Privacy Policy

Jump to EU-US, UK and Swiss-US Data Privacy Framework Compliance Section

INTRODUCTION

The Group for Organizational Effectiveness, Inc. (gOE) provides tools, applied research and consulting services to organizations around the globe. gOE respects the privacy of the visitors and users of our websites, so we have developed this website privacy policy. It applies to the operation of gOE’s websites that directly link to this policy when you click on the “Privacy” link in the website footer, including www.groupoe.com, www.gOEbase.com and www.debriefnow.com.

At gOE, we take your privacy very seriously and will only use your information to administer your account and to provide you with the products and services you have requested from us. The processing of your personal data, such as your name, address, e-mail address, or telephone number shall always be in in the spirit of the General Data Protection Regulation (GDPR), comply with the EU-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework and operate in accordance with the country-specific data protection regulations applicable to The Group for Organizational Effectiveness, Inc.

This privacy notice describes how we collect, use, disclose and otherwise process personal data collected related to our Services and otherwise in the course of our business activities, including the information practices of the websites that link to this Privacy Notice (“Sites”).

DEFINITIONS

Personal Information: For the purposes of this policy, when we refer to personal information, we usually mean any information about an identifiable individual. Depending on the jurisdiction in which we operate, this may include, for example, email addresses you have provided, contact details you have given in connection with an account with us, or such other information you have given us to receive information about or use our services.

Third party: Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

Processing: Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, use, restriction, erasure or destruction.

Consent: Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

PERSONAL INFORMATION THAT WE COLLECT AND WHY WE COLLECT IT

Business Contact and Customer Relationship Management

We collect and maintain information about our Customers, which may include company name, business contact name and title, phone number, email and other contact details. We may also collect billing address, subscription and license information, and usage details.

Registration, Account Setup, Service Usage

In order to obtain an account to use some of our services, for example to use gOEbase, we need to store a valid email address and name associated with your account. You need to provide this information to enable us to provide you with the contracted services and to protect against unauthorized access to the services.

Customer Support and Service

When Customers contact us for support or other customer service requests, we maintain records related to the requests, including any information provided by Customers related to such support or service requests.

Site Usage

Logging: Like most websites, ours automatically receive and record information from your browser when you visit the site. Collected may be (1) your browser type and version used, (2) the operating system, (3) the website from which an accessing system reaches our website, (4) the date and time (so-called timestamp) of access to the Internet site, (5) an Internet protocol address (IP address), and (6) any other similar data and information that may be used in the event of attacks on our information technology systems.

When using these general data and information, The Group for Organizational Effectiveness, Inc. does not draw any conclusions about you. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, gOE analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

Cookies: Our websites use a technology called a “cookie.” A cookie is a piece of information that our webserver sends to your computer when you access a website.

The following types of cookies are used on our sites:

  • strictly necessary cookies – These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies, the services you have contracted for cannot be provided. These cookies don’t collect information that identifies a visitor.
  • performance cookies – Our Sites use Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website. Although GA records data such as your geographical location, device, internet browser and operating system, and an “anonymized” version of your IP address, none of this information can be connected to you.

E-Commerce Purchases

It is important to note that gOE does not electronically process orders directly. We use reputable ecommerce companies to do this on our behalf using the latest in secure transmission technologies. It is very important for these companies to keep accurate purchase records. If you use a shopping cart at any of our sites, you will be asked to provide consent for your information to be processed. Immediately after you purchase one of our products our ecommerce partner will notify us and will pass your contact information (e.g. name, company name, postal address, email address, telephone and fax number) together with some limited purchase order information (e.g. purchase date, order reference number, product code, product name, quantity, price and any delivery options).

This data is used to enable us to email you with necessary product codes, to identify you in order to give you the full benefits of your purchase including free technical support and to enable us to set up a user account. For security purposes the IP address of this transaction may be recorded. Please note that we do not receive a copy of your actual payment details (such as credit card numbers or wire transfer details) and we do not make any of this information available to any third parties.

SUMMARY OF HOW WE USE YOUR INFORMATION

Having accurate information about you permits us to provide you with a smooth, efficient, and customized experience. To summarize, we may use information collected about you via the Sites to:

  • Create and manage your account.
  • Assist law enforcement and respond to subpoena.
  • Compile anonymous statistical data and analysis for use internally.
  • Email you regarding your account or order.
  • Fulfill and manage purchases, orders, and payments through third party vendors, and other transactions related to the Sites.
  • Monitor and analyze usage and trends to improve your experience with our products/services.
  • Notify you of updates to our services/products.
  • Prevent fraudulent transactions, monitor against theft, and protect against criminal activity.
  • Resolve disputes and troubleshoot problems.
  • Respond to product and customer service requests.

Our processing of your personal data is justified on one or more of the following legal bases:

  • the processing is necessary to perform a contract with you or your employer or take steps to enter into a contract at your request;
  • the processing is necessary for us to comply with a relevant legal obligation; or
  • you have consented to the processing.

HOW YOUR INFORMATION IS STORED

Your data is always held securely. Access to customer information is strictly controlled. The customer database system is stored on a server hosted by a third party vendor in a GDPR-compliant manner and can only be accessed by people who need it to do their job. Certain data is additionally controlled and is only made visible to members of staff who have a reason to work with it.

WITH WHOM DO WE SHARE YOUR INFORMATION?

Except as described in this Policy, we will not intentionally disclose the personal information that we collect or store to third parties without your consent. We may disclose information to third parties in the following circumstances:

Service Providers: We may share Your Information with agents, contractors or partners of gOE in connection with services that these individuals or entities perform for, or with, gOE. These agents, contractors or partners are restricted from using this data in any way other than to provide services for gOE, or services for the collaboration in which they and gOE are engaged. We may, for example, provide your information to agents, contractors or partners for hosting our databases, for data processing services, or so that they can send you information that you requested. We may also provide Your Information to a third party in connection with the sale, assignment, or other transfer of the business to which the information relates, in which case we will require any such buyer to agree to treat Your Information in accordance with this Privacy Policy.

Law Enforcement, Legal Process and Compliance: We may disclose Personal Data or other information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a facially valid court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies.

If we transfer your personal information, we’ll take appropriate measures to protect your privacy and the personal information we transfer. gOE is liable for appropriate onward transfers of personal data to third parties. Should we need to transfer your personal information we will obtain assurances from the third parties that they will safeguard your personal information consistent with this Policy. If we learn that an agent is using or disclosing personal information in a manner that is contrary to this Policy, we will take reasonable steps to prevent or stop it.

RETENTION OF YOUR DATA

The Group for Organizational Effectiveness, Inc. will retain your information only for as long as is necessary for the purposes set out in this policy, for as long as your account is active or as needed to provide the Services to you. We will retain and use your information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your information to comply with applicable tax/revenue laws), resolve disputes, enforce our agreements, and as otherwise described in this policy.
Our policy is to remove personal information that is no longer necessary every 6 months.

YOUR DATA RIGHTS

We respect your privacy rights and provide you with reasonable access to the Personal Data that we process for your use of the Services.

You may benefit from a number of rights in relation to your information that we process. Some rights apply only in certain limited cases, depending on your location.

Depending on your location, you may also have certain additional rights with respect to your information, such as: (i) data access and portability (including the right to obtain a copy of your personal data you provided to The Group for Organizational Effectiveness, Inc.); (ii) data correction (including the ability to update your personal data by contacting us); and (iii) data deletion (including the right to have us delete your personal information, except information we are required to retain, by contacting us).

If you wish to access or amend any other Personal Data we hold about you, or to request that we delete or transfer any information about you, you may contact us as set forth in the “How to Contact Us” section.

Please note that any deletion of your Personal Data associated with your account will preclude The Group for Organizational Effectiveness, Inc. from being able to provide to you some or all of the features and functionality of the Service.

At any time, you may object to the processing of your Personal Data, on legitimate grounds, except if otherwise permitted by applicable law. If you believe your right to privacy granted by applicable data protection laws has been infringed upon, please contact us: privacy@groupoe.com. You also have a right to lodge a complaint with data protection authorities.

SECURITY OF YOUR INFORMATION

The security of your personal information is of upmost importance to us and we take numerous measures to ensure its security. These measures will be appropriate to the risks involved and the nature of the personal data. We know that this is important to you and it is also important to us.

We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. We maintain appropriate administrative, technical and physical safeguards to protect Personal Data against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal Data in our possession. This includes, for example, firewalls, password protection and other access and authentication controls. We encrypt all communications to and from our Sites as well as encrypt certain pieces of information (e.g. passwords) stored in our databases. In addition, your account information is protected by a password. It is important that you protect against unauthorized access to your account and information by choosing your password carefully and by keeping your password and computer secure, such as by signing out after using the Services.

However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. We cannot ensure or warrant the security of any information you transmit to us or store on the Service, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. If you believe your Personal Data has been compromised, please contact us as set forth in the “How to Contact Us” section.

WITHDRAWING CONSENT

Where you may have provided your consent, you have the right to withdraw your consent to our processing of your information and your use of the Services. You can choose to withdraw your consent to our processing of your information and your use of the Services at any time by requesting the deletion of your account or to request that your personal information be deleted, except for information that we are required to retain.

DATA BREACHES

We will report any unlawful data breach of this website’s database or the database(s) of any of our third-party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.

MINOR AND CHILDREN’S PRIVACY

Protecting the privacy of young children is especially important. Our Service is not directed to children under the age of 18, and we do not knowingly collect Personal Data from children under the age of 18 without obtaining parental consent. If you are under 18 years of age, then please do not use or access the Service at any time or in any manner. If we learn that Personal Data has been collected on the Service from persons under 18 years of age and without verifiable parental consent, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 18 years of age has obtained an Account on the Service, then you may alert us at privacy@groupoe.com and request that we delete that child’s Personal Data from our systems.

HOW TO CONTACT US

Please contact us with any questions or comments about this Policy, your Personal Data, our use and disclosure practices, or your consent choices by email at privacy@groupoe.com.

 

EU-U.S., UK EXTENSION AND SWISS U.S. DATA PRIVACY FRAMEWORK (DPF) COMPLIANCE

The Group for Organizational Effectiveness, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. The Group for Organizational Effectiveness, Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  The Group for Organizational Effectiveness, Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

The United States Federal Trade Commission (FTC) is the enforcement authority with jurisdiction over this compliance with the Data Privacy Framework (DPF).

These are our promises to you:

  • Notice. We’ll give you timely and appropriate notice describing any personal information we’re collecting, how we’ll use it, and the types of third parties with whom we may share it.

    Information That We Collect

    Communications with Us: When you send an email or submit a web contact form, including support requests for our Services, we may collect the personal information that you provide us and may use it in order to process your inquiries, respond to your requests and improve our Services. These contact forms require users to give contact information (such as name and email address). We use this contact information to reply with information about our products and services and/or to provide customer service.

    Account Information: When you register for a Service, we may ask for and save personal information such as your name, address, phone number and e-mail address. A third-party intermediary is used to manage credit card processing where applicable. This intermediary is not permitted to store, retain, or use your billing information for any purpose except for credit card processing on our behalf. By voluntarily providing us with Account Information, you hereby represent that you are the owner of such personal information or are otherwise authorized to provide it to us.

    Cookies/Tracking Technologies: Our websites may use a technology called a “cookie.” A cookie is a piece of information that our webserver sends to your computer (actually to your browser file) when you access a website. Then when you return to our site, it will detect whether you have one of our cookies on your computer. Our cookies may help provide additional functionality to the site and help us analyze site usage more accurately. For instance, our site may set a cookie on your browser that keeps you from needing to re-enter a password more than once during a visit to the site. Our sites may use a technology known as web beacons – sometimes called single-pixel gifs – that allow a site to collect web log information. A web beacon is a graphic on a web page or in an e-mail message designed to track pages viewed or messages opened. Web log information is gathered when you visit one of our websites by the computer that hosts our website (called a “webserver”). The webserver automatically recognizes some non-personal information, such as the date and time you visited our site, the pages you visited, the website you came from, the type of browser you are using (e.g., Microsoft Edge), the type of operating system you are using (e.g., Windows), and the domain name and address of your Internet service provider. We may also include web beacons in promotional e-mail messages in order to determine whether messages have been opened.

    Log Files: As is true with most websites and services, our servers gather certain information automatically and store it in log files. This information includes IP addresses, browser, referring/exit pages, operating system and click stream data as well as certain personal information such as user name, user email address and other information that may be included in open textual fields. Our application log files are subject to the same strict data security policies and procedures as apply to the application databases for our Services. We may combine this automatically collected log information with other information we collect about you. We do this to improve the Services that we offer you, to improve analytics or Website functionality.

    Social Media Integrations: Our Sites may include social media features, such as the Facebook Like button, and “widgets,” such as the Share This button. Use of these features is optional. These features may collect your Internet protocol address, which page you are visiting on our Sites, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party and your interactions with these features are governed by the privacy statement of the company providing it.

    gOE provides this notice in clear and conspicuous language, either through this privacy statement or other means such as informed consent forms, statements on gOE’s Sites, and other disclosures.

    Purposes For Why We Collect It 

    gOE processes Personal Information for the following purposes: to provide our services; to contact and communicate with our clients regarding our services/offerings; and to manage the financial and contractual relationship with our customers.

    We will only process Personal Information in ways that are compatible with the purpose of collection, or for purposes the individual authorizes. Before we use your Personal Information for a purpose that is materially different than the purpose we collected it for, or that you later authorized, we will provide you with the opportunity to opt out. We maintain reasonable procedures to help ensure that Personal Information is reliable for its intended use, accurate, complete, and current.

    The types of customer/client/visitor Personal Information collected and processed by gOE include full name; username / password; email address; IP address; User ID (random number generated by the application).

    Types of Third Parties We May Share It With 

    Except as described in this Policy, we will not intentionally disclose the Personal Information that we collect or store to third parties without your consent and take measures to protect it to prevent unintentional disclosure. While your Personal Information is normally only visible to you and a minimal number of gOE employees, there are very limited circumstances in which gOE shares your personal information.

    We may disclose information to the following types of third parties:

    Service Providers: We may share Personal Information with agents, contractors, or partners of gOE in connection with services that these individuals or entities perform for, or with, gOE. These agents, contractors or partners are restricted from using this data in any way other than to provide services for gOE, or services for the collaboration in which they and gOE are engaged. We may, for example, provide Personal Information to agents, contractors or partners for hosting our databases, for data processing services, or so that they can send you information that you requested. We may also provide Personal Information to a third party in connection with the sale, assignment, or other transfer of the business to which the information relates, in which case we will require any such buyer to agree to treat your information in accordance with this Privacy Policy.

    Law Enforcement, Legal Process and Compliance: We may disclose Personal Information or other information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a facially valid court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies.

  • Choice/Opt-out. We’ll give you choices about the ways we use and share your personal information, and we’ll respect the choices you make. gOE will offer individuals the opportunity to choose (opt-out) whether their personal information is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. To do this you may email us at privacy@groupoe.com. Some communications (e.g., important account notifications) are considered transactional and are necessary for all gOE customers. These communications cannot be opted-out from while you maintain an account with us.
  • Accountability for Onward Transfers (to Third Parties). If we transfer your personal information, we’ll take appropriate measures to protect your privacy and the personal information we transfer. The Group for Organizational Effectiveness, Inc. is liable for appropriate onward transfers of personal data to third parties. Should we need to transfer your personal information we will obtain assurances from the third parties that they will safeguard your personal information consistent with this Policy. If we learn that an agent is using or disclosing personal information in a manner that is contrary to this Policy, we will take reasonable steps to prevent or stop it. We may share Your Information with agents, contractors or partners of gOE in connection with services that these individuals or entities perform for, or with, gOE. These agents, contractors or partners are restricted from using this data in any way other than to provide services for gOE, or services for the collaboration in which they and gOE are engaged. We may, for example, provide your information to agents, contractors or partners for hosting our databases, for data processing services, or so that they can send you information that you requested. We may also provide Your Information to a third party in connection with the sale, assignment, or other transfer of the business to which the information relates, in which case we will require any such buyer to agree to treat Your Information in accordance with this Privacy Policy.

    Links: As a convenience to our visitors, our Sites may contain links to other sites that we believe may contain useful information. The policies and procedures we described here do not apply to those sites. We suggest contacting those sites directly for information on their privacy, security, data collection, and distribution policies. Please be aware that The Group for Organizational Effectiveness, Inc. may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

  • Security. We’ll take appropriate physical, technical, and organizational measures to protect your personal information from loss, misuse, unauthorized access or disclosure, alteration, and destruction. These measures will be appropriate to the risks involved and the nature of the personal data. We know that this is important to you and it is also important to us.
  • Data integrity and Purpose Limitation. We’ll take appropriate steps to make sure the personal information in our records is accurate and relevant. We will collect only as much of Your Information as we need for specific, identified purposes, and we won’t use it for other purposes without obtaining your consent. We will correct any personal information inaccuracies that you report to us.
  • Access. Under the Data Privacy Framework principles, you have the right and option to review and correct any of Your Information that is inaccurate. We’ll provide ways for you to access your personal information, as required by law, so you can correct inaccuracies. To do so, please contact us at privacy@groupoe.com. The Group for Organizational Effectiveness, Inc. may restrict access to personal data in exceptional circumstances where the legitimate rights of other persons would be violated or where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy or where access could reveal confidential commercial information.
  • Recourse, Enforcement and Liability. In compliance with the EU-U.S. Data Privacy Framework Principles, The Group for Organizational Effectiveness, Inc. commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. European Union, Swiss and United Kingdom individuals with DPF inquiries or complaints should first contact The Group for Organizational Effectiveness, Inc. at privacy@groupoe.com

The Group for Organizational Effectiveness, Inc. has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information or to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2

Verification

We’ll regularly review how we’re meeting these privacy promises. The Group for Organizational Effectiveness, Inc. assesses annually that our  policies as stated are accurate, comprehensive, comply with the  above-listed Data Privacy Framework Principles, are fully implemented and we have procedures for training employees about our obligations. To request a signed copy of our most recent self-assessment of our privacy practices, contact us at privacy@groupoe.com.

How to Contact Us

We will attempt to resolve any concerns you have promptly and fairly. To access your information, ask questions about our privacy practices, or issue a complaint, contact us at:

Privacy Officer
The Group for Organizational Effectiveness, Inc.
727 Waldens Pond Road
Albany, NY 12203
518.456.7738
privacy@groupoe.com
Last updated: October 4, 2023