Privacy Notice

Updated June 2019

General Information

O.C. Tanner and its affiliates (‘OCT’, ‘we’ or ‘us’) are committed to protecting the privacy of the companies when you use the services we make available via our websites and mobile applications (collectively, the "Services") and the information they provide to us. This Privacy Notice outlines the data processing practices of OCT. OCT values your privacy and it is one of our top priorities.  We are focused on protecting your privacy from unauthorized access and/or use.

OCT provides employee recognition and engagement services to its clients. Within the Services, specific portions are available only to OCT clients, with each client having a dedicated portion (each, a "Client Recognition Platform"). In some cases where your employer is an OCT client, OCT and your employer may have a written agreement that sets forth additional obligations with respect to the gathering and use of personal information via your employer’s Client Recognition Platform. To the extent any such obligations are more restrictive than those set forth in this Privacy Notice, OCT will comply with such more restrictive obligations while you are accessing the Services via your employer’s Client Recognition Platform.

This Privacy Notice supplements the various agreements you may enter into with O.C. Tanner and explains how we collect, use and disclose the information received from or about you through our Services. This Privacy Notice is incorporated into and made a part of our Terms of Use.

By using our Services, you are consenting to the collection, processing, storage, transfer, disclosure and other uses of your information as described in this Privacy Notice and our Terms of Use.  The collected information will only be used for the purpose for which it was collected and to provide our Services. IF YOU DO NOT AGREE WITH ANY PART OF THIS PRIVACY NOTICE OR OUR TERMS OF USE, THEN PLEASE DO NOT USE ANY OF THE SERVICES.

If you have questions or concerns regarding this Privacy Notice or concerns regarding your personal information, please contact our Privacy Officer by e-mail at privacy@octanner.com.

Collected and Stored Information

In order to provide our Services, we may collect and store the following information that can uniquely identify you, such as:

Payment Information

If you make a purchase when using the Services, our third-party payment processor may collect your payment card or bank account number, payment card expiration date and security code, and other payment details, as well as other personal information, in order to complete your purchase.

Location Information

If you access and use the Services on a mobile device and your mobile device’s settings allow it, we may collect information about your real-time location. You may disable the geo-location features of your mobile device or forego using our mobile applications, if you do not wish to make your location known.

Experience Information

We may conduct surveys at the request of your employer. We may also conduct marketing surveys for data research purposes, where we analyze the answers in the aggregate. We may ask for contact details in the event we need to verify or validate answers.

Anonymous Information

The information we may collect by automated means may include, without limitation:

We collect application and Website usage data via cookies, downloads, and tailored web requests. In addition, we may collect and process personal information and data including, but not limited to, file transfer, media uploads, and viewing data, email and personal and/or business contact information, and other identifiable information provided to us.

OCT may collect the following personal information about you for marketing purposes:

The collected data elements may include, but are not limited to:

Supplementing Data

OCT may collect information via other sources to help us correct or supplement our records, improve the quality or personalization of our Services to you, and prevent or detect fraud. We work closely with approved third parties who do not have access to your personal data. We receive and combine this new information with information we already have about you. We use this data to update and analyze our records, and to provide products and additional services that you may be interested in.

Use and Disclosure of Personal Information

Updating Your Personal Information

If you become aware that information that we maintain about you is inaccurate, or if you wish to update or review your information, please contact your human resources department. They will either make the changes directly or contact us to take reasonable steps to permit you to correct, amend, or delete information that is demonstrated to be inaccurate.

If you receive an email from us regarding new products or services, you may request to be removed from our database list by clicking the "UNSUBSCRIBE" link at the bottom of the email message or by sending an email with "UNSUBSCRIBE" in the subject line to info@octanner.com that explains the desire to stop receiving communications and gives us the address (email and/or physical) to be removed, and we will promptly unsubscribe you.

We may request additional identifying information to confirm your identity and/or as a security precaution. In addition, we may limit or deny access to personal details where providing such access would be unreasonably burdensome or expensive in the circumstances. In some circumstances, OCT may charge a reasonable fee, where warranted, for access to personal information.

No Sensitive Personal Information

Client agrees that it shall not disclose or otherwise make available to OCT, any Personal Data of any type, except which, to the minimum extent, is necessary for O.C. Tanner to provide the Services. Without limiting the foregoing, client shall not make available to O.C. Tanner sensitive information including but not limited to any payment card information, personal identification numbers (PINs), Social Security Numbers, passwords or other electronic identification numbers, information a person uses for payment or to access personal or financial information or resources as defined under the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLB Act or GLBA) or any personal health information as defined by the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and the privacy and security regulations promulgated thereunder (collectively, "Sensitive Personal Information"). If any such Sensitive Personal Information is sent to OCT, OCT shall have the right, but not obligation, to extract, delete, remove and otherwise remediate such information from its systems. OCT has the right, but undertakes no obligation, to monitor the data files or Products for Sensitive Personal Information. OCT shall have no legal obligation whatsoever with respect to any information transmitted in violation of the foregoing and shall be indemnified by client from all claims and losses in connection therewith. OCT reserves the right to not accept a data file from a client, if it contains unnecessary data.

EEA and Switzerland Users

If you are a resident of the EEA or Switzerland, you have the following data protection rights:

If you wish to access, correct, update or request removal of your personal Information, object to processing of your personal Information, restrict processing of your personal Information or request portability of your personal information contact your program administrator or email privacy@octanner.com.

EU-U.S. and Swiss-U.S. Privacy Shield Framework

OCT complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. OCT has certified to the Department of Commerce that it adheres to the Privacy Shield Principles and is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC), the Department of Transportation or any other U.S. authorized statutory body. If there is any conflict between the terms in this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

By providing information to us, you acknowledge that we operate in the US and you agree to permit us to transmit and use your user information as outlined, including across international boundaries, under the protection of appropriate safeguards pre-approved by the European Commission to provide you with Services that such use by us shall be subject to the terms and conditions stated in this Privacy Notice.

In compliance with the US-EU and Swiss-US Privacy Shield Principles, OCT commits to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding this notice should first contact OCT at:

O.C. Tanner Company
Attention: Data Privacy Officer
1930 South State Street
Salt Lake City, Utah 84115

OCT has further committed to cooperate with the panel established by the EU Data Protection Authorities ("DPAs") and the Swiss Federal Data Protection and Information Commissioner ("FDPIC") regarding unresolved Privacy Shield complaints concerning human resources data transferred from the EU and Switzerland in the context of the employment relationship. If you do not receive timely acknowledgement of your complaint from us, or if you have we have not addressed your complaint to your satisfaction, please contact the EU DPAs or the Swiss FDPIC for more information or to file a complaint. The services of the EU DPAs and the Swiss FDPIC are provided at no cost to you. Please contact us to be directed to the relevant contacts.

In addition, if you have an unresolved privacy or data use concern that we have not addressed satisfactorily, you may contact JAMS, our U.S.-based third-party dispute resolution provider (free of charge) at https://www.jamsadr.com/eu-us-privacy-shield. Finally, as a last resort under the Privacy Shield Framework, and under limited circumstances, individuals with unresolved complaints may invoke binding arbitration before a Privacy Shield Panel.

Beginning May 25, 2018, EU-based individuals also have the right to file a complaint by emailing OCT’s nominated representative at privacy@octanner.com.

California Privacy Rights

If you are a resident of California, you have the following data protection rights:

If you wish to access details pertaining to the source; categories; specific elements; business purpose for collection; and third-party disclosures of your personal information no more than twice in a 12-month period, or wish to correct, update or request removal of your personal Information, object to processing of your personal Information, restrict processing of your personal Information or request portability of your personal information contact your corporate program administrator or email privacy@octanner.com.

California Civil Code Section 1798.83 permits individual California residents to request certain information regarding OCT’s disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please write to privacy@octanner.com.

If you are a California resident under age 18 and are a registered user of any of the services, then you may request that we remove any content that you created and posted on our Wall of Fame ("User Content"). To request removal of your User Content, please send an email with a detailed description of the specific data User Content to privacy@octanner.com. OCT reserves the right to request that you provide information that will enable us to confirm that the User Content that you want removed was created and posted by you.

OCT will make a good faith effort to delete or remove your User Content from public view as soon as reasonably practicable. Please note, however, that your request that we delete your User Content does not ensure complete or comprehensive removal of your User Content. Your User Content may remain on backup media, cached or otherwise retained by OCT for administrative or legal purposes. Your User Content may also remain publicly available if you or someone else has forwarded or re-posted your User Content on another website or service prior to its deletion.

Children's Privacy

OCT complies with the Children's Online Privacy Protection Act of 1998 (COPPA) and recognizes the responsibility to protect the privacy of young children at all times and to the best of everyone's ability. For that reason, OCT does not knowingly collect or maintain any information via the Website from persons under the age of thirteen (13), and no part of our Website is directed to persons under the age of thirteen (13). If  you are under the age of 18 (but at least 13 years of age), you may use the Services only under the supervision of a parent or legal guardian who agrees to be bound by the Terms of Use.

Some clients may opt to configure the Services to allow minor employees to post user-generated content through the Services. In such cases, minors may delete and modify their user-generated content at any time using the same service used to create it. Alternatively, users may contact privacy@octanner.com for assistance with removing user-generated content. Such removal does not ensure complete or comprehensive removal of that information.

Notwithstanding the foregoing, O.C. Tanner shall have no legal obligation whatsoever for any user- generated content that contains information pertaining to children.

Data Security

We retain personal information only if it is necessary and relevant for our operations. In addition, we retain personal information as necessary to comply with applicable law, prevent fraud, resolve disputes, troubleshoot problems, assist with any investigation, enforce the Terms of Use, and perform other actions permitted by law.

OCT utilizes commercially reasonable physical, technical, and managerial safeguards to preserve the integrity and security of personal information and to protect it against unauthorized access or use, alteration, unlawful or accidental destruction and accidental loss. However, OCT cannot be responsible for the acts of those who gain unauthorized access and while we agree to make all reasonable efforts, we make no warranty we will prevent unauthorized access to your personal information. Additionally, the security of information transmitted through the Internet can never be guaranteed. We receive personal information transmitted to us through the Internet in encrypted format, when supported by our clients. We are not responsible for any interception or interruption of any communications through the Internet or for changes to or losses of data resulting from Internet transmission. We cannot ensure the confidentiality, integrity, or availability of the information from a Client Recognition Platform once it is accessed by the client to whom that portion of the Services is dedicated, nor can we limit how that client will use your information. This is not a guarantee that such information may not be accessed, altered, disclosed, or destroyed by breach of any of our physical, technical, or managerial safeguards.

Users of the Services are responsible for maintaining the security of any password, user ID, or other form of authentication involved in obtaining access-protected or secure areas of the Services. To protect you and your data, we may suspend your use of any of the Services, without notice, pending an investigation, if any breach of security is suspected. Access to and use of protected and/or secure areas of any of the Services are restricted to authorized users only. Unauthorized access to such areas is prohibited and may lead to criminal prosecution.

Transfer of Rights

Should OCT be acquired, merged, or endeavor to become closed for business, OCT reserves the right, unless contractually prohibited, to transfer or assign the information collected, during the due course of business. This information may be held as part of any such acquisition, merger, sale, or other change of control or business entity status.

Contact Information

Written questions or comments regarding this Privacy Policy, or our Privacy Shield certification, should be submitted to OCT as follows:

O.C. Tanner Company
Attention: Data Privacy Officer
1930 South State Street
Salt Lake City, Utah 84115
Work Phone: (1) (888) 708-7080
O.C. Tanner Company
1930 South State Street
Salt Lake City, Utah 84115 USA
Work Phone: (1) (888) 708-7080

Changes and Updates

If we decide to change our Privacy Policy, we will post those changes to this Privacy Notice on our home page, and other places we deem appropriate so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.

We reserve the right to modify this Privacy Notice at any time, so please review it frequently. If we make material changes to this Notice, we will notify you here, or by means of a notice on our Client Recognition Platform.

Communications

On occasion as deemed necessary by OCT (daily, weekly, monthly, etc.), we will send you various communications as part of the Service, such as, but not limited to, account activity alerts and updates. Said communications shall originate from OCT only and shall be conducted in compliance with this Privacy Notice. At any time, the User may entirely opt-out of such communications as instructed on the email communication.

Presiding Language

This Notice and all OCT policies are written and executed in English, which is considered the prevailing language for purposes of interpretation or laws of contract. If this Notice is translated into any other language, the English version shall be considered the primary binding legal document.