Privacy Statement | NAVEX Global

Collection and Use

Collection and Use of Information

NAVEX Global collects different kinds of information in order to provide you with the best products and services and to operate effectively. Some of this information is provided directly by you, while other information may be provided by your employer in connection with use of our products and services. We may also gather information by observing how you interact with our website, products and services.

What information we collect

Registration: When you, or your organization, sign up to use our sites or services, or you sign up to attend a webinar or get additional information about our products and services, we may receive certain necessary information such as your name, job title and contact information such as email address, phone number and address.

Licensed Users: To access some of our products and services you may be required to provide us specific information (such as your login credentials) that allows us to verify your identity before accessing certain data we host. In addition, we may use tools and other tracking software within our applications to collection information related to the pages and areas within pages you visit. This identity verification information is kept secure on our servers and is only used to assist you in accessing your account or report; this information is not released outside of the relevant NAVEX Global system unless specifically authorized. De-identified information on how you use our services may be shared with trusted third parties to enable us to provide improved functionality and other enhancements within our applications but it will not include any personal data.

Hotline/EthicsLine Reporters: No directly identifying information is automatically collected from reporters using NAVEX Global applications. Certain directly identifying information, such as name, e-mail address and contact details, and, where specifically provided by you, certain categories of sensitive information are stored only when a reporter voluntarily provides this information for use by a customer company. Other information, such as IP address, may be automatically collected from reporters using NAVEX Global applications. In addition, to access a report you may have submitted, you may be required to provide us with specific information (such as a report key and personal identification number) that allows us to verify your identity before accessing information you may have submitted. This identity verification information is kept secure on our servers and is only used to assist you in accessing your report unless specifically authorized or legally required.

How we collect information

NAVEX Global gathers information about how you use our sites and services in a number of ways, including:

Web forms, such as when you type information into a registration form
Technologies like cookies (please see Cookies for more information about this technology)
Web logging, which enables us to collect the standard information your browser sends to every web site you visit such as your IP address, browser type and language, and the site you came from as well as pages you visit and links you click on within our site

For licensed users of our applications, we may use tools and other tracking software within our applications to collect information related to the pages and areas within pages you visit, which enables us to provide improved functionality and other enhancements within our applications.

User Data Supplementation

We may receive information about you from other sources, including publicly available databases or third parties from whom we have purchased data, and combine this data with information we already have about you. This helps us to update, expand and analyze our records, identify new customers, and provide products and services that may be of interest to you. If you provide us personal information about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us.

Examples of the types of personal information that may be obtained from public sources or purchased from third parties and combined with information we already have about you, may include: name, business contact details such as email, phone number, and job title.

Purchased marketing data about our customers from third parties that is combined with information we already have about you, to create more tailored advertising and products.

How we use Personal Information

NAVEX Global uses the information we collect to operate and improve our products and services, to respond to requests about promotions or products and services offered and to protect and secure the integrity of our systems and data hosted, as more fully set forth below.

Visitors: When NAVEX Global collects personal data from visitors to our sites, the information collected from opt-in users is used only to respond to visitors' requests. In instances where opt-in participants' requests relate to NAVEX Global partners, we will provide personal data only to respond to that request. NAVEX Global does not sell, rent, lease, trade or share visitors' personal data other than as outlined in this Policy. When you provide us with your personal data or otherwise choose to sign up to receive email communications from us, we will use that information to send those communications to you. Individuals may "opt-in" and "opt-out" of receiving e-mail communications through selections available on e-mails received. For participants of our web seminars, the only personal data we share is web seminar registration information and it is only shared with our web seminar presenters to provide this service. They are not permitted to use this information for their own marketing purposes.

Licensed Users of Products and Services: Personal data such as name, contact information, username and password is stored in our database for access to and use of certain software applications. This information is kept secure, is used to assist you in accessing your account and is not released outside of the NAVEX Global system unless specifically authorized or required by law. We may share de-identified information in relation to your use of our applications with trusted third parties, enabling NAVEX Global to provide you with improved functionality and other enhancements.

Hotline/EthicsLine Reporters: No directly identifiable information is automatically collected from reporters submitting a case. Directly identifying information, such as name and e-mail address, is collected and stored only when a reporter voluntarily gives this information. Other information, such as IP address, may be automatically collected from reporters using NAVEX Global applications. This automatically collected information may be used to protect and secure the integrity of our systems and data we host, and may be shared with law enforcement to enforce our rights or as otherwise required by applicable law.

Please note that where personal data is collected within the software applications we offer, we do so on behalf of customer organizations and those customer organizations manage the data in accordance with their own internal policies and procedures. Any questions related to how that customer organization may process, use or share your information should be directed to that customer organization by contacting them directly. We will respond to any requests from the customer organization to remove or edit data within a reasonable timeframe.

How long we retain your Personal Information

As a processor, we will retain personal data we process on behalf of our customers in accordance with our customer’s instructions and the timeframes set forth in our agreements. NAVEX Global will retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

As a controller, we will retain your information for as long as it serves a processing purpose compatible with the processing purpose for which it was originally collected or subsequently authorized and in accordance with applicable law. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Access

Access to Personal Information

NAVEX Global acknowledges that you may have the right to access your personal information. However, in most cases, NAVEX Global has no direct relationship with the individuals whose personal data it processes because it is collecting this information on behalf of its customer. Any individual who seeks access to their personal information, or who seeks to correct, amend, or delete inaccurate data should direct their enquiry to our customer (the data controller). Where NAVEX Global is only processing personal information on behalf of its customers, enquiries made directly to NAVEX Global will be forwarded to our customer for response. NAVEX Global will respond to instructions from our customer pertaining to such access/correction/deletion requests within a reasonable timeframe.

Where NAVEX Global has a direct relationship with an individual whose personal data it processes and where that individual is located within the European Economic Area (EEA), Switzerland or the United Kingdom during the time of data collection, you have the following data protection rights:

If you want to access, correct, update or request deletion of your personal information, please email privacy@navexglobal.com
You can object to our processing of your personal information, request that we restrict the processing of your personal information or request portability by emailing privacy@navexglobal.com
You have the right to opt-out of marketing communities we sent you at any time. You can do so by clicking the “unsubscribe” or “opt-out” link in the marketing emails we send to you. To opt-out of other forms of marketing (such as postal or telemarketing), please email privacy@navexglobal.com
Where we have collected and processed your personal information with your consent, you can withdraw your consent at any time. However, withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent;
Upon your request, and where it is technically feasible, NAVEX Global will provide you with a copy of your personal data or transmit it directly to another controller;
You have the right to submit a complaint to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authorities. Contact details are available here.

Where we are unable to verify your identity through your initial request, we may request additional information to confirm your identity. Under certain circumstances we may not be able to fulfill your request, such as where doing so would interfere with our regulatory or legal obligations, where we cannot verify your identity, or if your request involves disproportionate cost or effort; in any event, we will respond to your request within a reasonable time frame and as required by law, and provide you an explanation.

To make a request please contact us at privacy@navexglobal.com with “Personal Information Request” in the subject line, and provide us with full details in relation to your request, including your contact information and any other detail you feel is relevant.

NAVEX Global shall provide a response to an access request within 30 days of receiving such request.

Legal Basis for Processing Your Personal Information

The legal basis we rely on for collection and use of your personal information described in this Privacy Statement will depend on what personal information is collected and used and the specific context in which we have received it.

Generally speaking, we collect personal information from you where we have your consent, where your personal information is necessary for us to perform under a contract (for example, when we deliver our services), or where we have a legitimate interest to process your information and that legitimate interest is not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may have a legal obligation to process your personal information, or to process your personal information in order to exercise, establish or defend legal claims.

If you have questions about the legal basis on which we rely to collect and use your personal information, please email us at privacy@navexglobal.com.

Cookies, Gifs & Log Files

Use of Cookie, Clear Gif and Log File Technology

Technologies such as: cookies, beacons, tags, and scripts are used by us and our tracking utility partners. These technologies are used in analyzing trends, administering the site, tracking users’ movements around the site and to gather information about our user base as a whole, . We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.

A “cookie” is a small text file that is stored on a user’s computer.

NAVEX Global utilizes Cookie technology on our sites for purposes of Website traffic analysis such as the time/date of the visit, the time/date of last visit, the page viewed, the referring site, and other data. NAVEX Global also tracks click behavior in the e-mails it sends out. This data is used to update specific user-profile information, ascertain the areas of most interest to opt-in e-mail recipients, and to personalize e-mail messages to them.

We also use session ID cookies for access to products and services by our licensed users and reporters. These session Cookies are used to make it easier to navigate our site, products and services. A session ID Cookie expires when your browser is closed. If you reject Cookies, you may still use portions of our site, but your ability to use some areas of our site, products or services, may be limited.

In limited circumstances, and with appropriate notice to licensed users, we will use persistent Cookies (Cookies that do not expire when your browser is closed). In these situations, licensed users are required to consent to the placement of a Cookie prior to it being activated and consent may be withdrawn at any time by simply accessing the form and un-ticking the box giving NAVEX Global permission to store the information. Any persistent Cookie that is unused for 30 days will automatically expire.

As is true of most Web sites, we gather certain information automatically and store it in log files. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information to analyze trends, to administer the site, to track users’ movements around the site and to gather demographic information about our user base as a whole.

In addition, Session Variables may be used temporarily in your system cache to create ease-of-use during your transaction with our site. Examples of such information are automatically-produced alphanumeric numbers held during your session on our site to facilitate page-to-page transactions. We only store name, e-mail, phone, address, company name or any other identifying information for licensed users; no information is stored for others unless otherwise stated in this policy.

We and our third party tracking-utility partners employ a software technology called clear gifs (a.k.a. Web Beacons/Web Bugs), that help us better manage content on our site by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of Web users. In contrast to cookies, which are stored on a user’s computer hard drive, clear gifs are embedded invisibly on Web pages and are about the size of the period at the end of this sentence.

We use clear gifs in our HTML-based emails to let us know which emails have been opened by recipients. This allows us to gauge the effectiveness of certain communications and the effectiveness of our marketing campaigns.

Secure Communications

NAVEX Global will take reasonable precautions to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.

For licensed users and reporters, communications between the NAVEX Global site and a user's web browser are accomplished using, at a minimum, 128 bit TLS encryption and various third party security certificates to protect confidential data. NAVEX Global does not allow users to transfer or receive confidential information unless they are using a validated 128 bit (or greater) encrypted session.

We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

If you have any questions about security on our Web site, you can e-mail us at itsecurity@navexglobal.com with "Questions about Web site Security" in the subject line.

Use of Third Parties

Use of Third Party Services

NAVEX Global contracts with select third parties for Web-based services that include e-mail delivery and content streaming, that may collect certain visitor data including IP address and pages visited. These third parties may only use directly identifying data, for example, e-mail addresses, for the service requested in accordance with NAVEX Global’s privacy practices and not for their own marketing purposes unless you separately consent to receiving such marketing under the terms provided by that third party.

NAVEX Global also contracts with select third parties in connection with the delivery of services to our customers. These third parties may not use any directly identifying data other than to provide the specific contracted services.

Blogs and Forums

Public Forums

Our Web site offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog or community forum, contact us at policyshare@navexglobal.com. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.

If you choose to comment on our blog, you will be required to login to our third party vendors site to do so. Any information you choose to submit within this section of the site will be collected and used by our vendor and is subject to their privacy policy. Please contact them directly should you have any questions or concerns regarding your posting.

Privacy Shield

EU-U.S. Privacy Shield and Swiss- U.S. Privacy Shield

NAVEX Global, Inc., its affiliated company GCS Compliance Services Europe Unlimited Company, or its wholly-owned subsidiary, The Network, Inc. (hereinafter, collectively, or individually, as applicable “NAVEX Global”) complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Frameworks (“Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union (EU), the United Kingdom (UK), and/or Switzerland, as applicable, to the United States in reliance on Privacy Shield. NAVEX Global has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such information. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

NAVEX Global is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. NAVEX Global complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, the UK, and/or Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, NAVEX Global is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, NAVEX Global may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

International Transfers

To facilitate our operations, we may transfer, store and process your personal information in jurisdictions other than where you live [including in the United States]. Laws in these countries may differ from the laws applicable to your country of residence. For instance, if you are a European Economic Area (EEA) data subject and your personal information is shared with our affiliates, partners, or third-party service providers acting on our behalf outside of the EEA, then it is done so pursuant to appropriate safeguards necessary to ensure an adequate level of protection in accordance with this Privacy Statement. The safeguards we have taken include implementing appropriate contractual commitments including the use of the European Commission’s Standard Contractual Clauses for transfers of personal information to non-EEA third parties or reliance on our EU-U.S. Privacy Shield or Swiss-U.S. Privacy Shield, as applicable.

Breach of Privacy Policy

If you have received unwanted, unsolicited e-mail sent by NAVEX Global or from any NAVEX Global system or purporting to be sent via NAVEX Global, please forward a copy of that e-mail with your comments to info@navexglobal.com for review.

If you have questions or complaints regarding our privacy statement or practices, please contact us at privacy@navexglobal.com with “Privacy Enquiry” in the subject line and provide detail on your question or complaint so that we may adequately respond. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Please see below for fax and postal mail information.

Contact Information

Questions or comments regarding this Policy should be submitted to NAVEX Global by mail or e-mail as follows:

NAVEX Global, Inc.
Attention: Data Protection Officer
5500 Meadows Road
Suite 500
Lake Oswego, OR 97035
USA
privacy@navexglobal.com