- What is Personal Information?
- Our Collection of Personal Information
- Sources of Personal Information
- Our Use of Personal Information
- Our Disclosure/Share of Personal Information
- Description of Personal Information Practices
- Product-Specific Information
- Retention of Personal Information
- Children’s Personal Information
- Links to Third-Party Websites or Services
- Your Privacy Rights
- How to Make a Privacy Rights Request
- Complaints and Appeals
- International Transfers
- Contact Us
What is Personal Information?
Since we are a B2B organization, the majority of personal information that we process belongs to our customers’ own consumers. Our Services process personal information on behalf of our customers, for fraud prevention and/or compliance purposes, subject to restrictions in our contracts with them.
- How our customers themselves process personal information.
- To obtain a copy of your employee/contractor privacy notice, please see the latest version available on Be/Organized.
- If you are a former employee or contractor, please contact IDology_DPO@gbgplc.com
- Job applicants.
Our Collection of Personal Information
The type of information we collect from you will depend on how you interact with us. For example, if you are visiting our site, we will collect personal information directly from you. However, we may also collect information on you from our customers and our data and technology suppliers (“Suppliers“) when providing our Services.
Categories of Personal Information Collected from Site Visitors and our B2B Customer Account Holders
We may collect the following categories of personal information:
- Contact Information, including first and last name, email address, mailing address, employer, job title, company name, phone number and communication preferences.
- Inquiry Information, that you submit to us via custom messages, forms, or email.
- Account Information, including full name, employer, job title, email address, username and password, profile information, account balances, payment and purchase history information, and any other information you provide to us, our customers, or other third parties (e.g., we utilize a third-party service provider to process payments on our behalf).
- Survey Information, including information provided through testimonials.
- Event Information, including registration information, attendee badge information, and contact information.
Personal Information Automatically Collected for Marketing and Advertising Purposes
Please note that we do engage in the sharing of personal information, but only if you choose to opt-in. If you chose to opt-in and want to update your preferences to opt-out of the sharing of any cookies that are not strictly necessary, please use our Cookie Preference Center.
We may also collect personal information about B2B individuals, such as contact information, employment-related information, and interest-in-services information, from various marketing vendors. We may combine this information with the information we collect from an individual directly. We may use this information to contact individuals, to send advertising, for promotional materials, to personalize our Services, and to better understand the demographics of the individuals with whom we interact.
Sources of Personal Information
We may collect personal information from the following categories of sources:
- Information you Provide directly to us: if you create an account with us, subscribe to marketing communications, use any of our chat features, purchase our Services, download our software, use our support offerings, email us, or participate or interact with us in any of our events.
- Your Employer / Company: If you interact with our Services through your employer or company, we may receive your information from your employer or company (for B2B purposes).
- Business Partners: We may receive your information from our business partners who purchase our Services to resell or integrate them into their own.
- Service Providers: Our service providers that perform services solely on our behalf, such as survey and marketing providers, and often share some or all of this information with us.
- Information Providers: We may from time to time obtain information from third-party information providers/data suppliers to correct or supplement personal information we collect.
Our Use of Personal Information
We use personal information for the following purposes:
- Fulfill or meet the reason the information was provided, such as to fulfill our contractual obligations, to perform our Services, and to process transactions;
- Manage our organization and its day-to-day operations;
- Market or communicate with B2B individuals;
- Request individuals provide feedback about our organization, partners, and Services;
- Administer, improve and personalize our Services;
- Process payment for our Services via our third-party service providers;
- Facilitate client benefits and services, including customer support through our command center services;
- Identify and analyze how individuals use our Site and Services;
- Conduct research and analytics on our client base and our Services;
- Improve and customize our Services to address the needs and interests of our client base and other individuals we interact with;
- Test, enhance, update and monitor the Services, develop new Services, or diagnose or fix technology problems;
- Help maintain the safety, security and integrity of our property, Services, technology assets and business;
- Evaluate your candidacy for employment, to communicate with you during the application process and to facilitate the onboarding process, if you are applying for employment.
- Defend, protect or enforce our rights or applicable contracts and agreements;
- Prevent, investigate, or provide notice of fraud, unlawful or criminal activity; and
- Comply with legal obligations.
Legal Basis for Processing
If you are based in a jurisdiction that requires legal grounds for us to be able to process your personal information, we process your information on the following grounds:
- Compliance with a legal obligation.
- For our or our customers’ legitimate interests (subject to balancing test), such as to market to you (B2B) and perform analytics, to answer any queries you may have, to improve our products and services; to otherwise support our business, operations, and Services; and prevent and/or address violations of our terms or policies.
- Protect your vital interests or those of another person.
- With your consent, for example, if you apply for a job with us and you elect to affirmatively consent to provide your ethnic background.
Our Disclosure/Share of Personal Information
We may disclose/share personal information as follows:
- Affiliates. We may share personal information with other companies owned or controlled by us, and other companies owned by or under common ownership as us.
- Your Employer / Company: If you interact with our Services through your employer or company, we may disclose your information to your employer or company.
- Survey Providers: We share personal information with third parties who assist us in delivering our survey offerings and processing the responses.
- Marketing Providers: We may coordinate and share personal information with our marketing providers in order to communicate with individuals about the Services we make available.
- Customer Service and Communication Providers: We may share personal information with third parties who assist us in providing our customer services and facilitating our communications with individuals that submit inquiries.
- Other Service Providers: We may also engage other third-party service providers that perform business or operational services for us or on our behalf, such as website hosting, infrastructure provisioning, IT services, analytics services, employment application-related services, cloud hosting services, payment processing services, and administrative services.
- Business Transaction or Reorganization: We may take part in or be involved with a corporate business transaction, such as a merger, acquisition, joint venture, or financing or sale of company assets. We may disclose personal information to a third party in connection with such corporate business transaction. Personal information may also be disclosed in the event of insolvency, bankruptcy, or receivership.
- Legal Obligations and Rights: We may disclose personal information to third parties, such as legal advisors and law enforcement:
- in connection with the establishment, exercise, or defense of legal claims;
- to comply with laws or to respond to lawful requests and legal process;
- to protect our rights and property and the rights and property of others, including to enforce our agreements and policies;
- to detect, suppress, or prevent fraud;
- to protect the health and safety of us and others; or
- as otherwise required by applicable law.
- Otherwise with Consent or Direction: We may disclose personal information about an individual to certain other third parties or publicly with their consent or direction. For example, with an individual’s consent or direction we may post their testimonial on our Site or other publications.
Description of Personal Information Practices
|Personal Information Categories||Sources of Personal Information||Business or Commercial Purpose for Collection||Have we Sold the Personal Information to Third Parties?||With Whom We “Share” (as defined in the CCPA) Personal Information|
Retention of Personal Information
We may retain personal information as required or permitted by applicable laws and regulations. Specifically, we retain information for our legitimate interests and essential business purposes (e.g., to provide, maintain and improve our Services, to comply with legal obligations, to exercise our legal rights and remedies, etc.).
We will retain B2B personal information for seven (7) years, or for as long as we reasonably deem necessary to fulfil our legal obligations or to exercise, defend or establish our rights.
Children’s Personal Information
While our Services are not intended for individuals under the age of eighteen, some of our customers may send us information on individuals under that age for certain types of processing, such as age gating for example. However, where required we contractually obligate our customers to obtain any consents or permissions that are necessary under applicable privacy law.
We do not knowingly collect or solicit personal information from children under the age of 13.
If you become aware that a child has provided personal information to us without permission, please contact us so we can promptly delete their information.
Links to Third-Party Websites or Services
Your Privacy Rights
Depending on your jurisdiction (in the US, this includes California, Virginia, Colorado, and Connecticut, you may have some or all of the following rights:
- The right to access/know your personal information – You have a right to know what personal information we hold on you and for what purpose we are processing your personal information. This is known as a Subject Access Request (SAR).
- The right to data portability – you can request that the personal information you have provided to us be ported to another organization, or be provided to you (to the extent technically feasible) in a readily useable format that allows you to transmit it yourself.
- The right to opt-out of sale of your personal information – you have the right to stop us from “selling” your personal information to third parties. You may use our Opt-Out Webform to do so.
- The right to withdraw consent – you can withdraw consent at any time.
- The right to erasure/delete – you can request that we remove your personal information from our systems.
- The right to restrict processing – you can request that GBG only process your personal information for the purposes you specify (applicable under GDPR) or limit processing of your sensitive personal data.
- The right to rectification/correction – you have the right to ask us to rectify/correct any information you believe is inaccurate. You may also have the right to ask us to complete information you think is incomplete.
- The right to No Discrimination – You have the right not to receive discriminatory or retaliatory treatment for exercising your privacy rights. This includes the right as an employee, applicant, or independent contractor to not be retaliated against for the exercise of your rights.
- The right to object to processing – you have the right to object to processing if we are able to process your information because the processing is in our legitimate interests (applicable under GDPR).
- The right to obtain information upon request on the balancing test we have carried out when determining we are able to rely on legitimate interest as our lawful basis for processing your personal information (applicable under GDPR).
Please keep in mind that if you’re subject to GDPR, some of these rights are subject to an internal assessment that one of the grounds thereunder is satisfied.
- If you are a resident of the State of Nevada, you may opt out of future sales of certain covered information that a website operator has collected or will collect about the resident. We do not currently sell covered information for monetary consideration, but you may still contact us on our webform to submit such a request.
- If you are a resident of the Sate of California:
- Shine the Light: California residents that have an established business relationship with us have rights to know how their information is disclosed to third parties for their direct marketing purposes under California’s “Shine the Light” law (Civ. Code §1798.83).
- The right to limit the use of sensitive information – you have the right to request that we limit our usage of you personal information to what is strictly necessary to perform our Services. However, we only use and disclose sensitive personal information that we collected for purposes specified in section 7027, subsection (m) of the CCPA regulations.
How to Make a Privacy Rights Request
You are not required to pay any charge for exercising your rights. We usually have one calendar month to respond, but this may vary depending on your location (for example, if you are in the US we have 45 days depending on your state of residence). If GBG are unable to comply with your request, we will provide you with an explanation.
Verification. Due to the confidential nature of your personal data, we may ask you to provide proof of identity when exercising the above rights to verify your identity, in accordance with applicable data privacy laws. This can be done by providing a copy of a valid identity document and is exercised for the purpose of ensuring that the individual making the rights request is in fact who they claim to be.
Authorized Agents. You may use an authorized agent to exercise your rights on your behalf. If you are making any of the requests above through an authorized agent, we will request written authorization from you and will seek to verify you as described above or we will accept a legal Power of Attorney. To make a request using an authorized agent, have your agent use our webform and upload documentation demonstrating authorization from you.
Complaints and Appeals
You have the right to complain to your local data protection/supervisory authority if you believe we have mishandled your request. Information about how to contact your local data protection authority is available here if you are subject to GDPR.
In the U.K., our regulator is:
The Information Commissioner’s office
Telephone number: 0303 123 113 or 01625 545 745
If you are a resident of a jurisdiction that allows you to appeal a decision we have made in connection with your attempt to assert a right under applicable Data Protection Laws, you may file an appeal of our decision by contacting us at IDology_DPO@gbgplc.com. Please ensure you provide us with the postal address in which you reside, accompanied with details for the basis of your appeal.
Your jurisdiction may allow you to file a complaint regarding any concerns with the result of your appeal request. US residents may file a complaint as follows:
International Transfers of Your Personal Information. The personal information we collect may be transferred to and stored in countries outside of the jurisdiction you are in where we and our third-party service providers have operations, including in the United States. For example, if you are accessing our website from the EEA, your Personal Information will be processed outside of the EEA in the US.
Security. We implement appropriate technical and organizational measures to protect your personal information against accidental or unlawful destruction, loss, change or damage.
In the event of a cross-border data transfer, we ensure that: (i) the personal information is transferred to countries recognized as offering an equivalent level of protection; or (ii) the transfer is made pursuant to appropriate safeguards, such as standard data protection clauses adopted by the European Commission.
Alternatively, inquiries may be made to: