GRC Seminars International Compliance
Collecting Personal Information
We will ask you when we need information that personally identifies you (personal information) or allows us to contact you. Generally, this information is requested when you are ordering e-mail newsletters, joining a limited-access premium site, or purchasing products or services. Personal information collected by GRC Seminars often is limited to name, e-mail address, phone number, country or location, but may include other information when needed to fulfill your request or order.
GRC Seminars may ask you to provide certain information about yourself by filling out and submitting an online form. It is completely optional for you to engage in these activities. If you elect to engage in these activities, however, GRC Seminars may ask that you provide us personal information, such as your first and last name, mailing address (including ZIP code), e-mail address, employer, job title and department, telephone and fax numbers, and other personal information.
When ordering products or services, you may be asked to provide a credit card number. Depending upon the activity, some of the information that we ask you to provide is identified as mandatory and some as voluntary. If you do not provide the mandatory data with respect to a particular activity, you will not be able to proceed with that activity.
When you buy and install the new products, we may ask you to register your purchase electronically. When you do, we keep this registration information on file with any information you’ve already given us on previous visits to our Web site. This is considered your personal profile.
This site may use technology that lets GRC Seminars collect certain technical information, such as IP addresses, browser types, traffic patterns and the address of any referring Web sites, and uses HTTP cookies for systems administration. However, if you do not wish to receive cookies, or want to be notified of when they are placed, you may set your Web browser to do so, if your browser so permits.
GRC Seminars may monitor how a visitor arrives at the Web site, but cannot and will not gather information about other sites you have been on. GRC Seminars does not link IP addresses to anything personally identifiable.
Use of Personal Information
GRC Seminars may use your personal information for the following purposes:
To make the site easier for you to use by entering your personal information only once;
To provide information to allow GRC Seminars to create and publish content most relevant to its customers; and to alert its customers to product upgrades, special offers, updated information and other new products and services.
You may remove your name from any GRC Seminars’s distribution list by clicking on a link provided within each electronic communication, or by replying to the email with the subject line “unsubscribe”.
If you supply GRC Seminars with your telephone number online, you may receive telephone contact from us with information regarding new products and services or upcoming events. If you do not wish to receive such telephone calls, please let us know by calling the telephone number below.
Links to Other Sites
GRC Seminars works with companies that provide services to us to determine whether users who saw or clicked on an ad or content later bought the item displayed in the ad (or took some other action GRC Seminars wanted them to take). To do this, these companies may collect information about the content or ads users view, how long they spend on different pages, how they arrived on a particular page (e.g., through a search query, link from another page, or a bookmark), and how they respond to the ads we show them. GRC Seminars also may share portions of our log file data, including IP address, with these partners for analytics purposes. In the event your IP address is shared, this information may be used to estimate general location and other technographics such as connection speed, whether you have visited GRC Seminars website in a shared location, and type of the device used to visit GRC Seminars website. These partners provide information about our advertising and what you see using GRC Seminars to provide auditing, research and reporting for us.
We reserve the right to access and disclose your information when we believe in good faith that such disclosure is necessary to: (a) enforce legal rights and comply with the law; (b) comply with an order from a government entity or other competent authority, (c) prevent or address potential or actual injury or interference with our rights, property of GRC Seminars and its family of Web sites, operations, users or others who may be harmed or may suffer loss or damage; (d) protect our rights, prevent fraud and/or comply with judicial proceeding, court order, or legal process served on MetricStream.
Under certain circumstances, we may be required to disclose your information to government or law enforcement officials in response to a lawful request by a public authority or if we have to do so to comply with a legal obligation, including to meet national security or law enforcement requirements. We can also disclose your information in order to apply or enforce our terms and conditions or to respond to any claims, to protect our rights or the rights of a third party, to protect the safety of any person or to prevent or prevent any illegal activity (including for the purposes of fraud protection and credit risk reduction).
You will be notified when any identifying information about you is collected or shared by any third party that is not our service provider, so you can make an informed choice as to whether to share your information with that party. If you do not wish to have your information shared and want to opt out from receiving further communications from any third party that is not our agent or service provider, please contact that third party directly.
Protecting your privacy and your information is a top priority at GRC Seminars. GRC Seminars has taken appropriate measures to prevent the loss, misuse and alteration of your information.
Once GRC Seminars receives information that is entered into its Web site, it is stored behind a firewall. All GRC Seminars employees are aware of the company’s privacy and security policies. Your information is only accessible to those employees who need it in order to perform their jobs.
EU-US Privacy Shield
For the personal data that we receive from EEA, we remain compliant with EU-US Privacy Shield as specified by the United States Department of Commerce pertaining to personal data collection, retention and use from EU countries. We adhere to the Privacy Shield principles of notice, choice, accountability for onward transfers, security, data integrity & purpose limitation, access and recourse, enforcement and liability when processing personal data from the EEA in the US.
Accountability and Liability for Onward Transfer
GRC Seminars is required to take certain steps when transferring personal data received from the European Union to third parties (such as including contractual provisions in our third party contracts which require them to provide the same level of protection the Privacy Shield requires and limiting their use of the data to the specified services provided on our behalf).
We take reasonable and appropriate steps to ensure that third parties process personal data in accordance with our Privacy Shield obligations and to stop and remediate any unauthorized processing.
Under certain circumstances, we may remain liable for the acts of third parties who perform services on our behalf in connection with their handling of personal data that we transfer to them(including where we transfer personal data to them pursuant to the Privacy Shield).
Privacy Complaints Handling, Recourse and Enforcement
We will respond to any complaints as soon as possible and within 45 days.
You may also refer a complaint to your local data protection authority and we will work with them to resolve your concerns.
Please note that if your complaint is not resolved through these channels, in certain limited circumstances, a binding arbitration option may be available provided that you have taken the following steps: (1) raised your compliant directly to us using the contact details above and provided us the opportunity to resolve the issue; and (2) raised the issue through the relevant data protection authority and allowed the U.S Department of Commerce an opportunity to resolve the complaint at no cost to you.
GRC Seminars is subject to the investigatory and enforcement powers of the Federal Trade Commission in the case of any failure to comply with the Privacy Shield.
Access to information
You have the right to access the personal data we collect about you in the EEA and to request that we correct, amend, or delete it if it is inaccurate or processed in violation of the Privacy Shield. These access rights may not apply in some cases, including where we must comply with legal requirements or if providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access.
If you would like to request access to, correction, or deletion of your personal data collected in the EEA, you can submit a written request using the contact information provided below. We may request specific information from you in order to confirm your identity. In some circumstances, we may charge a reasonable fee for access to your information.
Processing information for our customers and GDPR:
Where we process personal information in connection with the provision of our services and solutions to our customers, we only collect, process and store personal information to support and provide those solutions. We act as data processors on behalf of our customers and do not use such information for our own purposes.
GRC Seminars as Data Processor
As a service provider to its customers, GRC Seminars applications may capture personal data (name, email address, contact info, company affiliation) to track the records entered into the system from an authentication and authorization perspective. In this capacity, GRC Seminars acts as a data processor on behalf of its customers.
As a data processor, GRC Seminars has put in place appropriate technical and organizational measures to help ensure that its processing activities meet the requirements of GDPR, some of which we have described in this statement.
GRC Seminars has implemented various security measures including controls and application and network level security audits by third-parties as well as robust standard operating procedures to manage any security incidents.
GRC Seminars is committed to ensuring that it has data transfer and data management mechanisms in place as required by the GDPR. Further, as an ISO 27001 and SSAE16 SOC 2 certified organization, GRC Seminars adheres to all necessary controls to protect customer data.
GRC Seminars Contact Information
Questions regarding this policy and any requests to access or modify data should be directed to our data privacy team at the following email address: firstname.lastname@example.org, Or you can mail, phone, mail to: GRC Seminars, 2479 East Bayshore Road, Suite 200, Palo Alto, CA 94303, Phone: 650-332-0333, Email: email@example.com
Last Update July 18, 2018