Policy Effective as of: August 1, 2020
Our Policy can be summarized as follows:
We may collect some information about you, as described in this Policy, but you control how much you share about yourself.
We will not sell your personal information to third parties.
We will share your personal information with our vendors and suppliers only to the extent necessary for us to provide the Services and subject to their agreement to protect your information.
We may collect, use and share aggregate, anonymous information about our users.
In certain legal situations, we may be compelled to disclose your personal information.
If you are outside the United States, you understand and agree that we may store your information in the United States.
We participate in, and comply with, the EU-US Privacy Shield Principles and the Swiss-US Privacy Shield Principles (the “Privacy Shield Principles”) regarding the collection, use, sharing, and retention of personal information from the European Union and Switzerland.
Your personal information may be processed in the country where it was collected as well as other countries (including the United States) where laws regarding processing of personal information may be less stringent than the laws in your country. By uploading personal information to the services you warrant that you have the right to transfer such information outside your country and into the United States.
POLICY TOWARD CHILDREN
Our Services are not directed to children under 13, and we do not knowingly collect PII from children under 13. If we learn that we have collected PII of a child under 13, we will take steps to delete such information from our files as soon as possible.
INFORMATION WE COLLECT
If you visit our Site, you may choose to provide us with your first and last name, company name, email address and phone number in order to obtain information about our Services. We collect this information only for our internal marketing purposes and will not share this information with third parties. We also collect records and copies of your correspondence (including email addresses), if you contact us.
Talmetrix provides survey hosting services for its customers and collects third party responses on behalf of those customers (“Talmetrix Customer”). If you choose to respond to a survey hosted on the Services, you may provide us with certain information included in your survey responses and Social Feedback responses (“Survey Responses”). Please be aware that your survey responses may include sensitive personal information that you are only sharing upon your express consent. You may also choose to provide us with personal information such as your name, email address, address, location or other demographics (“Demographic Information”). Unless otherwise provided, we will disclose Survey Responses to Talmetrix Customers without including your Demographic Information. Please be advised, however, that it may be possible that the Talmetrix Customer may be able to determine your identity based on the information you include in your survey responses.
We will in some cases, associate Demographic Information with Survey Responses before disclosing the information to the Talmetrix Customer, however, you will be informed of this before you respond to the survey. If you don’t want your Demographic Information associated with your Survey Responses and provided to the Talmetrix Customer, then you should not respond to the survey in question.
The Talmetrix Customer may use and disclose your Survey Responses and, where applicable, your Demographic Information subject to their internal policies. Before you participate in any survey please review the privacy practices of the Talmetrix Customer administering the survey. If you do not feel comfortable sharing your information subject to the privacy practices of the Talmetrix Customer administering the surveys please do not participate in the survey.
If you register to use the Services, we will collect, you may voluntarily give us certain information about yourself, your organization and your employees. This can include name, username, email address, city, state, and any other information you provide us. If you receive third party Survey Responses and/or Demographic Information from your use of the Services, you expressly agree to use the information only for its legitimate business purposes.
Talmetrix provides data collection, processing, and reporting on behalf of our customers. The information typically collected is organization level data which is used in aggregate to present benchmark (comparison) results of your individual company data to aggregated company data, and organization reporting data..
Your data is subject to our data security policy, and will not be shared with 3rd party vendors with the exception of the customer, data collection partners (listed in the Analytics section of this document), and at an aggregate level to provide benchmarking data.
Information Collected Using Cookies and other Web Technologies.
“Web Beacons” (also known as clear gifs) are tiny graphics with a unique identifier that may be included on our Services for several purposes, including to deliver or communicate with Cookies, to track and measure the performance of our Services, to monitor how many visitors view our Services, and to monitor the effectiveness of our advertising. Unlike Cookies, which are stored on the user’s hard drive, Web Beacons are typically embedded invisibly on web pages (or in an email).
“APIs” or application programming interfaces are software components that enable our Services to communicate with third-party services. We may use APIs to enable our Services to communicate with and gather information from third-party services, such as single sign on (SSO) services, used by our users.
Log Data. Our servers automatically record certain information about how users use our Services (we refer to this information as “Log Data”). Log Data may include information such as a user’s Internet Protocol (IP) address, browser type, operating system, the web page that a user was visiting before accessing our Services, the pages or features of our Services to which a user browsed and the time spent on those pages or features, search terms, the links on our Services that a user clicked on, comments and other communications conducted over our Services, information from other third party products and services that we enable users to connect to their Accounts and other statistics. We use this information to administer the Services, and we analyze (and may engage third parties to analyze) this information to improve and enhance the Services by expanding their features and functionality and tailoring them to our users’ needs and preferences. We may combine the Log Data with other information we collect about you. We do this to improve our Services or to improve marketing, analytics, or functionality. We may use a person’s IP address to fight spam, malware and identity theft. We also use the IP Address to generate aggregate, non-identifying information about how our Services are used. We may combine this automatically collected log information with other information we collect about you. We do this to improve the services we offer you or to improve marketing, analytics, or Site functionality.
Location Information. We do not ask for, access or track any location based information from your device at any time while using our App or Services.
We use third-party analytics services, such as Google Analytics, Hubspot, SendGrid, and Segment.io, to collect and analyze the non-personally identifiable information described above. These analytics services use the visitor tracking technology we have described above, such as a Cookie, tracking pixel or other mechanism to collect, use, share and store our users’ data.
Our other Links to our other partner’s privacy policies are provided here:
USE OF INFORMATION
We use the information we collect to provide you full access and functionality of the Services. Accordingly, your information may be used for the following purposes: (i) to provide and improve our services, features and content; (ii) to administer your use of our services and accounts; (iii) to enable users to enjoy and easily navigate the Services; (iv) to better understand your needs and interests; (v) to fulfill requests or to respond to questions or comments you may make; (vi) to personalize your experience; (vii) to provide you with announcements, notifications and advertisements related to your interests and use of the Services and other communications such as electronic newsletters, promotional emails or similar messaging; (viii) to provide service announcements; (ix) to protect against users seeking to hack into the Services; (x) to assess the level of general interest in the Services and (xi) for any other purpose with your consent.
Talmetrix does not process personal data other than to the extent such processing is necessary to achieve the legitimate business purposes.
WHAT INFORMATION DO WE SHARE WITH THIRD PARTIES?
We will not share any PII that we have collected from you except as described below:
Information Shared with Our Services Providers. We may engage third party service providers to work with us to administer and provide the Services. These third-party services providers have access to your PII only for the purpose of performing services on our behalf. Third party service providers are contractually obligated not to share and/or use your PII outside of the scope of the agreement we have in place.
Non-PII Shared with Third Parties
We may share aggregated information and non-identifying information with third parties, including other users, to enhance the effectiveness of our Services and for industry research and analysis, demographic profiling, benchmarking, and other similar purposes. For example, we may share aggregated, non-identifying user or organizational information with other Talmetrix Customers to enable them to compare their organization’s metrics (e.g., survey response rates) with organizations of similar size and/or industry.
Information Shared with the Talmetrix Customer
As described above, Survey Responses will be provided to the Talmetrix Customer that commissioned the survey. In some cases, if the survey respondent expressly consents, Demographic Information will be combined with Survey Responses before being disclosed to the Talmetrix Customer.
Information Disclosed in Connection with Business Transactions
Information that we collect from our users, including PII, is considered to be a business asset. As a result, if we go out of business or enter bankruptcy or if we are acquired as a result of a transaction such as a merger, acquisition or asset sale, your PII may be disclosed or transferred to the third-party acquirer in connection with the transaction. You acknowledge that such transfers may occur, and that any acquirer of Talmetrix may continue to use your information only as set forth in this policy
Information Disclosed for Our Protection and the Protection of Others
In certain situations, Talmetrix may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We cooperate with government and law enforcement officials or private parties to enforce and comply with the law. We may disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate: (i) to respond to claims, legal process (including subpoenas); (ii) to protect our property, rights and safety and the property, rights and safety of a third party or the public in general; and (iii) to stop any activity that we consider illegal, unethical or legally actionable activity. Otherwise, we will not rent or sell potentially personally-identifying and personally-identifying information to anyone.
We may also disclose your PII if you expressly consent to the disclosure.
YOUR INFORMATION RIGHTS
European data protection laws give you certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:
Opt-out. Stop sending you direct marketing communications. You may continue to receive Service-related and other non-marketing emails.
Access. Provide you with information about our processing of your personal information and give you access to your personal information.
Correct. Update or correct inaccuracies in your personal information.
Delete. Delete your personal information.
Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
Restrict. Restrict the processing of your personal information.
Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.
You can submit these requests by email to firstname.lastname@example.org or our postal address provided below. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us at email@example.com or submit a complaint to the data protection regulator in your jurisdiction.
Upon request Talmetrix will provide you with information about whether we hold, or process on behalf of a third party, any of your personal information. To request this information please contact us at firstname.lastname@example.org.
If your personal information changes, or if you no longer desire our Services, you may correct, update, amend, delete/remove, ask to have it removed from a testimonial on our Site or deactivate it by calling us at +1 513.399.6301 or by postal mail at 35 East 7th Street, Suite 710, Cincinnati, OH 45202. We will respond to your request within a reasonable timeframe.
We will retain your information for as long as your Account is active or as needed to provide you Services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Survey Respondents and Administrators
Talmetrix collects information under the direction of Talmetrix Customers, and has no direct relationship with the individuals whose personal data it processes. If you are either a Survey Respondent or an Administrator and would no longer like to be contacted by the applicable Talmetrix Customer, please contact the Talmetrix Customer directly. In addition, if you want to correct, amend, or delete inaccurate PII you have provided in connection with a survey or in connection with your Administrator Account, you should direct your query to the Talmetrix Customer. If we are requested by the Talmetrix Customer to remove data, we will respond within a reasonable timeframe.
RETENTION OF YOUR INFORMATION
We will retain your PII that we process on behalf of the applicable Talmetrix Customer for as long as needed to provide Services to our Talmetrix Customer. We will retain this PII as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Benchmark participants' data is retained for 1-year from report generation, and paid benchmark customers’ data is retained for 3-years to provide trend data.
If you wish to subscribe to our newsletter(s), we will use your name and email address to send the newsletter to you. You may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails, or you can call us at +1.513.399.6301.
We display personal testimonials of satisfied users and customers on our Site in addition to other endorsements. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at email@example.com.
THE SECURITY OF YOUR INFORMATION
We take reasonable measures to protect the information that we collect from or about you (including your PII) from unauthorized access, use or disclosure. For example, we require the use of a secure server for the Site and Services. All PII supplied by you to us via the Services is transmitted via Secure Socket Layer (SSL) and the Site via a similarly secure technology. Please be aware, however, that no method of transmitting information over the Internet or storing information is completely secure. Accordingly, we cannot guarantee the absolute security of any information.
LINKS TO OTHER SITES
SOCIAL MEDIA WIDGETS
Our services include social media features, such as the Facebook “like button”, and widgets, such as the Share This button or interactive mini-programs that run on our Services. These features may collect your Internet protocol address, which page you are visiting on our Site, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our site. Your interactions with these features are governed by the privacy statement of the company providing such features.
Talmetrix participates in and has certified that it complies with the E.U. – U.S. and Swiss-US Privacy Shield Framework.
Talmetrix is committed to subjecting all human resources (HR) data and personal data other than HR data received from European Union (EU) member countries and Switzerland, in reliance on, and complies with, the EU-US and Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries.
Talmetrix has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. To view Talmetrix’s current self-certification, please visit https://www.privacyshield.gov/list.
Talmetrix is responsible for the processing of personal data it receives from the EU and Switzerland, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Talmetrix complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions. Talmetrix remains liable in accordance with the Privacy Shield Principles if third-party agents that we engage to process such personal data on our behalf do so in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Talmetrix is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Talmetrix may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=ANNEX-I-introduction, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
In compliance with the Privacy Shield Principles, Talmetrix commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Talmetrix at: Compliance Officer, firstname.lastname@example.org
Talmetrix has further committed to refer unresolved Privacy Shield complaints to The International Centre for Dispute Resolution (ICDR), which is the international division of the American Arbitration Association (AAA) an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit http://go.adr.org/privacyshield.html for more information or to file a complaint. The services of ICDR-AAA are provided at no cost to you
Talmetrix maintains best-in-class information security processes and systems. All Talmetrix employees and contractors are required to sign an NDA and complete security training, initially within 30 days of employment and on-going annually for the term of employment or the contract. Access to Talmetrix data is restricted to Talmetrix managed and configured devices and devices inspected annually to ensure security standards are met. PII data is prohibited from being stored on mobile devices without explicit consent from Talmetrix’s Chief Technology Officer (CTO). Work stations are secured when unattended and Talmetrix is located in a secured building. Communication networks are administered and monitored by Talmetrix. Talmetrix accesses the Internet through a secured router, the access credentials of which are only shared with authorized individuals. Passwords used to access Talmetrix systems and data use high standards for complexity and security. Multi-factor authentication is required to access all mission-critical systems. Talmetrix contracts a third-party security vendor to perform quarterly vulnerability scans via automated appliance, the findings of which are reviewed and issues remediated within seven days, or immediately if critical.
In addition to employing strong information security policies, Talmetrix also utilizes industry best practices for securing, transmitting and processing data. Talmetrix utilizes Amazon Web Services (AWS) to provide web application hosting in a secure, scalable and redundant environment. Data encryption happens on several levels within the application in order to keep data safe. All data communications between the customer’s browser and Talmetrix web servers are encrypted via SSL. Data transferred between Talmetrix servers are encrypted using SSL technology where possible. All data stored “at rest” resides on encrypted volumes. Talmetrix uses industry standard SSL technology utilizing TLS 1.1 & TLS1.2 security and AES 128 encryption to encrypt all data transmissions to and from Talmetrix servers. SSL technology is used on all Talmetrix systems, including development and testing environments. Network security is maintained in several layers via segregation, along with file change monitoring, Web Application Firewalls (WAF) and proxies.
CHANGES TO THIS POLICY
35 East 7th Street, Suite 710
Cincinnati, OH 45202