    We currently do not collect household data. If we receive a Right to Know or Right to Delete request submitted by all members of a household, we will individually respond to each request. We will not be able to comply with any request by a member of a household under the age of 13 as we do not collect personally identifying information from any person under the age of 13.

    • Children Under the Age of 13: Our Service, including use of the Website, is not intended for children under 13 years of age. No one under age 13 may provide any personal information to or on the Website. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on this Website or on or through any of its features, register on the Website, use any of the interactive or public comment features of this Website or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at privacy@morleynet.com.

    Your Choices & Rights

    If you choose not to provide personal information, you may be unable to access or use the Service as we simply may not be able to perform required functions.

    User Data Subject Rights (EEA Visitors Only)

    The EU General Data Protection Regulation (“GDPR”) became effective in the European Union as of May 25, 2018. In preparation for the GDPR, we reviewed our internal processes and put policies and procedures in place to attempt to meet the requirements and standards of the GDPR and any relevant data protection laws.

    We are not established in the EEA; however, the following apply to individuals whose personal information is processed in the EEA to allow those individuals to understand and enforce their data protection rights.

    Our legal basis for collecting and using your personal information will be our legitimate interest where the processing is in our, or a third party’s, legitimate interests and not overridden by your data protection interests, or fundamental rights and freedoms. These interests are to provide you with access to the Service; to send you information you have requested; to ensure the security of our Service by trying to prevent unauthorized or malicious activities; or, to enforce compliance with our terms of use, contracts and other policies.

    EEA Users have the following rights:

    • You can request access, correction, updates or deletion of your personal information.
    • You can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information.
    • If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
    • You have the right to withdraw your consent to our collection and/or processing of your information at any time by contacting us.
    • You have the right to complain to a data protection authority about our collection and use of your personal information. Contact details for data protection authorities in the EEA, Switzerland and certain non-European countries (including the U.S. and Canada) are available.
    • When the processing of your personal data is for direct marketing purposes, you have the right to object to subject processing.

    To exercise any of your data subject rights, please contact us at privacy@morleynet.com. We will respond to your request without undue delay, and, in any event, within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests we receive. If we take an extension, we shall inform you within one month of our receipt of the original request, together with the reasons for delay.

    In the event your personal data that we collected was subject to a Personal Data Breach (defined below), we will notify you and competent Supervisory Authority(ies) within 72 hours by email with information about the extent of the breach, affected data, any impact, and our plan for measures to secure the data and limit any possible detrimental effect on you. A “Personal Data Breach” is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed.

    Information Security & Technical & Organizational Measures

    The Company takes the privacy and security of individuals and their personal information very seriously, and we take every reasonable measure and precaution to protect and secure the personal data that we process. We have robust information security policies and procedures in place to protect personal information from unauthorized access, alteration, disclosure or destruction and have several layers of security measures, including:

    • Encryption using certificates from trusted certificate authorities
    • Security by design
    • Edge and internal firewalls to segregate roles
    • Segregation of datasets
    • Physical and digital access controls
    • A complex passphrase policy
    • Off-site backups
    • Regular patch cycle and reporting
    • Regular penetration and vulnerability testing by external specialists

    Effective Date: February 15, 2019
    Last Modified: December 22, 2022