Morley Companies, Inc. is a corporation incorporated under
the laws of the State of Michigan, with its head office at One Morley Plaza,
Saginaw, Michigan 48603 in the United States of America.
the “Company,” “we,” “our,” and “us” mean Morley Companies, Inc. Morley owns
and operates the website at www.morleycompanies.com (the “Website”) and has
three business units: Business Process Outsourcing, Meetings & Incentives,
and Exhibits & Displays. “Service” refers to any of the services of these
business units, our interaction with current or potential clients or their
customers, employees, employment candidates, or other communications related to
Morley business and operations.
We reserve the right to change, modify, add or remove
use of this site or our Services following the posting of changes to this
Morley’s Chief Privacy Officer ensures that obligations
those in the United States, Canada, the European Union (“EU”), the European
Economic Area (“EEA”) and Australia, are observed.
This statement explains what we do with your personal
information when you visit our Website, when you register to use our Service
and when you communicate with us.
If you have questions about our collection, use or
disclosure of your personal information, or if you want to exercise your
rights, explained further below, you can contact our Chief Privacy Officer by
emailing firstname.lastname@example.org or by writing to us at One Morley
Plaza, Saginaw, MI 48603, Attn: Privacy Officer.
We may collect and process the following information about
Information you give us: You may give us information
about you by filling out the registration form on our registration site or by
corresponding with us by phone, email, chat, via our Website or otherwise. This
includes information you provide when you register for our Service. The
information you give us may include:
Information we receive from third parties: We may
obtain information from third parties, such as an employer assisting us and our
client with a marketing research study. If we reached out to you to invite you
to register for our Service, it may have been because your employer or another
entity gave us your contact information to do so. Your employer or that entity
did so because they thought you would be interested in our Service or they
specifically wanted you to register for our Service for a business-related purpose
or travel experience. We also may have contacted you for business
opportunities, recruitment purposes, or other operational purposes.
Log files: As you navigate through and interact with
our Website, we automatically collect information about your computer hardware
and software. This information can include your IP address, browser type,
domain names, internet service provider (ISP), the files viewed on our site
(e.g., HTML pages, graphics, etc.), operating system, clickstream data, access
times and referring website addresses. We use this information for the
operation of the Service, to maintain quality of the Service and to provide
general statistics regarding use of the Website. For these purposes, we do link
this automatically collected data to personal information such as name, email
address, address and phone number.
Tracking technologies and advertising: You can set your
browser to refuse all or some browser cookies, or to alert you when cookies are
being sent. To learn how you can manage your Flash cookie settings, visit the
Flash player settings page on Adobe’s website. If you disable or refuse
cookies, please note that some parts of this site may then be inaccessible or
not function properly. This type of technology includes the following:
We are also responsible for all personal information that we
provide to subcontractors/processors and agents for processing to help us in
serving our clients. It is the responsibility of the Morley staff person
proposing or supervising such activities to ensure that the written contract
with the outside party will afford a comparable level of protection while the
personal information is being processed by such third party.
In some cases, that will require the third party to enter
into a separate contract with us, e.g., a Data Processing Agreement that
ensures their processing of your information is compliant with all relevant and
applicable laws as they may be applicable to you. Further provisions may
include the return of all personal information to us upon completion, an
agreement not to use such information except for our purposes, and the
destruction of any remaining records in the possession of the third party.
Finally, the third party must agree to advise Morley
immediately of any concerns or objections expressed by individuals, and of any
Care shall be taken to select only contractors, processors
or other third parties who can guarantee the technical and organizational
requirements and security provisions necessary for the processing.
We use the information we collect only in compliance with
We will never sell your personal information to any third
In addition to the uses identified elsewhere in this Privacy
Policy, we may collect, use or otherwise hold information to facilitate
communication and delivery of our Service that you have given us information
for in order for us to provide the Service and/or to perform our contract
obligations with our clients, which are likely your employer, your
spouse/partner’s employer, or a company with which you do business.
In addition, we may process your information and information
about you for the following purposes:
The collection of personal information shall be limited to
that which is necessary for the purposes identified above.
If you are a visitor/customer located in the EEA, our legal
basis for collecting and using the personal information described above will
depend on the personal information concerned and the specific context in which
we collect it. However, we will normally collect personal information from you
only where we have your consent to do so, where we need the personal
information to perform a contract with you, where it is necessary to protect
your vital interests or those of another person, or where the processing is in
our legitimate interests and not overridden by your data protection interests
or fundamental rights and freedoms. In some cases, we may also have a legal
obligation to collect personal information from you.
If we ask you to provide personal information to comply with
a legal requirement or to perform a contract with you, we will make this clear
at the relevant time and advise you whether the provision of your personal
information is mandatory or not (as well as of the possible consequences if you
do not provide your personal information). Similarly, if we collect and use
your personal information in reliance on our legitimate interests (or those of
any third party), we will make clear to you at the relevant time what those
legitimate interests are.
We may share non-personally identifiable information, such
as aggregated user statistics, with third parties. We do not share your
personal information with third parties for third-party marketing purposes, or
We may share the information we have collected about you,
including personal information, as disclosed at the time you provide your
information and in the following circumstances:
Internally with our employees/agents: We will share
your information with our employees/agents who are responsible for providing
you the Service in line with the scope of their employment/agency with us.
Third parties providing services on our behalf: We
share your personal information with third parties, such as payment processors,
excursion companies, hotel/lodging accommodations, vendors, etc., to allow them
to provide you the Service as they are specific to their particular role. For
example, we share your payment information with payment processors to allow
them to charge your relevant debit/credit account for the Service. We share
your name information with hotel/lodging and accommodation entities and
excursion companies to allow them to reserve you a room/space in their
hotel/lodging facility and/or on their excursion, as relevant. This information
is shared for the sole purpose of allowing us to provide you the Service. These
companies are bound by contractual obligations to keep personal information
confidential and use it only for the purposes for which Morley discloses it to
them. We may use: (a) third-party analytics service providers and (b)
ad-serving platforms, such as Google and Facebook, which may set and access
their own cookies and web beacons on your device. These parties may have access
to usage information. They may also have access to pseudonymous or anonymous
information about you (such as a unique identification number), which may be
combined or associated with information from other sources to identify you.
Where we use subcontractors/processors to provide the
Service: Any such subcontractor/processor will only use your personal
information for the purposes of providing services to us and will have no right
to use your personal information for its own purposes or to share or otherwise
disclose your personal information. We use third-party payment processing
services when you make payment through our site. We do not have access to any
credit card or other financial information processed by the third party.
Business transfer: We reserve the right to disclose
and transfer all information related to the Service, including, without
limitation, your personal information, demographic information and usage
information: (i) to a subsequent owner, co-owner or operator of the Service or
applicable database; or (ii) in connection with a corporate merger,
consolidation, restructuring, the sale of substantially all of our stock and/or
assets or other corporate change, including, without limitation, during the
course of any due diligence process.
Legal obligations: If we are under a duty to disclose
or share your personal data in order to comply with any legal obligation, or in
the rights, property, or safety of the Company, our customers, or others. This
includes exchanging information with other companies and organizations for the
purposes of fraud protection and credit risk reduction.
Compliance: Where we are requested to provide
information by authorized third parties or regulatory or governmental agencies
investigating illegal activities.
Emergency: Where we believe that an emergency,
illegal activity or some other reasonable basis exists for notifying the
Company collects Personal Information to use or disclose as appropriate to:
Do Not Sell or Share My Personal Information
We do not sell or share (in the context of cross-behavioral advertising
which means the targeting of advertising to a consumer based on the consumer’s
personal information obtained from the consumer’s activity across businesses
including distinctly-branded websites, applications, or services) your Personal
Information, including sensitive personal information, and have not in the
immediate 12 months. If we do, you will be notified of it prior to or at the
point of such collection for those purposes and provided a link to opt-out of
the selling/sharing of your personal information.
Your Privacy Rights
You have the following rights under applicable California law in relation
to your Personal Information, subject to certain exceptions:
You may submit a request to delete, correct, and/or to know by contacting
us at 800.832.7368, or by emailing us at email@example.com, subject
“California Data Subject Request.” Once we receive your request, we will follow
up in no later than 10 days, confirm receipt of your request, and request
information about you that we have collected, as set forth above, to allow us
to verify your identity to ensure that you are submitting a request on behalf
of who you say you are. You can also have an authorized representative submit a
request on your behalf, but we must have proof that the person is indeed your
authorized representative by seeing an authorization document that you have
signed. This can include a Power of Attorney or other similar authorizing
For purposes of requests to delete, correct and to know, we will verify your
identity based on information we have collected about you, including your name,
address, and phone number, but will not fulfill your request unless you have
provided sufficient information that enables us to reasonably verify that you
are the consumer about whom we collected the personally identifying information
on. If we are unable to verify your identity, we may deny your request.
We will respond to your request within 45 days after receipt of your request
for a period covering 12 months and for no more than twice in a 12-month
period. We reserve the right to extend the response time by an additional 45
days when reasonably necessary and provided that consumer notification of the
extension is made within the first 45 days. We will give you notice of the
reason for this additional time needed to process our request.
We do not charge a fee to process or respond to your verifiable consumer
request unless it is excessive, repetitive, or manifestly unfounded. If we
determine that the request warrants a fee, we will tell you why we made that
decision and provide you with a cost estimate before completing your request.
rights are also subject to various exclusions and exceptions under applicable
We may also have to delay complying with a request to delete with respect to
data stored on an archived or backup system until such time as that system is
restored to an active system or is next accessed or used for sale, disclosure
or commercial purpose.
We currently do not collect household data. If we receive a Right to Know or
Right to Delete request submitted by all members of a household, we will
individually respond to each request. We will not be able to comply with any
request by a member of a household under the age of 13 as we do not collect
personally identifying information from any person under the age of 13.
If you choose not to provide personal information, you may
be unable to access or use the Service as we simply may not be able to perform
The EU General Data Protection Regulation (“GDPR”) became
effective in the European Union as of May 25, 2018. In preparation for the
GDPR, we reviewed our internal processes and put policies and procedures in place
to attempt to meet the requirements and standards of the GDPR and any relevant
data protection laws.
We are not established in the EEA; however, the following
apply to individuals whose personal information is processed in the EEA to
allow those individuals to understand and enforce their data protection rights.
Our legal basis for collecting and using your personal
information will be our legitimate interest where the processing is in our, or
a third party’s, legitimate interests and not overridden by your data
protection interests, or fundamental rights and freedoms. These interests are
to provide you with access to the Service; to send you information you have
requested; to ensure the security of our Service by trying to prevent
unauthorized or malicious activities; or, to enforce compliance with our terms
of use, contracts and other policies.
EEA Users have the following rights:
To exercise any of your data subject rights, please contact
us at firstname.lastname@example.org.
We will respond to your request without undue delay, and, in any event, within
one month of receipt of the request. That period may be extended by two further
months where necessary, taking into account the complexity and number of the
requests we receive. If we take an extension, we shall inform you within one
month of our receipt of the original request, together with the reasons for
In the event your personal data that we collected was
subject to a Personal Data Breach (defined below), we will notify you and
competent Supervisory Authority(ies) within 72 hours by email with information
about the extent of the breach, affected data, any impact, and our plan for
measures to secure the data and limit any possible detrimental effect on you. A
“Personal Data Breach” is a breach of security leading to the accidental or
unlawful destruction, loss, alteration, unauthorized disclosure of or access to
personal data transmitted, stored or otherwise processed.
The Company takes the privacy and security of individuals
and their personal information very seriously, and we take every reasonable
measure and precaution to protect and secure the personal data that we process.
We have robust information security policies and procedures in place to protect
personal information from unauthorized access, alteration, disclosure or
destruction and have several layers of security measures, including:
Effective Date: February 15, 2019
Last Modified: December 22, 2022