PRIVACY POLICY

Last Updated: February, 10, 2023

This Privacy Notice (“Notice”) describes how information may be collected and/or used by Global Integrity (“we,” “us,” and “our”) in connection with your use of (a) Global Integrity products and services, including but not necessarily limited to the Communication Services as defined in the Global Integrity Terms of Use (“Services”) and (b) the Global Integrity website at www.globalintegrity.com¸ including any related or included content, services, resources, features, and applications  (the “Website”).

A. Information We Collect About You

The information we collect about you depends on your use of our Services and Website and the ways that you interact with us, including:

  • How you visit and use the Website.
  • How you use the Services, including if you are a recipient of a communication sent by a Global Integrity Customer using the Services.

Personal information we collect about you may include the following:

  • Contact Information: General contact information for administration purposes, which may include, but not limited to name, address, phone number, and email address
  • Account Information: Purchase and usage history and preferences related to the Services, including payment-related information.
  • Device Identification Information: Attributes that identify a device used to access or use the Website or from which (or to which) electronic communications are sent (or received) using the Services, including, but not limited to, a network identifier (Internet Protocol IP address, phone number, etc.), serial number, capabilities, manufacturer or brand, device version and so forth.
  • Electronic Communications Metadata: Data processed in an electronic communications network for the purposes of transmitting, distributing, or exchanging electronic communications content (but not including electronic communications content); includes data used to identify the source and destination of a communication, the date, time, duration, and type of communication.
  • Authentication Data: Username, password, authorization tokens, and similar data used to authenticate users or devices in connection with use of the Services or access to information related to the Services.
  • Content Information: Content Information is the information contained within a message or communique that is transferred between communicating parties in connection with use of the Services.
  • Cookie and Tracking Information: IP address, Device Identification Information, web browsing information, location data, browser type and language, access times, the Uniform Resource Locator (URL), other unique identifiers and other technical data that may uniquely identify your device, system, or browser.
  • Web Form and Service Usage Information: To the extent not covered by the above, any information you voluntarily provide us in filling out forms included on our Website or in connection with your use of the Services.
  • Social Media Network Information: We may collect information you have made publicly available through your social media account(s) when you interact with our social media account(s).

B. How We Use Information About You

We may use the information we collect about you for the following purposes:

  • To provide the Services and perform obligations owed in connection with providing the Services.
  • To exercise rights regarding providing the Services.
  • To comply with legal obligations.
  • To evaluate, support, and enhance the performance, efficiency, and security of the Services.
  • To detect, prevent, or otherwise concerns regarding fraud, security, or potential illegal activities.

The bases for the above include contractual relationships between you and Global Integrity; Global Integrity’s conduct and pursuit of its legitimate interests; your consent; and/or the relevant laws of jurisdictions where Global Integrity operates.

In providing the Services or use of the Website, it may be necessary to transfer information about you across national borders. You agree that any information you may provide through the Website may be used for the purposes described herein, and you further understand and consent to the collection, maintenance, processing, and transfer of such information in and to the United States and other countries and territories, which may have different privacy laws from your country of residence and which may afford varying levels of protection for such information.

Global Integrity does not sell information about you to third parties.

C. How We Secure, Protect, and Retain Your Information

With respect to the Services, Global Integrity does not create or generate Content Information on your behalf, nor does it monitor the contents of incoming and outgoing information. Furthermore, Global Integrity does not disclose content information to third parties that are not party to the transfer of the information, unless required to do so by law or in the good faith belief that such action is necessary to protect and defend the rights, operations, or property of Global Integrity.

Further, Global Integrity maintains a zero data retention policy for all customer Content Information communicated through the use of the Services. Content Information received through the Services or sent by you through the Services is only maintained for the time necessary to complete the transfer of information between you and the at least one other party. Once the transfer operation has completed (success or failure), any residual Content Information that may be present within Global Integrity’s custodial care is purged from Global Integrity’s systems.

Certain of your personal information will be retained as needed for business administration, tax, or legal purposes and as consistent with applicable law (including but not limited to relevant Federal Communications Commission regulations), such as Electronic Communications Metadata and Device Identification Information. Global Integrity implements appropriate technical and organizational measures secure your information. Such measures include:

  • Maintaining and protecting the security of computer storage and network equipment and using security procedures that require at a minimum unique usernames and passwords to access sensitive data;
  • Applying encryption, deidentification, and/or other appropriate security controls to protect your information while your information is within Global Integrity’s custodial care; and
  • Limiting access to your information within Global Integrity to only those with jobs requiring such access.

Notice of Limited Information necessarily provided to Third Parties

We may share limited amounts of your information with other third-party data controllers connected to Global Integrity’s business—for example, information service providers such as Google for website analytical purposes; technical and hosting services providers such as Amazon Web Services as part of the utilization of the Services; other licensees to enable the exchange of information between the communicating parties, etc.

We may also share your personal information with companies that help us run our business by processing personal information on behalf of Global Integrity. Such companies may include providers of payment processing services, email and short message service providers to send messages or alerts to you about your account, etc.

We may also share your information: a) when you agree to the sharing (for instance when you are communicating with another Global Integrity customer);  b)we are required to provide information in response to a subpoena, court order, or other applicable law or legal process issued in a court of competent jurisdiction; c) we have a good faith belief that the disclosure is necessary to prevent or respond to fraud, defend Global Integrity Services or the Website against attacks, or protect the property and safety of our customers and users or the public; or d) in the event of sale, merger, or acquisition as described below in more detail.

D. Accessing Third-Party Services Through the Website

In the event it is possible to access a social media network or other third-party platform or service through the Website, you authorize Global Integrity to collect, store, and use any and all information in the same manner and to the same extent that you agreed the social network or third-party platform could collect, store, or use the information.

E. Children’s Guidelines

The Website is not intended for use by children under the age of 16, and Global Integrity does not knowingly collect Personal Information from children under the age of 16. If Global Integrity becomes aware that it has inadvertently received Personal Information from a visitor under the age of 16, Global Integrity will take steps to delete such information from its records.

F. Transfer of Information

You authorize Global Integrity to transfer any personal information Global Integrity obtains about you in the event we merge with or are acquired by another company, we sell a business unit or application to another company, or if all or a substantial portion of our assets are acquired by another company, your information will likely be disclosed to our advisers and any prospective purchaser’s advisers and will be one of the assets that is transferred to the new owner. Should such a transfer occur, Global Integrity will make reasonable efforts to direct the transferee to use your personal information in a manner that is consistent with this Privacy Notice.

G. California Consumer Privacy Act (CCPA)

If you are a consumer residing in California, under the California Consumer Privacy Act, the following also applies to you:

  1. California Consumer Privacy Rights

You may be entitled to the following privacy rights under California privacy laws:

  • Right to Know: you may have the right to request information about the personal information we have collected about you and for what purpose.
  • Right to Access: you may have the right to request information about how we process your personal information and to obtain a copy of that personal information.
  • Right to Portability:  you may have the right to receive your personal information, in a structured, commonly used, and machine-readable format and to have that information transmitted to another organization in certain circumstances.
  • Right to Deletion:  you may have the right to request deletion of personal information we have collected from you.
  • Right to Be Free from Discrimination: Global Integrity will not discriminate against you for exercising your consumer privacy rights.
  1. Categories of Personal Information

Listed below are categories and types of information we may have collected about you and shared with business partners for a business purpose. Global Integrity does not sell such information to third parties.

  • Identification and Contact Information: Name, alias, postal address, unique personal identifier, online identifier, email address, account name, or other similar identifiers.
  • Online Activity and Technical Information: Cookie and tracking information such as Internet Protocol address, web beacons, device identifier, Uniform Resource Locator, browser type, access times, other unique identifiers and other technical data that may uniquely identify the device, system or browser, server log records, data collected by automated means to measure consumer response to online content, error reports and performance information, credentials, Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding interaction with an internet website, application, or advertisement.
  • Customer Activity: Commercial information, including records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
  • Protected Classifications: Characteristics of protected classifications under California or federal law such as race, sex, age, date of birth, national origin, disability, citizenship status, and genetic information.
  • Biometric Information: physiological, biological, or behavioral characteristics that can be used alone or in combination with each other to establish individual identity; voice recordings; and health data.
  • Employment Information: employment-related information, including title, employer, and office location.
  1. Submitting a Request

If you have any questions about the type of personal information Global Integrity possesses about you or if you wish to request deletion of personal information we may hold about you, or exercise any other consumer privacy right as set out above, you may contact us at legal@globalintegrity.com. You are entitled to exercise your rights under California privacy law free of charge or penalty; however, we may limit the number of requests or charge reasonable fees as legally permitted.

You may designate an authorized agent to exercise some of your rights; however, in order to help protect the security of your personal information, the authorized agent must follow the same authentication procedures that will be required if you exercise your rights without using an agent.

H. General Data Protection Regulation (GDPR)

 For activities subject to European Union regulation, Global Integrity is committed to preserving the confidentiality and integrity of electronic information assets in compliance with the European Union’s General Data Protection Regulation (GDPR). This explains how GDPR affects you as a user, defines key terms, and answers questions regarding who is covered by GDPR, what GDPR requires, and how Global Integrity operates within those requirements.

  1. Global Integrity’s Commitment to Data Protection

Global Integrity is committed to fulfilling its responsibilities in relation to the collection, retention, use, and communication of personal data within the scope of the General Data Protection Regulation. In scope personal data will be processed only for lawful and appropriate purposes. Global Integrity has implemented measures designed specifically to ensure the security of personal data and to prevent unauthorized or accidental access, erasure, or other misuse of personal data. Global Integrity will also enable the exercising of data subject rights in an effective and transparent manner.

  1. Definitions
Term Definition
GDPR The European Union’s (EU) General Data Protection Regulation (EU 2016/679)
Global Integrity Customer A legal entity (excluding Global Integrity or its affiliates) that has contracted with Global Integrity to provide Services
Customer Data Subject the person whose personal data is being processed
Data Controller An entity that determines the purposes and means of the Processing of Personal Data
Personal Data Any information relating to an identified or identifiable natural person. It can include names, addresses, telephone numbers, email addresses etc., but it is broader than that and includes any other information relating to that person or a combination of information which, if put together, means that the person can be identified.
Process(ing) Any operation(s) performed on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
Services The products and services provided by Global Integrity under a contractual agreement between Global Integrity and the Global Integrity Customer
Special Category Data Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the Processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. Processing of Personal Data relating to criminal convictions and offenses may also have additional safeguards under Member State law.
Communicating Parties Communicating Parties are an Global Integrity Customer and at least an originator or recipient who establish communication through the Services, any of which may be a Data Subject
  1. Notice Applicability

This GDPR Privacy Notice applies when:

  • A Customer Data Subject communicates Personal Data through the use of Global Integrity’s Services within the European Union (EU) or the European Economic Area (EEA) in connection to a Global Integrity Customer
  • Global Integrity otherwise Processes Personal Data of a Customer Data Subject located in an EU or EEA country in connection to a Global Integrity customer
  • Services provided by Global Integrity are within the scope of GDPR
  • Global Integrity functions as a Data Controller when Processing the Personal Data of a Customer Data Subject.

Unless specifically stated otherwise, where another Global Integrity notice or policy conflicts with this GDPR Privacy Notice, this Notice prevails with regards to a Customer Data Subject located in the EU or EEA.

  1. Categories of Customer Data Subject Personal Data Processed

In addition to the categories and types of information identified in Section A of this Notice, Global Integrity processes data that qualifies as Special Category Data when such Special Category Data is included in Content Information exchanged by Communicating Parties using the Services. Content Information transferred through the Services is under the sole discretion and control of the Communicating Parties. Global Integrity does not Process a Customer Data Subject’s Content Information, whether it contains Special Category Data or not, for any business purpose other than to facilitate the transfer of the Content Information between the Communicating Parties, unless specifically authorized by law, for example where the Customer Data Subject has given explicit consent; as necessary for carrying out obligations and exercising specific rights in the field of employment, social security, or social protection law; if compelled to do so by a court of law or lawfully requested to do so by a relevant governmental authority; and/or as necessary for the establishment, exercise, or defense of legal claims.

  1. Reasons Global Integrity Process’s Customer Data Subjects’ Personal Data

Global Integrity Processes Personal Data when a Customer Data Subject uses the Services or Website or when a Customer Data Subject otherwise provides the Personal Data to Global Integrity. During Global Integrity Customer provisioning, Global Integrity will generally Process Personal Data of Customer Data Subjects for the purposes of:

  • Providing the Services to the Global Integrity Customer;
  • Performing the obligations and exercising the rights with respect to the Services;
  • Complying with legal obligations; and/or
  • Evaluating, supporting, and enhancing the performance, efficiency, and security of the Services.

Global Integrity Processes Personal Data of Customer Data Subjects only pursuant to appropriate lawful bases for Processing as necessary for:

  • Performing Services to which the Customer Data Subject is a party;
  • Complying with a legal obligation(s) to which Global Integrity is subject; and/or
  • Legitimate interests pursued by Global Integrity, such as performing its contract obligations to, or exercising its legal or contract rights with the Global Integrity Customer, or for improving services and network operations.

In limited circumstances, Global Integrity may Process Personal Data as necessary for:

  • Protecting the vital interests of the Customer Data Subject or another natural person; and/or
  • Performing a task carried out in the public interest.
  1. Access to Customer Data Subjects’ Personal Data

Personal Data about Customer Data Subjects will be disclosed, to the extent required for Services delivery, to appropriate and authorized recipients. Recipients may include: Global Integrity personnel; third party service providers and subcontractors performing services for Global Integrity in the delivery of the Services. Personal Data may also be provided to the Global Integrity Customer and their agents.

Global Integrity may disclose Personal Data if compelled to do so by a court of law or lawfully requested to do so by a relevant governmental authority using the appropriate means of request. Global Integrity may disclose Personal Data if Global Integrity determines it is necessary or appropriate to comply with the law or to protect or defend Global Integrity’s rights, property or employees.

  1. Location where Customer Data Subjects Personal Data is Processed

Global Integrity business activities are centralized within the United States of America. This centralization may result in the transfer of Personal Data to countries outside of the EEA. For example, a Customer Data Subject that is a customer of Global Integrity may be transferring information with another Global Integrity Customer within the United States. A Customer Data Subject may request to review the safeguards Global Integrity uses for cross border transfers.

Global Integrity may additionally rely on other approved mechanisms for export of Personal Data from the EEA, such as a determination by the European Commission that the recipient country offers adequate protection of Personal Data or pursuant to established derogations for specific situations. Wherever Personal Data is Processed, Global Integrity uses appropriate security measures consistent with GDPR requirements.

  1. Deletion of Customer Data Subjects’ Personal Data

Global Integrity maintains a zero data retention policy . Certain Personal Data will be retained as needed for business administration, tax, or legal purposes and as consistent with applicable law, including GDPR, such as Electronic Communications Metadata and Device Identification Information. While Personal Data is retained, Global Integrity implements appropriate technical and organizational measures designed to make the Personal Data collected secure. Such measures include:

  • Maintaining and protecting the security of computer storage and network equipment and using security procedures that require usernames and passwords to access sensitive data;
  • Applying encryption, deidentification, or other appropriate security controls to protect Personal Data when stored or transmitted; and
  • Limiting access to Personal Data to only those with jobs requiring such access.
  1. Customer Data Subject Rights regarding Processing of Personal Data

GDPR grants a Customer Data Subject certain rights regarding Processing of Personal Data. Global Integrity is committed to honoring these rights and has established effective and transparent policies and procedures to do so. A Customer Data Subject’s rights with respect to his or her own Personal Data include:

  • Right to Notice. This Notice detailing how Personal Data is Processed.
  • Right of Access. Customer Data Subjects may obtain confirmation of whether Personal Data is being Processed and, if it is, request the Personal Data and additional information about the Processing of that data.
  • Right to Rectification. Customer Data Subjects may have inaccurate Personal Data corrected and have incomplete Personal Data made complete.
  • Right to Erasure. Customer Data Subjects may have Personal Data erased, in certain circumstances.
  • Right to Restriction of Processing. Customer Data Subjects may have additional Processing of Personal Data temporarily prohibited while the accuracy or Processing of Personal Data is contested.
  • Right to Data Portability. Customer Data Subjects may be able to receive Personal Data for the purpose of providing that Personal Data to another Controller.
  • Right to Object. A Customer Data Subject may object to Processing of Personal Data at any time and on grounds relating to his or her particular situation.
  • Right to Information Regarding Automated Individual Decision-Making. Global Integrity Processing of Personal Data generally does not include automated decision-making that produces legal effects concerning the Customer Data Subject or similarly significantly affects the Customer Data Subject. In the event Global Integrity implements such automated decision making, Global Integrity will provide meaningful information about the logic involved and the significance and the envisaged consequences of such Processing for the Customer Data Subject.

Whether and how a right applies will depend upon the lawful basis upon which the data is Processed, the nature of the Personal Data, and Global Integrity’s ability to determine that it holds Personal Data of interest. As the Personal Data is processed as part of Global Integrity’s contract obligations to each Global Integrity Customer, for authentication purposes Global Integrity will coordinate responses to requests of Customer Data Subjects. Provision of Personal Data in response to a Customer Data Subject’s request shall not adversely affect the rights and freedoms of others.

  1. Additional Information

A Customer Data Subject may choose to file a complaint with the relevant data protection regulator. Questions regarding this Notice may be sent to Global Integrity’s Data Protection Officer at legal@globalintegrity.com. Please include “Customer Data Subject question” in the email’s subject line.