Privacy Statement | NAVEX Global

Effective December 30, 2019
Download PDF

Please click here for Lockpath, Inc.’s Privacy Statement.

PRIVACY STATEMENT OVERVIEW

When you visit our website, post to our forum, or work with one of the thousands of commercial customers who uses our Application of online services, we will receive information about you. Our full Privacy Statement provides more detail about how we collect personal information, how we use it, and how we support your rights to your data. This overview is intended to provide you with a summary of the topics we cover in this Privacy Statement.

SECURITY AND TRANSPARENCY ARE CORE TO OUR BUSINESS.

We use personal information to provide our services, deliver information, improve our website, and to fulfill other requests you may have (like answering support questions). We use measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration and disclosure. Additional details may be found below, but we want to be sure you know that we safeguard the information we hold.

WE COLLECT INFORMATION IN DIFFERENT WAYS.

What we collect and how we collect information depends on how you use our Website and Application. This Privacy Statement is written to provide you with detail on the two ways we collect information:

Website

Application

We collect information from our corporate websites at www.navexglobal.com, www.netclaim.com, or post to our public forum at www.navexglobal.com/compliancenext (the “Website”).

We use information from our Website for our own internal business and marketing purposes. We determine the purposes and institute the practices and requirements by which this personal information is collected, used, shared and destroyed.

To learn more, please go to our
Website Privacy Terms.

We provide services like compliance training, policy and procedure management, ethics hotline and incident management, vendor risk management, compliance analytics, and claims management (the “Application”). We collect information through our Application on behalf of our customers. Our customers are organizations that engage us to deliver certain services available on our Application.

We process this information in connection with delivery of our services as contracted by a customer. Our customers determine the purpose and the nature of the personal information collected, used, stored, or deleted within our Application.

To learn more, please go to our
Application Privacy Terms.

You have options.

If you ever decide you do not want to receive marketing or promotional information from us you can unsubscribe at any time – either through the unsubscribe link in the message or by emailing us at privacy@navexglobal.com. Please include “Opt-out” in the subject line. If you are based in the European Union, the United Kingdom, or in California, you may have additional rights associated with your personal information, so please refer to our full Privacy Statement below for more details.

We are available for additional information.

If you have questions about this Privacy Statement you can contact us directly.

NAVEX Global, Inc.
Attention: Data Protection Officer
5500 Meadows Road, Suite 500
Lake Oswego, OR 97035 USA
privacy@navexglobal.com

INTRODUCTION

Your privacy and trust are very important to us. NAVEX Global, Inc., on behalf of itself, its affiliates, and its subsidiaries, including NAVEX Global UK Limited and GCS Compliance Services Europe Unlimited Company, trading as NAVEX Global , and The Network, Inc. (“NAVEX Global”), provides technology solutions to our commercial customers to further their ethics and compliance goals. We help by providing services like compliance training, policy and procedure management, ethics hotline and incident management, vendor risk management, and compliance analytics.

NAVEX Global requires the foregoing affiliates and subsidiaries to handle personal information in accordance with the data handling practices detailed in this Privacy Statement. Therefore, all references to NAVEX Global in this Privacy Statement refer collectively to NAVEX Global, includes the subsidiaries and affiliates covered under this Privacy Statement.

This Privacy Statement applies to personal information we may collect about you or that you may provide when you visit our Website or use the Application, we provide our business customers. NAVEX Global does not publish text, images, or multimedia content on our Website that portray nudity, foul language, violence or other information not aligned with our commercial goals.

Please read this Privacy Statement carefully to understand our policies and practices regarding how we collect, store, use, and share your personal information. If you do not agree with our policies and practices, your choice is not to use our services. Any personal information provided to us will never be sold, rented, traded, shared or leased other than as outlined in this Privacy Statement.

Our Application and Website are not directed to children under age 16, and we do not knowingly collect personal Information from individuals under age 16. If you are under 16, do not provide any information on this Website. If we learn we have collected or received personal information from anyone under 16, without verification of parental consent, we will delete that information.

If you want to go directly to the terms that apply to Website visitors, click here to visit the Website Privacy Terms that detail our data handling practices for information we collect from visitors to our public Website.

If you want to go directly to the terms that apply to licensed users of our Application, click here to visit the Application Privacy Terms that detail our data handling practices for processing personal information on behalf of our customers.

Website	Application
Click here to jump to the Website Privacy Statement	Click here to jump to the Application Privacy Statement

WEBSITE PRIVACY PRACTICES

The following terms apply to users of our Website.

COLLECTION – WEBSITE

How we collect your personal information depends upon how you use and interact with our Website. Some information is provided directly by you, while other information may be collected through automated technologies.

Legal Basis for Collection. When accessing our Website, we collect personal information from you where 1) we have your consent, 2) where your personal information is necessary for us to provide a Service (for example, when you register for a webinar), or 3) where we have a legitimate interest to process your information and that legitimate interest is not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may have a legal obligation to process your personal information, or to process your personal information in order to exercise, establish or defend legal claims.

Website Access. More specifically, we may collect information when you provide it directly to us though the Website in webforms such as webinar registration forms or when you download white papers, articles or other collateral. The type of information collected on these forms includes the following:

Website Information Collection

We may collect the following types of information from you:

First Name / Last Name
Email Address
Work Location
Job Title
Department
Supervisor
Log-in credentials

Collected from Third Parties. We may receive information about you from other sources, including publicly available databases or third parties from whom we have purchased data, and combine this data with information we already have about you. This helps us to update, expand and analyze our records, identify new customers, and provide information about products and services that may be of interest to you. If you provide us personal information about others, or if others give us your information, we will only use that information for the specific purpose for which it was provided to us. Examples of the types of personal information that may be collected from external sources include name, business contact details such as email, phone number, and job title.

Automated Collection Mechanisms and Cookie Notice. In addition to the direct collection practices detailed above, we and our service providers may use automated collection technologies to collect information within some areas of our Website. We use cookies to store content and preferences which enables us to collect standard information your browser sends to certain websites you visit such as your IP address, browser type and language, and the site you came from as well as pages you visit and links you click on within our Website. Having technical information like this helps us to improve Website. We aim to be transparent about the automated technologies we use, and in order to communicate the type, provider, and name of automated technologies employed to accomplish that, we have made additional resources available to provide more detail around automatic information collection technologies available at our Cookie and Automated Technology Notice.

Do Not Track Requests. NAVEX Global does not process or respond to “Do Not Track” signals from your browser or other mechanisms that enable choice regarding the collection of personal information about your online activities over time and across third-party websites or online services.

HOW WE USE PERSONAL INFORMATION – Website

We use personal information collected from the Website to respond to requests for information, including marketing and advertising communications, and to continue developing and improving the Website.

When you make requests on the Website We use information collected from on the Website to respond to visitors' requests. NAVEX Global does not sell, rent, lease, trade or share visitors' personal information other than as outlined in this Policy. When you provide us with your personal information or otherwise choose to sign up to receive email communications from us, we will use that information to send those communications to you. Individuals may "opt-out" of receiving e-mail communications through links available on e-mails received.

Webinar Participants. For participants of our web seminars (“webinars”), the only personal information we share is webinar registration information and it is only shared with our webinar presenters for the limited purpose of providing this service.

Social Media Links. Our Website includes social media plug-ins (“Features”), such as the Facebook “Like” or “Share” buttons or widgets which allow us to show you third party content within our site, like YouTube and Wistia videos (“Widgets”). These Features or Widgets may collect your IP address, which page you are visiting on our site, the activity you took associated with the Feature or Widget, and may set a cookie in order to function properly. These Features and Widgets are either hosted by a third party or hosted directly on our Site and may send your information to the third party owner of the Feature or Widget. Your interactions with Features and Widgets are governed by the privacy policy of the company providing the Feature or Widget and when you use them, you consent to use of your information in accordance with their terms.

Interest Based Ads. Some information, like name and email, are collected for advertising purposes. This means you might see an advertisement from us on other sites you visit. Sometimes we allow third party advertising companies and ad networks to use automatic data collection technologies to collect similar information about you for purposes of providing you with interest-based ads. Interest-based ads are helpful because they are more likely to be tailored to your particular interests. They are also more likely to help you discover new services that are actually relevant to you and your interests. Also, if interest-based tracking is enabled, you likely will not see the same ads over and over because the number of times you see a particular interest-based ad is usually limited. By opting-out of interest-based ads, you lose all of these benefits.

We partner with a third-party ad network to either display advertising on our Web site or to manage our advertising on other sites. Our ad network partner uses cookies, Web beacons, and similar technologies in order to provide you more relevant advertising based upon your browsing activities and interests. If you do not want this information used for the purpose of serving you more personalized ads, you may opt-out by clicking here [or if located in the European Union click here]. Please note this does not opt you out of being served advertising. You will continue to receive ads of a more generic nature.

Data Retention. Where NAVEX Global serves as the controller of the data, such as where we use personal information for our own independent business purpose, we will retain your information in accordance with our data retention practices as follows: We will retain your information for the necessary period of time that it serves the purpose for which it was originally collected or subsequently authorized and in accordance with applicable law. For example, we will retain your information for as long as your account is active, as necessary to comply with our legal obligations and rights, to resolve disputes, and to enforce our agreements.

HOW WE SHARE INFORMATION – Website

Where we share personal information with third parties, we do so as set forth below. Any information we collect will never be sold, rented, traded, shared or leased other than as outlined in this Privacy Statement.

Service Providers and Analytics. NAVEX Global contracts with select third parties to provide us with Web-based services that include e-mail delivery and content streaming; these services may collect certain visitor data and click through data, including IP address, referring page, pages visited on our Website and whether you opened and email, and clicked on any content within that email. These companies are authorized to use directly identifying data, for example, e-mail addresses, only as necessary to provide for the service requested, in accordance with NAVEX Global’s privacy practices and pursuant to written instructions.

Posts and Feedback. Our web properties offer publicly accessible community forums and discussion boards. You should be aware that any information you provide in a community forum or discussion board may be read, collected, and used by others who access them. To request removal of your personal information from our discussion board or community forum, contact us at privacy@navexglobal.com. In some cases, we may not be able to remove your personal information and if that is the case, we will let you know and the reason why. If you choose to comment on our blog you will be required to create an account and login to a third-party’s site to do so. The third party solely manages the login component and any personal information you provide to them.

YOUR RIGHTS – Website

NAVEX Global acknowledges that you may have the right to access your personal information.

Rights provided under the Privacy Shield Frameworks to personal information transferred from European Union (EU) member countries and Switzerland to the United States. NAVEX Global respects your control over your information and, upon request, we will confirm whether we hold or are processing information that we have collected from you. You also have the right to amend or update inaccurate or incomplete personal information, request deletion of your personal information or request that we no longer use it. Under certain circumstances we will not be able to fulfill your request, such as if it interferes with our regulatory obligations, affects legal matters, we cannot verify your identity, or it involves disproportionate cost or effort, but in any event we will respond to your request within a reasonable timeframe and provide you an explanation. In order to make such a request of us, please use this web form.

Application Users Note. Please note that where personal information is collected within the software applications we offer, we do so on behalf of customer organizations, which determined the means and purposes of processing, and those customer organizations manage the data in accordance with their own internal policies and procedures. Any questions related to how that customer organization may process, use or share your information should be directed to that customer organization by contacting them directly. Unless otherwise prohibited by law, we will honor and support any instructions they provide us with respect to your personal information.

European Economic Area, Switzerland or United Kingdom Citizen Rights. Individuals who reside in the European Economic Area (EEA), including Switzerland and the United Kingdom (UK) have additional rights reserved under the General Data Protection Regulation (GDPR), the UK Data Protection Act and/or ePrivacy Directive, as applicable. This section details those additional rights and information on how to exercise them:

You may request to access, correct, update or request deletion of your personal information based on information collected from accessing our Website or participating in our Forums or Webinars.
You may request additional information related to the purposes for which we process your personal information, the categories of personal information we process, where we originally collected the information, who we share it with, and how long we will retain it.
You may object to our processing of your personal information, request that we restrict the processing of your personal information or request portability.
You have the right to opt-out of marketing communications we sent you at any time. You can do so by clicking the “unsubscribe” or “opt-out” link in the marketing emails we send to you. You may also opt-out of other forms of marketing (such as postal or telemarketing).
Where we have collected and processed your personal information with your consent, you can withdraw your consent at any time. However, withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
Upon your request, and where it is technically feasible, NAVEX Global will provide you with a copy of your personal information or transmit it directly to another controller.
You have the right to submit a complaint to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authorities. Contact details are available here.

To make a request please use this web form or email us at privacy@navexglobal.com with “Personal Information Request” in the subject line, and provide us with full details in relation to your request, including your contact information and any other detail you feel is relevant. NAVEX Global will provide a response to an access request within 30 days of receiving such request or if we cannot, we will notify you and provide you with the reason for the delay.

California Citizen Rights. If you are a California-based consumer, as that term is defined under California law, this section shall apply in addition to all other applicable rights and information contained in this privacy statement. We collect, use and disclose the categories of personal information from the sources identified in this privacy statement. Our business purposes for such collection, use and disclosure, along with any categories of third party partners, are identified in this privacy statement. Individuals who reside in the state of California have additional rights reserved under the California Consumer Privacy Act and the California Shine the Light law:

You have the right to request that we provide you with the categories of personal information and the specific pieces of personal information we have collected and store about you.
You have the right to request that we delete personal information we, or our service providers, store about you.
If you elect to exercise any rights under this section of our Privacy Statement, we will not discriminate or retaliate against you.
We do not sell personal information.
To exercise your rights as a California consumer, please use this web form or call us toll-free at +1 844-842-0916. Also, be sure to check this policy for updates as we will review it at least every 12 months and make updates as necessary.

Identity Verification Requirement. We are required by law to verify that any request submitted was made by someone with the legal right to access the data. Therefore, prior to accessing or divulging any information pursuant to a data subject access request, we may request that you provide us with additional information in order for us to verify your identity and legal authority.

Under certain circumstances we may not be able to fulfill your request, such as where doing so would interfere with our regulatory or legal obligations, where we cannot verify your identity, or if your request involves disproportionate cost or effort; in any event, we will respond to your request within a reasonable time frame and as required by law, and provide you an explanation.

APPLICATION PRIVACY PRACTICES

The following terms apply to users of our Application services provided through contract to our business customers.

COLLECTION – Application

We collect personal information in a variety of ways depending on how you use and interact with our Application. Some information is provided directly by you, while other information may be provided by your employer or business partner (our commercial customer) in connection with the delivery of our Application for our customer’s business use.

Legal Basis for Collection. When using our Application, generally speaking, we collect personal information from you on behalf of our customer where 1) you have consented, 2) where your personal information is necessary for us to comply with our contractual commitments (for example, when we deliver our services), or 3) where our customer has a legitimate interest to process your information and that legitimate interest is not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may have a legal obligation to process your personal information, or to process your personal information in order to exercise, establish or defend legal claims.

Application Access. In order to access the Application, you may be required to provide us specific information (such as your login credentials) that allows us to verify your identity before accessing certain data we host or to deliver certain services. We may use tools and other tracking software within our applications to collection information related to the pages and areas within pages you visit to support improvements to our Application and log activity associated with licensed user access. This identity verification information is kept secure on our servers and is only used to assist you in accessing your account; we take care to prevent release of this information outside of our customer’s particular instance of the Application unless specifically authorized by law, contract, or these data handling practices.

Collection based on Application. We offer a variety of software services within the Application.; Each of the software services collects different types of information based on the software application, nature of user interaction, and the specific types of information our business customer requests that we collect on their behalf.

In collecting and hosting customer data within our Application, NAVEX Global acts as the data processor; our business customer is the data controller. We do not make any judgments or decisions in relation to the content of personal information submitted or use of the information by any customer, reporters or customer company representatives. Our responsibility is limited to collecting and securing the information provided to us in accordance with the terms of this Privacy Statement, our contracts with customers, and applicable law. For the products that require user log-in, for things like training records, we keep identity verification information secure on our servers and is only used to assist you in accessing your report unless specifically authorized or legally required.

Accordingly, the following represents a summary of the types of information collected through each of the software services available in the Application, and the collection mechanism through which the data is collected:

PolicyTech: Policy and Procedure Management

Our PolicyTech software service allows our customer to improve accessibility, version control and delivery of company policies with centralized automation to track compliance and gauge employee comprehension. In order for NAVEX Global to provide these services to our customers, we may collect the following types of information from our customer:

First Name / Last Name
Email Address
Work Location
Job Title
Department
Supervisor
Log-in credentials
Completion status, time, and date information of policies

NAVEXEngage: Compliance Training

Our NAVEXEngage software services allow our customer to deliver risk-based training to specific departments, track completion, meet legal requirements and support behavior change with engaging scenario-based learning experiences. In order for NAVEX Global to provide these services, we may collect the following types of information from you directly of or from our customer:

First Name / Last Name
Email Address
Work Location
Job Title
Department
Supervisor
Log-in credentials
Completion status, time, and date information of training media

Risk Rate: Vendor Risk Management

Our Risk Rate software services allow our customer to perform around-the-clock, automated third-party risk monitoring and due diligence. In order for NAVEX Global to provide these services to our customer, we may collect the following types of information from you directly of or from our customer:

Name, if required from our customer
Work location
Department
Log-in credentials

NetClaim: Claims Intake and Distribution

Our NetClaim services provide our customers comprehensive and customizable claims intake and dissemination solutions. In order for NAVEX Global to provide these services, we may collect the following types of information from you directly or from our customer, or other parties with access to the NetClaim intake and distribution mechanisms:

First Name / Last Name
Email Address
Work Location
Job Title
Department
Supervisor
Log-in credentials
Address
Date of birth
Social Security Number

EthicsPoint/AlertLine/Integrilink/Suite Hotline: Hotline and Incident Management

Our Hotline and Incident Management software services allow our customer to receive, investigate, and resolve ethics and compliance reports, concerns, and questions in a centralized database. In order for NAVEX Global to provide these services, we may collect the following types of information from you directly or from our customer, or from other parties with access to the Hotline and Incident Management intake mechanisms:

Name, if required from our customer
Work location
Department
Details around the reported incident
Personal PIN for report updates

In addition to the above, other information, such as IP address, may be automatically collected from reporters using NAVEX Global applications. This automatically collected information may be used to protect and secure the integrity of our systems and data we host, and may be shared with law enforcement to enforce our rights or as otherwise required by applicable law. Whether or not personal information is required for submission of a report within our Hotline and Incident Management software service is determined by our customer. During the reporting process, a reporter may choose to provide certain categories of sensitive information voluntarily. In each case, we will collect the information provided and handle the data in accordance with the practices as set out in this Privacy Statement.

In order to access a report you submitted, you may be required to provide us with specific information (such as a report key and personal identification number) that allows us to verify your identity before accessing to the information is granted; this is separate from the product log-in process to facilitate the anonymous reporting process where requested by our customers. This identity verification information is kept secure on our servers and is only used to assist you in accessing your report unless specifically authorized or legally required.

Collected from Third Parties. We may receive information about you from other sources, including your employer or business partner. This helps us keep our records up-to-date and to provide the Application in accordance with our contractual obligations. Where a third party gives us your information, we will only use that information for the specific purpose for which it was provided to us and in compliance with our customer contracts. Examples of the types of personal information that may be collected from external sources include name, business contact details such as email, and job title.

Automated Collection Mechanisms and Cookie Notice – Application. In addition to the direct collection practices detailed above, we and our service providers may use automated collection technologies to collect information within some areas of our Application. Specifically, we use web logging, which enables us to collect the standard information your browser sends to web sites you visit such as your IP address, browser type and language, and the site you came from as well as pages you visit and links you click on within our Application. Having technical information like this helps us to improve Application. We aim to be transparent about the automated technologies we use, and in order to communicate the type, provider, and name of automated technologies employed to accomplish that, we have made additional resources available to provide more detail around automatic information collection technologies available at our Cookie and Automated Technology Notice.

HOW WE USE PERSONAL INFORMATION – APPLICATION

NAVEX Global, as the processor of personal information on behalf of its business customers, uses the personal information collected exclusively in accordance with its business customer’s (the data controller’s) instructions. More specifically, we use personal information collected from the Application to 1) provide the Application to our customers and their end-users, 2) communicate with customers and their end-users about the Application, 3) respond to support requests, and 4) continue developing and improving the Application.

HOW WE SHARE INFORMATION – APPLICATION

We share your personal information in order to comply with our contractual commitments to our business customers. In limited instances where we share personal information with other third parties, we do so as detailed below. Any personal information we collect will never be sold, rented, traded, shared or leased other than as outlined in this Privacy Statement.

Service Providers and Analytics. NAVEX Global contracts with select third parties in connection with the delivery of services to our customers. These third parties may not use any personal information other than to provide and deliver the specific contracted services. For example, we may use translation and interpretation providers for EthicsPoint reports that are received in a language other than English. Another example is the Learning Management System we use to deliver video trainings through our online learning portal. We also use vendors to analyze certain elements of our Application to ensure we are delivering the services in a timely and functional manner.

Aggregate Information. NAVEX Global provides its Application to over 13,000 customers around the globe to support those organizations in their ethics and compliance goals and objectives. We may use de-identified data generated within the Application to create aggregated information sets. Any aggregated information will NOT include any personal information or information that could reasonably identify you.

YOUR RIGHTS – APPLICATION USERS

As a reminder, where personal information is collected within the Application, we do so for our business customers, which determined the means and purposes of processing. As described previously in this Privacy Statement, NAVEX Global operates as a data processor on behalf of its business customers, in its collection and use of personal information related to delivery of Application services. Each of our customers has instructed us to collect information on their behalf and controls use of the data we process. Those customers manage the data in accordance with their own internal policies and procedures.

Accordingly, any individual who seeks access to their personal information, or who seeks to correct, amend, or delete inaccurate data should direct their enquiry to our customer (the data controller). Where NAVEX Global is only processing personal information on behalf of its customers, enquiries made directly to NAVEX Global will be forwarded to our customer for response. Unless otherwise prohibited by law, we will honor and support any instructions they provide us with respect to your personal information.

If you have questions or complaints regarding our Privacy Statement or data handling practices, please contact us with “Privacy Enquiry” in the subject line by mail or e-mail at the address below.

GENERAL PRIVACY STATEMENT TERMS

The following terms apply to users of our Application and visitors to our Website.

SECURITY – BOTH

NAVEX Global prohibits any unauthorized access or use of any information stored on our servers. Unauthorized access to this information is a violation of law. In the event of a breach of security or a reasonably suspected breach of security, NAVEX Global will properly investigate and press charges to the fullest extent possible against any party it determines has illegally accessed information within our systems.

We follow generally accepted industry standards to protect the personal information submitted to us, both when transmitted and when stored. NAVEX Global has placed security measures and firewalls on all network servers in an attempt to prevent outside parties from accessing private information. These precautions are designed to secure your personal information from accidental loss and from unauthorized access, use, alteration and disclosure. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially reasonable means to protect your personal information, we cannot guarantee its absolute security.

You also play an important role in the security of your information on our Application. Where you have been given a password for access to the relevant parts of our Application, you are responsible for keeping it safe and confidential.

If you have any questions about security on our Web site, you can e-mail us at itsecurity@navexglobal.com with "Questions about Web site Security" in the subject line.

INTERNATIONAL TRANSFER - BOTH

To facilitate our operations, we may transfer, store and process your personal information in jurisdictions other than where you live [including in the United States]. Laws in these countries may differ from the laws applicable to your country of residence. For instance, if you are a European Economic Area (EEA) data subject and your personal information is shared with our affiliates, partners, or third-party service providers acting on our behalf outside of the EEA, then it is done so pursuant to appropriate safeguards necessary to ensure an adequate level of protection in accordance with this Privacy Statement.

EU & SWISS PRIVACY SHIELD CERTIFIED - BOTH

NAVEX Global, Inc. (and its subsidiary company, The Network, Inc.) participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss- U.S. Privacy Shield Framework. NAVEX Global, Inc. is committed to subjecting all personal information received from the European Economic Area, United Kingdom, and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Frameworks’ applicable Principles. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov.

NAVEX Global, Inc. is responsible for the processing of personal information it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. NAVEX Global, Inc. complies with the Privacy Shield Principles for all onward transfers of personal information from the European Economic Area, United Kingdom, and Switzerland, including the onward transfer liability provisions.

With respect to personal information received or transferred pursuant to the Privacy Shield Frameworks, NAVEX Global, Inc. is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, NAVEX Global may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Under certain conditions, more fully described on the Privacy Shield website [https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint], you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

LEGAL DISCLOSURES - BOTH

Legal Disclosures. In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We reserve the right to disclose your personal information as required by law and when we believe in good faith that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, or legal process served on us.

Business Transfer. In the event we undergo a legal business restructuring, business transition, merger, acquisition by another company, or sale of all or a portion of its assets, your personal information will likely be among the assets transferred. You will be notified via prominent notice on our Web site for 30 days of any such change in ownership or control of your personal information.

UPDATES - BOTH

Any updates or changes to this Privacy Statement will be posted to this Privacy Statement, the home page, or other places we deem appropriate so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. We reserve the right to modify this Privacy Notice at any time, so please review it frequently. If we make material changes to this policy, we will notify you here, by e-mail, or by means of a notice on our home page prior to the change becoming effective.

QUESTIONS OR CONCERNS - BOTH

If you have received unwanted, unsolicited e-mail sent by NAVEX Global or purporting to be sent via NAVEX Global, please forward a copy of that e-mail with your comments to info@navexglobal.com for review.

If you have questions or complaints regarding our privacy statement or practices, please contact us at privacy@navexglobal.com with “Privacy Enquiry” in the subject line and provide detail on your question or complaint so that we may adequately respond.

NAVEX Global, Inc.
Attention: Data Protection Officer
5500 Meadows Road, Suite 500
Lake Oswego, OR 97035 USA
privacy@navexglobal.com