MENU

Great Place to Work® Institute, Inc.
Global Privacy Policy

Updated April, 2019

Great Place To Work Institute Inc. (GPTW) and its licensed affiliates (collectively, "GPTW Network") respect your privacy. This Global Privacy Notice describes the types of personal information we collect, how we use the information, with whom we share it, and the choices you can make about our use of the information. We also describe the measures we take to protect the security of the information and how you can contact us about our privacy practices. Our privacy practices may vary among the countries in which we operate to reflect local practices and legal requirements.

1. Information Collected

GPTW collects information from you when you choose to share it with us through or in connection with, but not limited to, our websites, events, conferences, client engagements, survey and assessment tools, workplace accreditations, and business development activities. For example, when you share your personal information with us to submit an inquiry through our websites, sign-up for our e-mail lists or newsletters, register for an event or conference, apply for one of our Best Companies to Work For lists, receive information about our events, products and services, and/or contact you regarding a potential or actual future, existing or current project or engagement. The information we collect may include name, address, telephone number, mobile telephone number, e-mail address, company name, job function, company industry, company size, nature of your inquiry, the types of information you want to receive, event information, dietary restrictions and meal preferences, and if you make a purchase, credit/debit card number or other financial information.

2. Websites

GPTW may use cookies, web beacons, pixel tags, log files, or other technologies to collect certain information about visitors to and users of our websites to monitor interactions with our emails, text messages and online advertisements. For example, we may automatically collect certain information from you, such as the type of web browser and operating system you use, the name of your Internet Service Provider, Internet Protocol (“IP”) address, software version, course geo-location information (for example, based on IP address or location of cellular tower used for the connection), and/or the domain name from which you accessed our websites. In addition, we may collect information about your browsing behavior, such as the date and time you visit our sites, the areas or pages of our sites that you visit, the amount of time you spend viewing or using our websites, the number of times you return to our websites, other click-stream or website usage data, and/or emails or ads that you open, forward or click-through to our websites.

You can set your Internet browser or operating system settings to stop accepting new cookies, to receive notice when you receive a new cookie, to disable existing cookies, to omit images (which will disable pixel tags) or adjust your tracking preferences. Note that the opt-out will apply only to the browser that you are using when you elect to opt out of advertising cookies. Without cookies or pixel tags though, you may not be able to take full advantage of our sites’ features. Check the “Tools” or “Help” tab on your browser to learn how to change your cookie and other tracking preferences.

Our website may host various blogs, forums, wikis, and other social media applications or services that allow you to share content with other users (collectively “Social Media Applications”). Any personal information or other information that you contribute to any Social Media Application can be read, collected, and used by other users of that Social Media Application over whom we have little or no control. Therefore, we are not responsible for any other user’s use, misuse, or misappropriation of any personal information or other information that you contribute to any Social Media Application.

3. Purposes of Processing Your Personal Information And Potential Uses

GPTW processes your information for the following purposes or may use your information in the following ways:

  • Respond to your inquiries or requests via the contact information you provide, including but not limited, e-mail;
  • Sign you up for, and provide you with, our newsletters and informative e-mail messages, as well as those of other licensed affiliates within the GPTW Network;
  • Register you for our events and conferences, as well as those of other licensed affiliates within the GPTW Network;
  • Promote our events and conferences, as well as those of other licensed affiliates within the GPTW Network;
  • Provide you with information regarding our events, conferences, products and services, as well as those of other licensed affiliates within the GPTW Network;
  • Register and consider your company for one of our Best Companies to Work For lists;
  • Communicate and/or coordinate with you regarding potential or actual future, current or past projects and engagements;
  • Facilitate the purchase of our books, products, services or other offerings, as well as those of other licensed affiliates within the GPTW Network;
  • Develop new products and services;
  • Address problems and review the usage and operations of our websites or business, and improve our content, products, and services;
  • Manage our telecommunications networks, as well as those of other licensed affiliates within the GPTW Network;
  • Process and archive scientific and historical research and statistical analysis assessing workplace culture, performance, and accreditation to assist organizations in evaluating and improving their workplaces;
  • Protect the security or integrity of our sites and our business, as well as those of other licensed affiliates within the GPTW Network;
  • Facilitate or consider the sale of GPTW or one of our licensed affiliates to another company;
  • Investigate or prevent an actual or suspected crime or injury to ourselves or others; and
  • Respond to a request from law enforcement authorities or other government officials, or as otherwise required by law.

4. Your Right To Access, Rectify, And Object To Your Personal Information

You have the right to obtain the following information from us:

  • Confirmation as to whether or not your personal information is being processed by GPTW and

If we are processing your personal information:

  • Purposes of the processing;
  • Categories of data concerned;
  • Recipients or categories of recipients to whom the personal information is disclosed, including the identity of any service providers we use to process your personal information on our behalf;
  • Details of any transfers of your personal information to non-European countries; and
  • Copy of the personal information being processed and of any available information as to the source of the information, except where prohibited by law.

You have the right to obtain this information from us at reasonable intervals and without excessive delay, unless we are prohibited by law from sharing such information or where it is necessary to protect the rights and freedoms of others.

GPTW takes reasonable care to ensure that your personal information is accurate, and where necessary, kept up to date. If it is determined that your personal information is inaccurate or out of date, we take every reasonable step to correct it.

You can object to the processing of your personal information if it is processed unlawfully. Further, if you allow us to process your personal information as described in this Global Privacy Notice, you can later withdraw your consent at any time (in which case, we will no longer process your personal information, anonymize it or delete it, as appropriate).

To exercise any of these rights, please contact us as provided below.

5. Safeguarding Your Personal Information

GPTW employs commercially reasonable technical, physical, administrative and organizational safeguards designed to protect the confidentiality, security and integrity of your personal information, including measures aimed at protecting personal information against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and against all other unlawful forms of processing.

In addition, we contractually require all service providers that process your personal information on our behalf to implement and maintain commercially reasonable technical, physical, administrative and organizational safeguards designed to protect your personal information.

6. Links To Other Sites

GPTW tries to make sure that any links on our websites send you to a helpful and reliable place on the Internet, but we are not responsible for the content of these other websites or their privacy practices. We may also have “plugins” (such as the Facebook “Like” button) to third-party sites or offer login (such as log in with Facebook) through a third-party account. Third-party plugins and login features, including their loading, operation and use, are governed by the privacy notice and terms of the third-party providing them.

GPTW also provides links to the websites of other affiliates within the GPTW Network. These websites are governed by the privacy notice and terms of the GPTW Network affiliate providing them.

7. International Data Transfers

We may transfer the personal information we collect about you to recipients in countries other than the country in which the information was originally collected, including the United States of America. Those countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer your information to other countries, we will protect that information as described in this Global Privacy Notice or as otherwise disclosed to you at the time the data is collected (e.g. via program specific privacy notice).

GPTW is a global business. To offer our services, we may need to transfer your personal information among several countries, including the United States, where we are headquartered. We comply with applicable legal requirements providing adequate safeguards for the transfer of personal information to countries outside of the European Economic Area ("EEA") or Switzerland.

8. GPTW EU-U.S. and Swiss-U.S. Privacy Shield Privacy Notice

GPTW complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information that is transferred from the European Union and Switzerland to the United States. GPTW also expressly confimrs that this commitment extends to personal data and/or Human Resources data frim the UK in reliance on the Privacy Shield. GPTW has certified that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov.

In compliance with the Privacy Shield Principles, GPTW commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquires or complaint regarding our Privacy Shield policy should first contact GPTW at: privacy@greatplacetowork.com; or write to us at:

Chief Data Protection Officer

Great Place To Work® Institute, Inc.

1999 Harrison Street, Suite 2070, Oakland, CA 94612

GPTW has further committed to cooperate with the panel established by the EU Data Protection Authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU and Switzerland in the context of the employment relationship.

GPTW receives and processes personal information from or relating to GPTW Affiliates and other legally separate entities in the context of the provision of products, services and support to these entities. Personal information received by GPTW will be treated in accordance with their instructions or pursuant to GPTW contractual arrangements with them consistent with the Privacy Shield requirements. GPTW acts as a data processor with respect to this information.

Individuals have rights under the Privacy Shield to access their personal information and to limit use and disclosure of their personal information. Please contact us if you wish to exercise these rights and we will refer any requests to relevant data controllers and support them as needed in responding to your request.

As a data processor, GPTW will disclose personal information only as authorized by the relevant data controller. We may use a limited number of third-party service providers to assist us in providing our services or in meeting internal business operation needs. These third parties will access information only to perform tasks on our behalf.

GPTW is accountable for the onward transfer of data to third party service providers or agents who assist us in providing services. GPTW maintains contracts with these third parties in compliance with our Privacy Shield obligations and other obligations and accepts liability if those parties fail to meet these obligations and we are responsible for the event giving rise to the damages.

Personal Information may also be disclosed as part of a corporate transaction such as a sale, divestiture, reorganization, merger or acquisition.

Disclosures of personal information may also be required to law enforcement, regulatory, or other government agencies, professional bodies or to other third parties, in each case to comply with legal or regulatory obligations or requests and professional standards. GPTW will notify the applicable data controller of any such request unless prohibited by law.

GPTW is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Should you believe that your rights have been infringed, you have the possibility, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.

9. Emprising™ Complies with All Global Data Security and Data Privacy Laws

The GPTW Emprising™ survey and analytics software platform operates by uploading to Emprising an email address list for the Company’s Employees taking the survey and, optionally, other information such as pre-coded demographics etc. by either GPTW or the Company. The email list is stored encrypted in a separately partitioned area from the Company Employee Data. When the Company survey opens, the email list is used to generate a personalized invite to each Company Employee which is a log-in identifier unique to each Company Employee. When the Company survey closes, the email list used to link to the Company Employee Data is deleted. As a result, the Company Employee Data is immediately de-identified and made anonymous.

The nature and purpose as well as the subject matter and duration of the Processing of the Company Personal Data is to collect Company employee survey data for processing and archiving scientific and historical research purposes and statistical purposes assessing workplace culture, performance, and accreditation to assist organizations in evaluating and improving their workplaces. This exact language is found in Article 89 of the GDPR. The types and categories of Company Personal Data to be processed is found in the demographic section and Trust Index questions of the survey.

To protect the confidentiality of the Company Employee Data, GPTW uses a suppression algorithm. GPTW will not report on Assessment results in which fewer than five (5) people in a Company demographic group have responded.

A unique identifier for Data Subjects may be kept as long as it is assigned randomly at the time of survey (e.g. as a sequential number generated by a database upon the insertion of a new record) and is not associated with external data that create a re-association with the Data Subject’s Personal Data; the unique identifier is only used as required within a relational database for Survey responses and associated data for a given year.

Emprising is hosted by the cloud provider Microsoft Azure. GPTW contracts with Azure to maintain the highest level of Data Security and Data Privacy compliance. Here are the audit reports and other resources documentation as well as the Compliance Manager Tool used by GPTW to comply with the GDPR and other privacy laws: https://servicetrust.microsoft.com/ and other compliance offerings:

https://www.microsoft.com/en-us/trustcenter/compliance/complianceofferings A general article about Azure compliance is here: https://www.communicationsquare.com/news/everything-about-gdpr-compliance-in-microsoft-cloud/ and a blog here: https://azure.microsoft.com/en-us/blog/protecting-privacy-in-microsoft-azure-gdpr-azure-policy-updates/ There are some country specific compliance resources, e.g. in Germany: https://servicetrust.microsoft.com/ViewPage/GermanComplianceResourcesV3

GPTW provides the highest standard of legal protection by warranting to the company that during the entire term of the engagement GPTW will comply with the following industry standards: Service Organization Controls (SOC) Report 1 and 2 under the Statement on Standards for Attestion Engagements (SSAE) 18 standard as well as with the International Organization for Standardization (ISO) 27001:2013 and ISO 9001:2015 standards and the National Institute of Standards and Technology (NIST 2015) cybersecurity framework. GPTW also complies with the Payment Card Industry Data Security Standard (PCI DSS) if applicable. This warranty is stated in Section 7 (Data Security) of the GPTW Products and Services Agreement which governs the terms of the engagement with GPTW customers and which has the following link on the bottom of the GPTW homepage: https://www.greatplacetowork.com/products-services-agreement GPTW uses commercially reasonable efforts consistent with industry standards to collect, transmit, store, protect and maintain the Data and Company Data obtained through the Services. GPTW represents and warrants that during processing or the term of the client’s engagement that it complies with the European Union (EU) 2016 General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Data Protection Laws of all other country, state, or regulating bodies. This warranty is stated in Section 8 (Data Privacy) of the GPTW Products and Services Agreement which governs the terms of the engagement with GPTW customers and which has the following link on the bottom of the GPTW homepage: https://www.greatplacetowork.com/products-services-agreement

As advised in the GDPR, GPTW maintains a full-time Chief Data Protection Officer (CDPO) and staff to ensure compliance with all Data Protection Laws. The CDPO reports directly to the CEO of GPTW. GPTW also employs full-time Certified Information Privacy Practitioner (CIPP) and staff who is certified under the NIST standard as administered by the International Association of Privacy Professionals at www.iapp.org.

10. Updates To Our Global Policy Notice

Check this Global Privacy Policy from time to time, as we may change or update portions of this statement at any time and without prior notice to you. If we change or update this statement in a material way, we will process personal information received under this Global Privacy Policy according to the terms of this Global Privacy Policy, unless you consent otherwise.

11. How To Contact Us

If you have any questions or comments about this Global Privacy Notice, GPTW's privacy practices or if you would like us to update information or preferences you provided to us, please e-mail us at: privacy@greatplacetowork.com; or write to us at:

Timothy H. Gens | Vice President, Director Legal Affairs

Chief Data Protection Officer, Certified Information Privacy Practitioner

1999 Harrison Street, Suite 2070 Oakland, CA 94612

P: 415.844.2649      E: Tim.Gens@greatplacetowork.com