Please remember that this Policy applies only to information collected through the Sites. This Policy does not apply to information collected through the websites we operate for our customers. Our customer websites display their own privacy policies.
It is also important to note that the Sites may contain links to third-party websites. This Policy does not apply to the privacy practices of such third-party websites. We encourage you to review the terms and policies on these websites before providing any personal information to them.
EU-US and Swiss-US Privacy Shield Privacy Statement
Globoforce Inc. complies with the EU-U.S. Privacy Shield framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries (including from Globoforce Limited) and Switzerland to the United States. Globoforce Inc. has certified that it adheres to the Privacy Shield Privacy Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement and liability.
This means that Globoforce Inc. remains accountable, as described in the Privacy Shield Principles and in this Policy, for personal information that it receives under the Privacy Shield and subsequently transfers to a third party (unless Globoforce Inc. proves that it is not responsible for the event giving rise to the damage). If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
International Data Transfers
Globoforce is a global business with headquarters in Ireland and in the US. Globoforce may transfer personal information to countries other than the country in which the data was originally collected from you and/or was provided to us. These countries may not have the same data protection laws as the country in which you initially provided the information. However, when we transfer your personal information to other countries, we will protect that information in accordance with applicable law. The principal ways in which we protect information is through the use of EU-approved “model contract clauses” or through our certifications to the EU-US Privacy Shield (governing transfers from the EU to the US) and the Swiss-US Privacy Shield (governing transfers from Switzerland to the US).
Type of Information Collected
We collect two types of information: personal information and non-personal information.
As used in this policy, personal information is information that identifies you or can be used in combination with other information to identify or contact you and may include your name, address, email address, telephone number, internet protocol address or billing information. Such information may be collected on our Sites when you:
Non-personal information is information that cannot be used to identify or contact you, such as demographic information regarding, for example browser types, domain names, and other anonymous statistical data involving the use of our Site.
The Use of Information
Some of the ways we use your personal information are as follows:
Legal Basis for Processing
We only keep and process the personal information where we have a valid legal basis to do so. The legal basis for collecting and using the personal information described above will depend on the information collected and the way in which we use it. The bases which we rely on are as follows:
If you have questions or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided below.
Disclosure of Information to Third Parties
Globoforce will share personal information with third parties to the extent required to fulfill the purposes set forth herein, including to contracted service providers so that they may provide certain services on our behalf (for example, credit card processing services, or an event management portal). With your consent, Globoforce may also share personal information you provide to us as part of an event or conference registration process with event sponsors that wish to connect with you. Where required, Globoforce requires that these third parties guarantee equivalent levels of protection as applied by Globoforce when handling personal information.
We may provide third parties information about you that does not allow you to be identified or contacted, including where such information is combined with similar information of other users of our Sites. For example, we might inform third parties regarding the number of unique users who visit our Sites, the demographic breakdown of our community users of our Sites or the activities that visitors to our Sites engage in while on our Sites. The third parties to which we may provide this information may include potential or actual advertisers, providers of advertising services (including website tracking services), commercial partners, sponsors, licensees, researchers and other similar parties.
We may also disclose your information (including personal information) if we believe in good faith that we are required to do so in order to comply with an applicable law, a subpoena, a search warrant, a court or regulatory order or other valid legal process or lawful requests by public authorities, including to meet national security or law enforcement requirements.
Rights to your Information
You may exercise the following rights in relation to the personal information that we hold about you:
Further, every marketing email from Globoforce contains instructions on how to opt out of receiving further marketing emails from us. If you wish to unsubscribe, follow the instructions in the email. Please contact us if you have any problems using this opt out mechanism.
You can exercise any of your rights above by using the Contact Us details below. We undertake that promptly after receiving your request (subject to any statutory time periods), all personal information stored in databases we actively use and other readily searchable media will be updated, corrected, changed, deleted or confirmed to you, as appropriate, as soon as reasonably practicable and in accordance with applicable law or the Privacy Shield Principles (as relevant).
Globoforce is committed to taking reasonable steps to ensure the security of your information. To prevent unauthorized access, maintain data accuracy and ensure the appropriate use of information, we have put in place appropriate physical, electronic and managerial procedures to safeguard and secure the information we collect from you.
Retention of Personal Information
Except as otherwise permitted or required by applicable law or regulatory requirements, Globoforce will only retain your personal information for as long as it is necessary to fulfill the purposes for which the personal information was collected. After such time, personal information will be securely destroyed or obfuscated so that such data so that it cannot be associated with or tracked back to you
Globoforce reserves the right to change this Policy. If we decide to make changes, we will post the updated policy on our Sites so you are always aware of what information we collect, how we use it, and the circumstances, if any, we disclose it. If at any point we decide to use personal information in a manner significantly different from that stated in this Policy, or otherwise disclosed to you at the time it was collected, we will notify you by email, and you will have a choice as to whether or not we use your personal information in the new manner.
Concerns and Comments
If you wish to exercise your data protection rights or to raise any concerns, objections or complaints in relation to this Policy, please contact us using the relevant Contact Us details below. If contacting us does not resolve your issue, EU users of our Sites may contact their local EU Data Protection Authorities or Swiss users can contact the Swiss Data Protection and Information Commissioner (collectively, “DPAs”). In the case of users of our Sites within the EU, our lead DPA is the Data Protection Commission in Ireland which acts as the “one stop shop” for complaints relating to cross-border processing issues.
As part of our commitment to the Privacy Shield, Globoforce commits to cooperating with relevant DPAs and to comply with the advice given by such authorities with regard to personal information transferred from the EU or Switzerland under the Privacy Shield Framework. The services of the DPAs are provided at no cost to you. Accordingly, if the DPAs finds us to be in violation of the law or applicable Privacy Shield Principles, we will correct the situation and, if necessary, stop processing the data of the individual who brought the complaint. For processing governed by the Privacy Shield, Globoforce Inc. will make available a binding arbitration option to you in the event that the complaint is unresolved, under certain conditions as further explained in the Privacy Shield Principles.
Globoforce Inc. is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
Concerns and Comments
You may email us at GloboPrivacy@globoforce.com with any further questions or concerns regarding this Policy, if you wish to exercise your data protection rights, or if you have a Privacy Shield related complaint. You can contact us by regular mail addressed to:
200 Crossing Blvd., Suite 500
United States 01702
Alternatively, regular mail may also be directed to Globoforce Limited in Ireland, by addressing it to:
19 Beckett Way
Park West Business Park
Dublin 12, Ireland
(Last modified as of December 18, 2018)
©2018 Globoforce Inc., and Globoforce Limited. All Rights Reserved.