O.C. Tanner and its affiliates (‘OCT’, ‘we’ or ‘us’) are committed to protecting the privacy of the companies when you use the services we make available via our websites and mobile applications (collectively, the "Services") and the information they provide to us. This Privacy Notice outlines the data processing practices of OCT. OCT values your privacy and it is one of our top priorities. We are focused on protecting your privacy from unauthorized access and/or use.
OCT provides employee recognition and engagement services to its clients. Within the Services, specific portions are available only to OCT clients, with each client having a dedicated portion (each, a "Client Recognition Platform"). In some cases where your employer is an OCT client, OCT and your employer may have a written agreement that sets forth additional obligations with respect to the gathering and use of personal information via your employer’s Client Recognition Platform. To the extent any such obligations are more restrictive than those set forth in this Privacy Notice, OCT will comply with such more restrictive obligations while you are accessing the Services via your employer’s Client Recognition Platform.
If you have questions or concerns regarding this Privacy Notice or concerns regarding your personal information, please contact our Privacy Officer by e-mail at email@example.com.
Collected and Stored Information
In order to provide our Services, we may collect and store the following information that can uniquely identify you, such as:
- Your name and contact information (work address and/or home address);
- Information about your relationship with your employer;
- Information related to your employment: employee identification number, email address, hire date;
- Purchases, submissions, and redemptions you make using our Services; and
- Content such as messages, comments, photos, videos, and other information that you submit.
If you make a purchase when using the Services, our third-party payment processor may collect your payment card or bank account number, payment card expiration date and security code, and other payment details, as well as other personal information, in order to complete your purchase.
If you access and use the Services on a mobile device and your mobile device’s settings allow it, we may collect information about your real-time location. You may disable the geo-location features of your mobile device or forego using our mobile applications, if you do not wish to make your location known.
We may conduct surveys at the request of your employer. We may also conduct marketing surveys for data research purposes, where we analyze the answers in the aggregate. We may ask for contact details in the event we need to verify or validate answers.
The information we may collect by automated means may include, without limitation:
- Information about the devices you use to access the Services (such as the IP address and the type of the device, operating system, web browser type, and mobile network information).
- Anonymous information regarding your access to and use of the Services, such as:
- Traffic data and logs;
- Actions taken when using the Services (such as searches, page views, and website navigation patterns);
- Dates and times;
- Duration of use of the Services (including whether you are a repeat or first time visitor); and
- Demographic information, in conjunction with voluntary, anonymous research surveys.
We collect application and Website usage data via cookies, downloads, and tailored web requests. In addition, we may collect and process personal information and data including, but not limited to, file transfer, media uploads, and viewing data, email and personal and/or business contact information, and other identifiable information provided to us.
OCT may collect the following personal information about you for marketing purposes:
- The use of enquiry and registration forms
- Your use or purchase of any of our products and Services
- The provision of your details to us either online or offline
The collected data elements may include, but are not limited to:
- Company Name, address, phone and fax number
- Home address and phone number
- Job title
- Mobile Telephone number
- E-mail address
Market research data
- Cookies: We may collect information about you regarding your use of our Services or that we collect automatically about your visit to our Website using cookies. Cookies, a small text file containing a string of alphanumeric characters, are deployed to your computer or mobile device to uniquely identify your presence when you visit our Website. OCT may use session cookies and persistent cookies for tracking various data points. Use of these cookies can also help to speed your access to the Website as they serve as 'reminders' as to who you are to our programming. They may help us analyze how our website is performing or allow us to recommend content we believe you will be interested in. While we recommend that you allow these cookies to perform their tasks, you may adjust your computer's settings to restrict or refuse them. However, some features or sections of the Website may not function properly, or not all, if the ability to accept cookies is disabled. We do not link the information we store in cookies to any personal information you submit while on our site. For further information about disabling cookies you can visit www.allaboutcookies.org. If you choose to decline cookies, you may not be able to login or use other interactive features of our Services that depend on cookies.
- Clear.GIFs: OCT may choose to utilize "clear.GIFs" to track which emails are being opened by the recipients. This act helps OCT to determine active and inactive email addresses.
- Log File Data: When you log into our system, our servers will automatically record and archive certain information that web-browsers send whenever visiting a website. These server logs may include information vital to validating your authorization to access your account and/or Services. Information, such as a Web request, Internet Protocol (the "IP") address, browser type, browser language, referring pages, exit pages and visited URLs, platform type, click counts, pages viewed and in what order, time spent, the date and time of the request, and other important data is necessary to validate and authorize a User's entry and activity on the Website.
- Some web browsers (including Safari, Internet Explorer, Firefox, and Chrome) incorporate a "Do Not Track" (DNT) or similar feature that signals to digital services that a visitor does not want to have his/her online activity tracked. If a digital service that responds to a DNT signal receives the DNT signal, the browser can block that digital service from collecting certain personal information about the browser's user. Not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, we and many other digital service operators do not respond to DNT signals. For more information about DNT signals, visit allaboutdnt.com.
OCT may collect information via other sources to help us correct or supplement our records, improve the quality or personalization of our Services to you, and prevent or detect fraud. We work closely with approved third parties who do not have access to your personal data. We receive and combine this new information with information we already have about you. We use this data to update and analyze our records, and to provide products and additional services that you may be interested in.
Use and Disclosure of Personal Information
- Personal information submitted by your employer to OCT is used to operate, maintain, and provide features, general and unique, of the Website for your use and for OCT to provide its Services. All personal information, data, or content provided to OCT is used in conformity with the Services being provided by OCT, including to administer "Wall of Fame", a private social media platform which allows employees to post real-time recognition of achievements and add likes and comments to others' posts. Information posted on the Wall of Fame is shared across teams and departments within your company. OCT is the Processor of your personal information and our legal basis for processing is contractual performance determined by the legitimate interests of your employer on your behalf, who is the Controller of your data. If you do not wish to utilize the Wall of Fame or the platform, you may opt out at any time by contacting your program administrator.
- We may contact you to respond to your questions and comments or to provide customer support. We may contact clients to measure your interest in various services or special offers, and to inform you about new products and services. We may contact users to facilitate reward redemption. We may disclose personal information about you to contractors, service providers, and other third parties to provide our services to you. Our third-party service providers may only use the information solely for processing your request or arranging delivery of your requested product or service. If you have requests, questions, or concerns regarding choices to limit use and disclosure of your personal information, please contact firstname.lastname@example.org.
- OCT will not rent or sell your personal information to others but may disclose personal information with third-party vendors and service providers that work with OCT. We will only share personal information to these vendors and service providers to help us provide a product or service to you. Examples of third parties we work with are printers, shippers, and drop- shippers and they are engaged depending on their availability at your location. These third parties only have access to personal information necessary for them to complete their service.
- With your permission, OCT may also provide you with information about products and services we offer and share client business contact information with our partner third party organizations that we feel may be of interest to you. OCT does not share personal information with other non-affiliated third-party companies for their commercial use or marketing use except as part of Services.
- OCT uses personal information and certain non-personal information, such as, but not limited to, anonymous data, browser type, cookies, IP addresses, clickstream data, and the like, to improve the quality and use designs of the Website through analysis of this data and usage trends.
- OCT provides non-personal information such as anonymous user data and traffic data to third parties for processing understanding the usage patterns and trends analysis for certain content, promotions, services, and/or functionality of our Websites on behalf of OCT. At all times, these parties are required to agree to process such information in compliance with applicable regulations and relevant contractual obligations, and we deploy reasonable efforts to limit their use of such information.
- OCT reserves the right to disclose personal and non-personal information that is believed, in good faith, to be appropriate or necessary for providing the Services. Other causes of release of data may be due to, but not limited to: (i) taking precautions against liability issues; (ii) to assist government enforcement agencies; (iii) to investigate and defend OCT against third party claims or allegations; (iv) to protect the security or integrity of the Website and/or Services; and/or (v) to protect the rights, property, or personal safety of OCT or others.
- OCT’s accountability for personal information it receives pursuant to the EU-US and Swiss-US Privacy Shield ("Privacy Shield Principles") and subsequent transfer of that data to third parties is detailed in the Privacy Shield Principles. OCT may be liable pursuant to the Privacy Shield Principles if said third party agents claim that OCT processes personal information in a manner inconsistent with pursuant to the Privacy Shield Principles, unless OCT can demonstrate that it is not responsible for the act or omission giving rise to the damage. In cases of onward transfer to third parties of data of EU and Swiss individuals received, pursuant to the Privacy Shield Principles, OCT is potentially liable.
Updating Your Personal Information
If you become aware that information that we maintain about you is inaccurate, or if you wish to update or review your information, please contact your human resources department. They will either make the changes directly or contact us to take reasonable steps to permit you to correct, amend, or delete information that is demonstrated to be inaccurate.
If you receive an email from us regarding new products or services, you may request to be removed from our database list by clicking the "UNSUBSCRIBE" link at the bottom of the email message or by sending an email with "UNSUBSCRIBE" in the subject line to email@example.com that explains the desire to stop receiving communications and gives us the address (email and/or physical) to be removed, and we will promptly unsubscribe you.
We may request additional identifying information to confirm your identity and/or as a security precaution. In addition, we may limit or deny access to personal details where providing such access would be unreasonably burdensome or expensive in the circumstances. In some circumstances, OCT may charge a reasonable fee, where warranted, for access to personal information.
No Sensitive Personal Information
Client agrees that it shall not disclose or otherwise make available to OCT, any Personal Data of any type, except which, to the minimum extent, is necessary for O.C. Tanner to provide the Services. Without limiting the foregoing, client shall not make available to O.C. Tanner sensitive information including but not limited to any payment card information, personal identification numbers (PINs), Social Security Numbers, passwords or other electronic identification numbers, information a person uses for payment or to access personal or financial information or resources as defined under the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLB Act or GLBA) or any personal health information as defined by the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and the privacy and security regulations promulgated thereunder (collectively, "Sensitive Personal Information"). If any such Sensitive Personal Information is sent to OCT, OCT shall have the right, but not obligation, to extract, delete, remove and otherwise remediate such information from its systems. OCT has the right, but undertakes no obligation, to monitor the data files or Products for Sensitive Personal Information. OCT shall have no legal obligation whatsoever with respect to any information transmitted in violation of the foregoing and shall be indemnified by client from all claims and losses in connection therewith. OCT reserves the right to not accept a data file from a client, if it contains unnecessary data.
EEA and Switzerland Users
If you are a resident of the EEA or Switzerland, you have the following data protection rights:
If you wish to access, correct, update or request removal of your personal Information, object to processing of your personal Information, restrict processing of your personal Information or request portability of your personal information contact your program administrator or email firstname.lastname@example.org.
EU-U.S. and Swiss-U.S. Privacy Shield Framework
OCT complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. OCT has certified to the Department of Commerce that it adheres to the Privacy Shield Principles and is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC), the Department of Transportation or any other U.S. authorized statutory body. If there is any conflict between the terms in this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
By providing information to us, you acknowledge that we operate in the US and you agree to permit us to transmit and use your user information as outlined, including across international boundaries, under the protection of appropriate safeguards pre-approved by the European Commission to provide you with Services that such use by us shall be subject to the terms and conditions stated in this Privacy Notice.
In compliance with the US-EU and Swiss-US Privacy Shield Principles, OCT commits to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding this notice should first contact OCT at:
OCT has further committed to cooperate with the panel established by the EU Data Protection Authorities ("DPAs") and the Swiss Federal Data Protection and Information Commissioner ("FDPIC") regarding unresolved Privacy Shield complaints concerning human resources data transferred from the EU and Switzerland in the context of the employment relationship. If you do not receive timely acknowledgement of your complaint from us, or if you have we have not addressed your complaint to your satisfaction, please contact the EU DPAs or the Swiss FDPIC for more information or to file a complaint. The services of the EU DPAs and the Swiss FDPIC are provided at no cost to you. Please contact us to be directed to the relevant contacts.
In addition, if you have an unresolved privacy or data use concern that we have not addressed satisfactorily, you may contact JAMS, our U.S.-based third-party dispute resolution provider (free of charge) at https://www.jamsadr.com/eu-us-privacy-shield. Finally, as a last resort under the Privacy Shield Framework, and under limited circumstances, individuals with unresolved complaints may invoke binding arbitration before a Privacy Shield Panel.
Beginning May 25, 2018, EU-based individuals also have the right to file a complaint by emailing OCT’s nominated representative at email@example.com.
California Privacy Rights
If you are a resident of California, you have the following data protection rights:
If you wish to access details pertaining to the source; categories; specific elements; business purpose for collection; and third-party disclosures of your personal information no more than twice in a 12-month period, or wish to correct, update or request removal of your personal Information, object to processing of your personal Information, restrict processing of your personal Information or request portability of your personal information contact your corporate program administrator or email firstname.lastname@example.org.
California Civil Code Section 1798.83 permits individual California residents to request certain information regarding OCT’s disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please write to email@example.com.
If you are a California resident under age 18 and are a registered user of any of the services, then you may request that we remove any content that you created and posted on our Wall of Fame ("User Content"). To request removal of your User Content, please send an email with a detailed description of the specific data User Content to firstname.lastname@example.org. OCT reserves the right to request that you provide information that will enable us to confirm that the User Content that you want removed was created and posted by you.
OCT will make a good faith effort to delete or remove your User Content from public view as soon as reasonably practicable. Please note, however, that your request that we delete your User Content does not ensure complete or comprehensive removal of your User Content. Your User Content may remain on backup media, cached or otherwise retained by OCT for administrative or legal purposes. Your User Content may also remain publicly available if you or someone else has forwarded or re-posted your User Content on another website or service prior to its deletion.
Some clients may opt to configure the Services to allow minor employees to post user-generated content through the Services. In such cases, minors may delete and modify their user-generated content at any time using the same service used to create it. Alternatively, users may contact email@example.com for assistance with removing user-generated content. Such removal does not ensure complete or comprehensive removal of that information.
Notwithstanding the foregoing, O.C. Tanner shall have no legal obligation whatsoever for any user- generated content that contains information pertaining to children.
OCT utilizes commercially reasonable physical, technical, and managerial safeguards to preserve the integrity and security of personal information and to protect it against unauthorized access or use, alteration, unlawful or accidental destruction and accidental loss. However, OCT cannot be responsible for the acts of those who gain unauthorized access and while we agree to make all reasonable efforts, we make no warranty we will prevent unauthorized access to your personal information. Additionally, the security of information transmitted through the Internet can never be guaranteed. We receive personal information transmitted to us through the Internet in encrypted format, when supported by our clients. We are not responsible for any interception or interruption of any communications through the Internet or for changes to or losses of data resulting from Internet transmission. We cannot ensure the confidentiality, integrity, or availability of the information from a Client Recognition Platform once it is accessed by the client to whom that portion of the Services is dedicated, nor can we limit how that client will use your information. This is not a guarantee that such information may not be accessed, altered, disclosed, or destroyed by breach of any of our physical, technical, or managerial safeguards.
Users of the Services are responsible for maintaining the security of any password, user ID, or other form of authentication involved in obtaining access-protected or secure areas of the Services. To protect you and your data, we may suspend your use of any of the Services, without notice, pending an investigation, if any breach of security is suspected. Access to and use of protected and/or secure areas of any of the Services are restricted to authorized users only. Unauthorized access to such areas is prohibited and may lead to criminal prosecution.
Transfer of Rights
Should OCT be acquired, merged, or endeavor to become closed for business, OCT reserves the right, unless contractually prohibited, to transfer or assign the information collected, during the due course of business. This information may be held as part of any such acquisition, merger, sale, or other change of control or business entity status.
Changes and Updates
We reserve the right to modify this Privacy Notice at any time, so please review it frequently. If we make material changes to this Notice, we will notify you here, or by means of a notice on our Client Recognition Platform.
On occasion as deemed necessary by OCT (daily, weekly, monthly, etc.), we will send you various communications as part of the Service, such as, but not limited to, account activity alerts and updates. Said communications shall originate from OCT only and shall be conducted in compliance with this Privacy Notice. At any time, the User may entirely opt-out of such communications as instructed on the email communication.
This Notice and all OCT policies are written and executed in English, which is considered the prevailing language for purposes of interpretation or laws of contract. If this Notice is translated into any other language, the English version shall be considered the primary binding legal document.