Updated: November 2021
NAVEX Global and its affiliates and subsidiaries (“NAVEX Global,” “we,” “us,” etc.) offer guidance, software and technology for companies to manage risk and reach their compliance goals. We are dedicated to improving workplace integrity worldwide and helping companies create a more resilient business by providing tools to identify and reduce risk and misconduct.
This Statement applies to NAVEX Global’s collection of personal information that we collect as a controller, in particular, through our Websites (https://www.navexglobal.com/, https://www.netclaim.com/, and all subdomains hosted by NAVEX Global) and any sites or products that display these terms, though webinars or events we may host or sponsor, or even at in person events such as trade shows or conferences. It does not apply to any website, mobile app, service, or product that does not display or link to this Privacy Statement or that contains its own privacy notice. For information about how we use personal information we receive associated with the software applications and related services we provide to our business customers please go to our Applications Privacy Statement here. If you do not agree with our policies and practices, please do not use the Website or related services. By accessing the Website or using the related services, you agree to this Statement.
How we collect personal information
We may collect personal information from you directly or indirectly. For example, when you register for one of our web seminars or virtual events or sign up to receive our email communications, you provide personal information directly to us. Other times, personal information is collected automatically as you use our Website. In addition, we also may receive personal information from third parties with whom we work.
We collect personal information when you provide it
You may provide certain kinds of personal information directly by interacting with NAVEX Global online and offline (via social media or Web forms, by phone, email, in person – or even through regular old postal mail). Personal information may also be provided to us directly or indirectly through the use of our customer relationship management systems, in order for us to track support for the service in our role as a controller.
When you register for a web seminar or download white papers available on our Website, for example, you typically provide your email address, phone number and geographic location. Or, to become a member of Compliance Next, you provide your name and email address and then create a username and password, information that on subsequent visits helps us confirm your identity and grant you access to member-exclusive content.
We may also collect personal information, typically name and contact information, you voluntarily provide at industry events.
We collect personal information from third-party sources
We may collect personal information about you from third parties, including from conference partners, public databases or third parties from whom we have purchased data, including advertising companies that specialise in interest-based ads. We may combine this with information we already have about you.
This helps us update, expand, and analyse our records, identify new customers, and provide information tailored to products and services that may interest you. You may opt out of receiving interest-based advertising by clicking here (or if you are in the European Union, click here.) Opting out of interest-based advertising will not prevent ads from being served to you; the ads will simply be more general.
We also work with third parties to support delivery of our online services (such as email and content streaming), or those that help us manage events. Your personal information may be provided to us by those third parties.
We also may collect personal information from online social networks if you take part in a forum, for example, on LinkedIn. We may collect personal information when you click “Share This” or “Like” buttons or otherwise use social media buttons or plug-ins.
We collect personal information using automated technologies
Sometimes personal information is collected by automated technologies and shared with us when Website visitors navigate through our products and services online. We may track your browsing actions and log your IP address. We track product preferences and content downloads, to make future visits to our Website more efficient.
We will not knowingly collect information from anyone younger than 16 years
Our Website and services associated with our Website are not intended for use by anyone younger than 16 years old, and we will never knowingly collect personal information from anyone younger than that. If we become aware that personal information of anyone younger than 16 has been provided to us, for any purpose, we will delete the information from our files.
Our Legal Basis for Collection
Certain data protection laws require that we have a legal basis for collecting your personal information. The legal basis we rely upon may be different in each circumstance or we may have one or more legal basis for the collection. When accessing our Websites, we collect personal information from you where 1) we have your consent, 2) where your personal information is necessary for us to provide a service (for example, when you register for a webinar), or 3) where we have a legitimate interest to process your information and that legitimate interest is not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may have a legal obligation to process your personal information, or to process your personal information to exercise, establish or defend legal claims.
Some browsers offer a “Do Not Track” privacy preference. Generally, when a user turns on the Do Not Track Signal, their browser sends a message to websites requesting that the user not be tracked. Our Website currently does not respond to “Do Not Track” signals.
How we use personal information
We know your personal information is important to you, so we want to be transparent about our use of that information.
As mentioned above, visitors to the Website will provide their name and email address when they want to receive emails from us or download white papers, articles, or other content available there. Visitors can also become members of our Compliance Next community by creating an account to access member-only resources and community opportunities.
Collecting and using this information allows not only easier, quicker access to our Website, content, and services on subsequent visits but also allows us to secure the information you have provided. As users navigate through the Website, their movements will be tracked and analysed. Using this information allows us to provide more relevant content and create a better visitor experience. We also use personal information:
- To market our products and services, typically through email and phone.
- To respond to support requests.
- To provide access to and maintain the security and integrity of the Website and services, which include personal information associated with logs generated from our service Applications.
- To provide updates regarding the Website and marketing information, such as special promotions or surveys, etc.
- To comply with legal and regulatory requirements applicable to our business and internal policies for maintaining records.
- To protect all parties in the event of disputes.
- For any other legal, business, or marketing purposes that comply with the practices described in this Statement.
As noted above, we use the information we receive through our Website for our own business purposes as a controller, but where we are acting as a processor in delivery of our Applications, including providing guidance and services to our business customers, we do so as a processor. The information we receive through our Applications and related services is subject to our Applications Privacy Statement.
If you provide personal information about others, or others give us your information, its use is limited to the specific purpose for which it was provided. Typically, this includes your name and business contact information (email address, phone number, job title).
Please note that we do not sell personal information we receive through our Website, nor do we share that information, other than as outlined in this Privacy Statement.
When we share personal information
Once your personal information is collected, as detailed above, we may share it with third parties for various reasons, among them email delivery, data hosting, analytics, payment processing and content streaming. These services may collect browsing data that includes IP addresses, referring pages, and users’ movements as they navigate the Website. Other third parties help us with our marketing efforts including sending and analysing our marketing efforts by measuring whether recipients have opened an email and clicked on any content within it.
When we share your personal information with a third party, we require that third party to protect the information consistent with this Statement and limit its use of the information to performing the services they provide to us. For example, when we share personal information with payment processors or presenters of web seminars, its use is limited to providing that service.
If you make a public post, other users may see it
If you make a post on a third-party social media site, such as LinkedIn, or by identifying us in your social media feed by tagging us using a hashtag (#) or “at” (@), your personal information may be publicly available and is subject to the privacy policies of those third-party social media sites. As a reminder, this Statement describes how we will treat your personal information once it is in our possession.
We recommend you review the privacy policies of any third-party sites you visit to understand their data collection and practices.
We may share feedback you provide to us
We want to hear how we’re doing. If you have suggestions for improving our Website or services, we want those as well. Please be aware that any feedback relating to our Website or social media channels may be publicly shared.
Eventual successors may access information
In the event of a merger, acquisition, reorganisation, bankruptcy, or other sale of all or a portion of our assets, any user information owned or controlled by us may be among the assets transferred to third parties as successors in interest. As part of this type of transaction, we reserve the right to transfer or assign your personal information to third parties. Other than to the extent ordered by a bankruptcy or other court, or as otherwise agreed to by you, the use and disclosure of all transferred user information will be subject to this Statement.
We need to comply with legal requirements
We may disclose your information to government authorities or other third parties if any lawful circumstances arise, including when:
- You have given us permission to share your information;
- We are required to do so by law, or in response to a subpoena or court order;
- We believe in our sole discretion that disclosure is reasonably necessary to protect against fraud, or to protect our property or other rights or those of other users of the Website, third parties, or the public at large; or
How we secure personal information
We have implemented industry-accepted administrative, physical, and technology-based security measures to protect against loss, misuse, unauthorised access, and alteration of personal information in our systems. We ensure that any employee, contractor, corporation, organisation, or vendor who has access to personal information in our systems is subject to legal and professional obligations to safeguard that personal information.
While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or form of electronic storage is 100 percent secure. Therefore, we cannot guarantee its absolute security.
NAVEX Global prohibits unauthorised access or use of personal information stored on our servers. Such access is a violation of law, and we will fully investigate and press charges against any party that has illegally accessed information within our systems.
Where NAVEX Global collects your personal information for its own independent business purpose, such as through our Websites, or in connection with webinars and events, we do so as a controller and will retain your information in accordance with our data retention practices. Typically, we retain your personal information for the time necessary to serve the purpose for which it was originally collected or you subsequently authorised, and in accordance with applicable law. For example, we will retain your information for as long as your account is active, as necessary to comply with our legal obligations and rights, to resolve disputes, and to enforce our agreements.
Data Storage and International Transfers
NAVEX Global is headquartered in the United States. Your personal information may be transferred to, processed, and maintained in places other than where you live.
The United States currently is not a country the European Union (“EU”) has deemed “adequate” under applicable data protection laws. NAVEX Global collects, transfers, and processes personal information under terms required by applicable law, including: when you provide your consent, to perform a contract with you (such as to deliver products or services), or to fulfill a compelling legitimate interest of NAVEX Global in a manner that does not outweigh your rights and freedoms. NAVEX Global may enter into data protection agreements or other legally approved mechanisms with its vendors to support compliance with applicable law.
NAVEX Global (and its subsidiaries The Network, Inc. and Lockpath, Inc.) are certified under the EU-U.S. and Swiss-U.S. Privacy Shield frameworks (the “Frameworks”). However, in 2020, both Frameworks were declared invalid as a legal mechanism we could rely on for the lawful transfer and processing of personal information from the European Economic Area, the United Kingdom, and Switzerland. Despite this, NAVEX Global continues to certify its compliance with the Frameworks as a means of evidencing its continued commitment to protecting personal information from the European Economic Area, the United Kingdom, and Switzerland and remains under the jurisdiction of the U.S. Federal Trade Commission. As required by the Frameworks, any personal information we receive under the Frameworks will be maintained in accordance with the Privacy Shield principles. NAVEX Global is responsible for the processing of personal information it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. NAVEX Global complies with the Privacy Shield Principles for all onward transfers of personal information from the European Economic Area, United Kingdom, and Switzerland, including the onward transfer liability provisions. In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
We have taken appropriate safeguards to require that the personal information we process will remain protected in accordance with this Statement when transferred internationally, including when processed internationally by third-party service providers and partners. For personal information from the European Economic Area, the United Kingdom, or Switzerland, data protection laws in those jurisdictions require that that we tell you the legal safeguards we have in place to protect that personal information. We may implement the European Commission's Standard Contractual Clauses, rely on a third-party service provider’s Binding Corporate Rules or other legally approved mechanism, for any transfer of personal information to non-European Economic Area, United Kingdom, or Switzerland third-party service providers or business partners.
Personal information received by NAVEX Global following invalidation of the Frameworks will be transferred and processed in accordance with the applicable European Commission’s Standard Contractual Clauses. More information about Privacy Shield can be found here and more information about the Standard Contractual Clauses can be found here.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. Under certain conditions, more fully described on the Privacy Shield website [https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint], you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
We understand that you want to protect and control your personal information. This section details how you may review, update, correct, or delete that information.
Viewing or updating your personal information
You may contact us to update your name, contact information, email preferences, job title and other business information by completing the form located here or by emailing us at email@example.com and including “Update My Information” in the subject line. For our Compliance Next members, please access your account on the Website to update your contact information, or email us at firstname.lastname@example.org with “Update My Compliance Next Account Information” in the subject line.
Opting out of promotional emails
If you do not wish to receive promotional e-mails from us, you may follow the unsubscribe process at the bottom of the promotional e-mail you received or by emailing us at email@example.com. For our Compliance Next members, please access your account on the Website to update your email subscription preferences, or email us at firstname.lastname@example.org. Please keep in mind that you still may receive transactional e-mails from us (such as e-mails related to the completion of your registration, correction of user data, password reset requests, reminder e-mails you have requested, and other similar communications) that may be necessary for us to make the Website available to you or respond to your inquiries and support requests.
Deactivating your account
You may deactivate your Compliance Next account any time. To deactivate your account, please edit your account on the Website by clicking “Email Compliance Next to delete my account” or send an email to email@example.com with “Deactivate Compliance Next Account” in the subject line. Upon receiving your request, NAVEX Global will deactivate your account and delete personal information where required by applicable law.
European Economic Area, Switzerland, or United Kingdom
Individuals from the European Union, including the United Kingdom and Switzerland, have certain rights associated with their personal information based on applicable law.
Your data protection rights
In addition to the rights granted under this Privacy Statement, European Economic Area, Switzerland, and United Kingdom data subjects have the following data protection rights under applicable law:
- You can request access to, correction of, updates to, or request deletion of your personal information based on information collected from accessing our Website or participating in our web seminars, forums or events.
- You can request more information about how we process your personal information, where and how we collected that information, the categories of that information, with whom we share it, and how long we retain it.
- You can object to the processing of your personal information, ask us to restrict the processing, or request portability of your personal information.
- You have the right to opt out of marketing communications we send at any time. You can opt out by clicking on the “unsubscribe” or “opt-out” link in any marketing email we send you.
- When we have collected and processed your personal information based upon your consent, then you can withdraw your consent at any time. However, withdrawing your consent will not affect the lawfulness of any processing we conducted before your withdrawal, nor will it affect processing of your personal information when we have relied on other legal grounds for the processing.
- Upon your request, and where it is technically feasible, NAVEX Global will provide you with a copy of your personal information or transmit it directly to another controller.
- You have the right to make a complaint to the data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. Contact details are available here.
To make a request, please contact us by completing the form located here or by emailing us at firstname.lastname@example.org with “Personal Information Request” in the subject line. Provide full details relating to your request, including your contact information and any other details you believe are relevant. We are committed to responding to requests to exercise data protection rights in accordance with applicable laws.
California Consumer Rights
The California Consumer Privacy Act provides specific rights to those who live in California. If you are a California-based consumer, as that term is defined under California law, this section shall apply in addition to all other applicable rights and information contained in this Statement.
- You have the right to request that we provide you with information about what personal information we collect, use, and disclose.
- You have the right to request that we delete personal information we, or our service providers, store about you.
- We will not discriminate or retaliate against you if you elect to exercise any rights under this section of our Privacy Statement.
- You may request that we not sell your personal information. As noted above, we do not sell your personal information and we only share your personal information with third parties, as described in this Statement.
- You have the right to designate an authorised agent to make a request on your behalf. Please see the Identity Verification Requirement below for information on our process for verifying that we have received a legally valid request.
- If you are a California consumer and have additional questions based on this section of our Privacy Statement, or wish to submit a request to request that we not share your information with third parties, please contact us by completing the form located here, by emailing us at email@example.com or call us toll-free at 844-842-0916.
Identity verification requirement
The law requires us to verify that any request submitted was made by someone with the legal right to access the information. Therefore, before accessing or divulging any information pursuant to a data access request, we may request that you provide us with additional information so we can verify your identity and legal authority, particularly where the information provided with the request is insufficient to confirm legal authority and/or identity.
To make a request, please contact us by completing the form located here or by emailing us at firstname.lastname@example.org with “Personal Information Request” in the subject line and provide full details about your request, including your contact information and anything you believe is relevant. We will provide a response to an access request within the timeframes required by law. If we cannot substantively respond in a timely manner, we will notify you and provide the reason for the delay.
Under certain circumstances, we may not fulfill your request, such as when doing so would interfere with our regulatory or legal obligations, when we cannot verify your identity, if your request involves disproportionate cost or effort, or when the law allows us to retain that information. But we will respond to your request within a reasonable time, as required by law, and provide an explanation.
This Privacy Statement will be reviewed at least every 12 months and updated to reflect our personal information handling practices. We reserve the right to amend this Statement at any time, for any reason, without additional notice to you, other than through posting the updated Privacy Statement on our Website. We invite you to return to this page to ensure you are informed of any updates we make about how we collect, use, and protect customer information. You can see when this Privacy Statement was last updated by checking the “last updated” date displayed at the beginning of this Statement.
If you have questions or complaints about the way we handle personal information, please contact us via the below contact details. We will promptly manage any complaints received from an individual. Alternatively, and at your choice, if you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Attention: Data Protection Officer
5500 Meadows Road, Suite 500
Lake Oswego, OR 97035