REVISED as of 24 July 2018
As the data controller of your personal data, we control how all personal information we are holding about you is stored, processed, or transferred. We will only deal with your personal data in accordance with the terms of this Policy.
Collection and Use of Information
We collect personal data if you submit it voluntarily or we otherwise learn it through our interactions with you, which may include your name, email address, and contact details. We continuously review our records to ensure your data is as accurate as possible. We may therefore consult alternative sources in order to do so, such as newspaper articles, company websites, and other publicly available sources.
Graham-Pelton collects and uses information that it believes to be factually correct, relevant to its work, and not excessive. We are always respectful of our constituents in regards to information retained. We do not store any sensitive information such as racial/ethnic origin; political beliefs; religious/similar beliefs; trade union membership; physical/mental health condition; sexual orientation/activities; commission or alleged commission of an offense, or any proceedings such as a court sentence.
The information we collect may be used by us to communicate with you for marketing, promotional, and administration purposes in connection with our legitimate business interests. These communications may include:
• The promotion of the relationship between Graham-Pelton and our network, including existing clients, potential clients, and other individuals or entities within our core market segment;
• Advertising and promotion of Graham-Pelton events and services;
• Distribution of Graham-Pelton mailings (e.g. staff announcements, webinars, sector news, and reports); and
• Eliciting non-financial support (e.g. support with research projects, advice on recruitment, and participation in benchmarking).
Graham-Pelton generally does not collect, use, or disclose personal data to any third party or for any other purpose that is materially different from the purpose we originally collected it for or to which you consented. In the event your personal data is to be disclosed to a third party or used for a purpose that is materially different from the purpose we originally collected it for or that you consented to, we first offer you the choice to opt out of such collection, use, or disclosure. You may opt out by emailing firstname.lastname@example.org.
Disclosure of Information to Third Parties
Graham-Pelton will not ordinarily disclose your data to any third parties. However, Graham-Pelton may share your data:
• With our subsidiaries and affiliates, e.g. Graham-Pelton may process or store information in the United States on behalf of its international subsidiaries and affiliates;
• If we notify you and you consent to the sharing;
• In the event of any merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of Graham-Pelton’s business by or into another company;
• To protect our interests, rights, and property in the event of a claim or dispute brought against us; or
• If we are required by applicable law, regulation, operating agreement, legal process, or in response to valid requests by law enforcement officials, governmental agencies, or other public authorities, including to meet national security requirements.
Under certain circumstances, we may be liable in cases of onward transfer of personal information to a third-party agent which processes the information in a manner inconsistent with the Privacy Shield Principles, except in cases where Graham-Pelton is not responsible for the event giving rise to the damage.
Security of Information
Graham-Pelton will do its utmost to protect your privacy. Data protection legislation obliges us to follow security procedures regarding the storage and disclosure of information in order to avoid unauthorized loss or access. We have implemented industry-standard security systems and procedures to protect personal information from unauthorized access, disclosure, alteration, misuse, or destruction.
Access or Corrections to Information
Graham-Pelton may retain your personal information if necessary for Graham-Pelton’s legitimate business interests or to comply with any legal requirement. We will make reasonable efforts to ensure that the information is accurate and complete and we will update or correct your information as needed when notified by you.
You may have the right to access the personal information we hold about you. In some cases, however, access rights may not apply, including when providing access is unreasonably burdensome or expensive under the circumstances. To request access to, correction of, amendment to, anonymization of, or erasure of your information, please contact us by email at email@example.com or in writing at the following addresses. Within the EU: Graham-Pelton, 118 Pall Mall, London SW1Y 5EU; United States: 39 Beechwood Road, Summit, NJ, USA 07901.
Privacy Shield Statement
Graham-Pelton complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Graham-Pelton has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of notice, choice, accountability of onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement, and liability. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov.
Graham-Pelton commits to subject to the Privacy Shield Principles all personal data received by Graham-Pelton in the U.S. from EU member countries in reliance on the Privacy Shield. In compliance with the Privacy Shield Principles, Graham-Pelton commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Graham-Pelton at firstname.lastname@example.org.
To the extent that the privacy complaint remains unresolved, Graham-Pelton has further committed to cooperate with EU data protection authorities (DPAs) and the UK Information Commissioner’s Office. The services of EU DPAs are provided at no cost to you. Under certain circumstances, you may have the option of invoking binding arbitration before the Privacy Shield Panel created by the U.S. Department of Commerce and the European Commission. The Federal Trade Commission has jurisdiction over Graham-Pelton’s compliance with the Privacy Shield.
Graham-Pelton communications are by phone, email, and post. If you prefer not to receive some types or any of our communications, you can opt out by either emailing us at email@example.com or contacting our UK office on 020 7060 2622.
If you consider our use of your personal information to be unlawful, you have the right to lodge a complaint with the UK’s supervisory authority, i.e. the Information Commissioner’s Office. Graham-Pelton (UK) Ltd. is registered with the Information Commissioner’s Office, number ZA165891.
We keep our Policy under regular review. This Policy was last updated on 24 July 2018.