Effective Date: March 1, 2020
Our use of information we collect as a service provider or processor for our customers is limited by the restrictions placed on that information by our clients and their privacy policies. You can learn more about how your information is collected and used by our clients by reviewing the privacy policies of the businesses that you engage with.
We will use personal information about you only for the purposes and in the manner set forth below, which describes the steps we take to ensure the processing of personal data is in compliance with applicable data protection law, including California’s Consumer Privacy Act (“CCPA”) and the European Union’s General Data Protection Regulation (“GDPR”).
We collect the following categories of information from and about you:
Personal Information is information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked with a particular individual. We may ask you to provide your Personal Information voluntarily as you interact with us on the Site, or that we may collect it automatically as you use the Site. Personal Information may include, but is not limited to, your:
- Email address
- First name and last name
- Phone number
- Mailing address
- IP (Internet Protocol) address
The Personal Information we collect, the basis of processing and the purposes of processing are detailed below (see “Sharing and Disclosure of Information” section below). Sometimes, these activities are carried out by third parties. The Personal Information we collect about you helps us manage our relationship with you, primarily by allowing us to respond to your questions, to improve website experience, and to notify you of our Services. We also collect information from you for potential employment purposes.
Non-Personally Identifiable Information
We may also collect data about you that is not personally identifiable. Examples of such data include your device operating system type, browser type, domain, and other system settings. We may collect data about the website that you were visiting before you navigated to our Site, and the website that you visit after you leave our Site. We collect this data to help us better understand our Site traffic and to optimize our delivery of the Site to you.
Individuals in the European Union
For individuals in the EU, “Personal Data” has the meaning described in Article 4.1 of the GDPR. The following lawful bases support our processing activities under the GDPR:
|Data Source||Personal Data Collected||Basis of Processing|
|Representative of Prospective Customers||We collect your name, email address, job title, current organization, current industry, business interests, and phone number.||It is necessary to take steps at your request prior to entering into a contract (e.g. to respond to your queries and to provide you with further information; or where you have submitted an application to become our Customer).|
|Vendor and Supplier Representatives||We collect your name, email address, current company, current industry, business interests, and phone number.||It is in our legitimate interests to store vendor/supplier related information so that we can refer back to it (e.g. for our general recordkeeping and supplier relationship management). Our interests are not overridden by the interests or fundamental rights and freedoms of the data subject.|
|Those who wish to be included on our mailing list(s)||We collect your name, current company, and email address.||Consent. If you subsequently wish to withdraw your consent, you may do so at any time by clicking the “unsubscribe” link at the bottom of these communications.|
|Prospective Employees||We will collect your name, email address, phone number.||Necessary in order to take steps prior to entering into an employment contract; Consent.|
The Personal Information about you that we collect includes information within the categories of data defined by California state privacy laws and provided below. Under the CCPA, “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked with a particular consumer or household. Personal Information does not include:
(1) de-identified or aggregated information;
(2) “publicly available information” that is lawfully made available from federal, state, or local government records; or
(3) information excluded from the CCPA, such as Protected Health Information or medical information that is subject to HIPAA, or other personal information covered by certain other privacy laws, such as the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act, or California Financial Information Privacy Act, and the Driver’s Privacy Protection Act of 1994.
The following categories also represent the categories of Personal Information that we have collected over the past 12 months. Inclusion of a category in the list below indicates only that, depending on the services and products we provide you, we may collect some information within that category. It does not necessarily mean that we collect all information listed in a particular category for all of our customers. We do not and will not sell Personal Information about you, as defined by CCPA. We also have not done so for the last 12 months.
|Categories of Personal Information Collected||Representative Examples of Data Elements||Sources of Personal Information||Purposes for Collecting||Categories of Third Parties with whom we may share this information|
|Contact Information||Full name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, telephone number.||You||To identify and communicate with you; to respond to your information requests; to send marketing or promotional information; and for our everyday business purposes||Our affiliates and our third party service providers who deliver our communications|
|Prospective Employment Related Information||Full name, postal address, current company, Internet Protocol address, email address, telephone number, information about your employment that you voluntarily choose to share||You|
|Internet or another similar network activity||Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.||Your device|
|Geolocation data||Physical location.||Your device|
We use Google Analytics, a third party analytic tool which uses tags to measure, analyze, and report on access to and usage of our Site. Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. When you access the Site, your web browser automatically sends certain information to us and to Google, which is used to understand how visitors to our Site engage with our Site. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. Google Analytics does not collect sensitive information on our Site, as described in the Google AdWords sensitive category restrictions.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en.
USE OF INFORMATION COLLECTED
We use the information we collect from or about you for the following purposes:
- To provide our Services.
- To send you marketing communications.
- To respond to your requests and inquiries.
- To improve user experiences by making our website easier to use and navigate.
- For other legitimate business and operating
SHARING AND DISCLOSURE OF INFORMATION
We may share or disclose your information to the following categories of third parties and for the following reasons:
- To our affiliates, third-party service providers, agents or independent contractors who help us maintain or provide our Services and provide other administrative services to us.
- We may share the information we collect about you in the course of any reorganization process including, but not limited to, mergers, acquisitions, and sales of all or substantially all of our assets.
- We may disclose the information we collect about you to law enforcement, government agencies, and other related third parties, in order to comply with the law, enforce our policies, or protect our or others’ rights, property or safety.
- We may share with other third parties only with your consent or direction to do so.
We disclose the personal information we collect about you for a business purpose to the following categories of third parties: service providers for website services, email services, and data analytics services.
We provide you the opportunity to opt-out of marketing communications by clicking the “unsubscribe” link in email communications or by contacting us using the contact information provided below. We will process your request as soon as possible in accordance with applicable law, but please be aware that in some circumstances you may receive a few more messages until the unsubscribe request is processed.
Additionally, we may send you information regarding our Services, such as information about changes to our policies and other notices and disclosures required by law. Generally, users cannot opt-out of these communications, but they will be primarily informational in nature, rather than promotional.
Our website contains links to other sites. When you follow these links to those sites, the operators of those websites may collect information about you. Gabriel Group and OSG does not review, control or monitor the practices, information or materials on any other websites, and are not responsible or liable for the communications, information, content or materials from or the practices and policies (including without limitation privacy or data collection practices or policies) of any of those sites. If you have any questions about how these other sites use your information, you should review their policies and contact them directly.
RIGHTS AVAILABLE TO CALIFORNIA RESIDENTS
Under the CCPA, residents of California are provided with certain rights regarding their Personal Information (as defined in the CCPA). The following section outlines these rights:
- Right to Know: You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- the Categories of Personal Information we have collected from you
- the business purposes for which such Personal Information was collected
- the Sources of Personal Information we have collected from you
- the specific pieces of Personal Information stored about you
- the categories of 3rd parties with whom we share Personal Information
- If we shared your Personal Information for a business purpose, the categories of Personal Information that each category of recipient obtained.
- Right to Request Deletion: You have the right to request deletion of your Personal Information that has been collected and retained from you subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete your Personal Information from our records, unless there is an applicable exception. We may deny your deletion request if we need to retain the information to:
- Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 ).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
If none of the foregoing exceptions applies, and we delete the information in compliance with your verifiable request, we will also direct our applicable service providers to delete your personal information.
You or an authorized agent registered with the California Secretary of State that you authorize to act on your behalf, may exercise the Rights twice in a 12-month period. Your verifiable request must include sufficient detail for us to understand, evaluate, and respond to it. It must also provide sufficient information that allows us to reasonably verify that you are the individual about whom we have collected Personal Information or an authorized agent representing the individual. Please note that in some cases we may need to obtain information from you as part of the verification process to verify your identity to a reasonable degree. We may require you to provide Personal Information as part of the verification process. For authorized agents, we may require a signed, written authorization, a notarized affidavit, or a valid power of attorney. We will only use this information for the purpose of verifying the requestor’s identity or authority. To exercise these rights, please email us at firstname.lastname@example.org or complete the form at https://gabrielgroup.com/personal-information-request-form/.
We will acknowledge your right to know or deletion request within ten (10) business days of receipt and provide information about how we will process the request. In many cases we will respond to your request within 45 days. In some cases we may extend the time to respond for another 45 days. If this extension is necessary, we will give you notice and the reason that we need the additional time to respond.
If we are unable to verify your identity or your authority to make the request within 45 days, we cannot fully respond to you and may deny your request. We may in such cases elect to treat the deletion request as an opt-out request. For requests seeking specific pieces of information, we will treat it as a request for the disclosure of the categories of Personal Information about the consumer.
We retain records of your requests, including the request data, nature of the request, manner of submission, the response and any basis of denial for a period of 24 months.
We will not discriminate against you in terms of services, the level or quality of services, or pricing for exercising any of your CCPA rights. If there are excessive requests, we may charge a reasonable fee as permitted under the CCPA.
RIGHT TO OPT-OUT OF DATA SALES FOR NEVADA RESIDENTS
We do not sell your covered information, as defined by Section 603A.320 of the Nevada Revised Statutes. If you reside in Nevada, you have the right to submit a request to us at email@example.com regarding the sale of covered information. Please include “Nevada” in your email subject line, and include the following information in your email: your name, Nevada resident address, and email address. We will respond within sixty (60) days of receiving your request.
Rights for Individuals located in the European Union
Under the GDPR, individuals in the European Union are provided with certain rights regarding their Personal Data, as defined under that Regulation. The following section provides notice of these rights:
- You have the right to access your Personal Data. You have a right to know if we process any Personal Data about you and, be sent a copy of the Personal Data, along with an explanation of the purposes of the processing, and the categories of recipients to whom we have disclosed your Personal Data.
- You have to right of rectification of your Personal Data. You have the right to correct your Personal Data is it is inaccurate. You may change or update your information at any time by requesting access to the Personal Data that has been collected about you and confirm or change that information.
- You have the right to have your Personal Data erased under certain circumstances. You may exercise this right if you (a) withdraw your consent and there is no other lawful basis for processing the data; (b) if the data is no longer necessary for the purpose for which it was collected; (c) where you have objected to the use of the data for direct marketing; (d) where the data has been unlawfully processed; or (e) where erasure is necessary to comply with a legal obligation. Please note that there are also exceptions to this right that may prevent you from exercising this right. For example, if the data is necessary for the establishment, exercise, or defense of legal claims, your right to erasure will not apply.
- You have the right to restrict the processing of your Personal Data under certain circumstances. You may exercise this right if (a) you contest the accuracy of the Personal Data collected and retained about you; (b) if the processing is unlawful; (c) if the data is no longer necessary for the purposes of processing but it is required for the establishment, exercise, or defense of legal claims; or (d) if you have objected to the processing of your data based on the public interest or the legitimate interest of others.
- You have the right to object to the processing of your Personal Data. You have the right to object to direct marketing at any time. You can also object to the processing of your Personal Data which is based on legitimate interests. Likewise, you can object to the processing of your Personal Data for scientific or historical research or statistics purposes. Note that while the right to object to direct marketing is absolute, the two other rights to object are more limited.
- You have the right to port (transfer) Personal Data you have provided to us, either to you or to another provider. You may request to be given a copy the Personal Data that you have provided to us and that we have processed through automated means based on your consent in a commonly used, machine-readable electronic format where technologically possible, for your re-use.
- You have a right to revoke your consent to or to opt-out of how your Personal Data is processed as described in this Policy. You may withdraw consent to the extent that our processing of your Personal Data is based on your consent
- You have the right to lodge a complaint. If you have any concerns or a complaint about how your Personal Data has been or is being processed, please let us know directly by contacting us by email. You also have the right to lodge a complaint with the applicable supervisory authority in the country you live in, the country you work in, or the country where you believe your rights under applicable data protection laws have been violated.
To find out more about your data subject rights under GDPR, you may contact the data protection agency of your member country, for e.g., the Data Protection Commission of Ireland.
To exercise your rights, please contact us: our contact details are in the “Contact Us” section below. Please make it clear which right(s) you want to exercise, for example by heading your letter “right to object” if you wish to exercise the right to object.
NOTICE REGARDING PUBLIC POSTING AREAS
Please note that any information you include in a message you post to any public posting area is available to anyone with Internet access. If you do not want people to know your email address, for example, do not include it in any message you post publicly. PLEASE BE EXTREMELY CAREFUL WHEN DISCLOSING ANY INFORMATION IN PUBLIC POSTING AREAS. GABRIEL GROUP AND OSG IS NOT RESPONSIBLE FOR THE USE BY OTHERS OF THE INFORMATION THAT YOU DISCLOSE IN PUBLIC POSTING AREAS.
We implement reasonable technical and organizational security measures to ensure the security of your Personal Information. Please understand, however, that no data transmissions over the Internet can be guaranteed to be 100% secure. Consequently, Gabriel Group and OSG cannot ensure or warrant the security of any information you transmit to us and you understand that any information that you transfer to us is done at your own risk. If we learn of a security system breach, we may attempt to notify you electronically so that you can take appropriate protective steps. By using the Services or providing Personal Information to us, you agree that we can communicate with you electronically regarding security, privacy and administrative issues relating to your use of the Services. Depending on where you live, you may have a legal right to receive notice of a security breach in writing.
INTERNATIONAL DATA TRANSFERS
Gabriel Group and OSG is based in the U.S. If you choose to provide us with information, please understand that your Personal Information may be transferred to the U.S. and that we may transfer that information to our affiliates and subsidiaries or to other third parties, across borders, and from your country or jurisdiction to other countries or jurisdictions around the world. If you are visiting from the EU or other regions with laws governing data collection and use that may differ from U.S. law, please note that you are transferring your Personal Information to the U.S. and other jurisdictions which may not have the same levels of data protection as the EU, and Personal Information may be subject to access by and disclosure to law enforcement agencies in the U.S.
We put in place appropriate operational, procedural and technical measures in order to ensure the protection of your Personal Information. You acknowledge you understand that by providing your Personal Information: (i) your Personal Information will be used for the uses identified above in accordance with this Policy; and (ii) your Personal Information may be transferred to the U.S. and other jurisdictions as indicated above, in accordance with applicable law.
In the event that all or part of our assets are sold or acquired by another party, or in the event of a merger, we retain the right to transfer your Personal Information to the successor business. The new business would retain the right to use your Personal Information according to the terms of this privacy notice as well as to any changes to this privacy notice as instituted by the new business.
HOW WE RESPOND TO DO-NOT-TRACK SIGNALS
At this time our website does not recognize automated browser signals regarding tracking mechanisms, which may include “Do Not Track” instructions.
Data Retention Periods
Gabriel Group and OSG retains your Personal Information for as long as necessary for the purposes for which it was collected. In certain instances, we may keep it longer:
- for as long as necessary to comply with any legal requirement;
- for backup and disaster recovery purposes;
- for as long as necessary to protect our legal interests or otherwise pursue our legal rights and remedies; or
- for data that has been aggregated or otherwise rendered anonymous in such a manner that you are no longer identifiable, indefinitely.
We reserve the right to change this Policy. When we do, we will also revise the “Effective Date” at the top of this Policy. If we make material changes to the Policy, we will notify you by placing a prominent notice on our website and/or by sending you an email at the email address we have on file for you. We encourage you to periodically review this Policy to keep up to date on how we are handling your Personal Information.
Gabriel Group and OSG is committed to permission-based e-mail marketing practices and, in support thereof, has established this no-tolerance Anti-Spam Policy.
Gabriel Group and OSG has no tolerance for the sending of spam and unsolicited mail. To ensure CAN-SPAM compliance, Gabriel Group and OSG requires that every e-mail deployed through Gabriel Group and OSG with the primary purpose of delivering commercial content meets the following criteria:
- Accurately identifies the sender in the header information;
- Uses a subject line that accurately represents the content of the e-mail;
- Identifies the message as an advertisement;
- Includes our customer’s mailing address if sent out on behalf of the customer;
- Provides a mechanism to opt out; and
- Honors opt-out requests promptly. If you believe that you have received spam connected to Gabriel Group and OSG in any way, send a complaint that includes the unsolicited e-mail to firstname.lastname@example.org. Please provide any other information that you believe may help us in our investigation.
If you have any questions, comments or concerns about our privacy practices or this Policy, please contact us at: