Request a Demo
Request A Demo

Your Privacy

Our Practice

Last modified: February 23, 2023

PDP Global (a DBA of PDP, Inc.) understands that your privacy is important and that you care about how your information is collected, processed, transmitted, stored, used, or shared. We respect and value the privacy of everyone who visits Our Sites and extend the same rights and protections to all visitors and Data Subjects. We will only collect and use information in ways that are useful to you and in a manner consistent with your rights and our obligations under the law.

This Policy applies to our use of any and all data collected by us in relation to your use of Our Sites or other means of collection. Please read this Privacy Policy carefully and ensure that you understand it. Your acceptance of Our Privacy Policy is deemed to occur upon your first use of Our Sites AND/OR you will be required to read and accept this Privacy Policy when signing up for an Account or responding to a survey invitation. If you do not accept and agree with this Privacy Policy, you must stop using Our Sites immediately.

Scope—What does this policy cover? 

This Privacy Policy applies only to your use of Our Websites. It does not extend to any websites that we do not own that are linked to from Our Sites (whether we provide those links or whether they are shared by other users). We have no control over how your data is collected, stored, processed, used, transmitted, or shared by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.


In this policy, the following terms shall have the following meanings:

“Respondent” The individual taking one of our surveys or completing one of our forms or acting as a student of our PDP eCampus educational material.
“Client” The licensed organization with a my.PDPworks account and certified PDP users.
“PDP Representative” The contracted organization and its users that market, sell and service client accounts. Representatives have access to client accounts and are trained annually on the importance of data confidentiality.

The questionnaire instruments for measuring the dynamics of behaviors. There are three types of surveys:

  1. ProScan Survey administered to individuals and employees,
  2. Applicant ProScan Survey administered to applicants, and
  3. Job Dynamics Analysis (JDA) Survey that is administered to managers and individuals knowledgeable of the job requirements.
“Cookie” A small text file placed on your computer or device by certain parts of Our Sites and/or when you use certain features of Our Sites. See Our Cookie Policy.
“Our Websites”

Include but not limited to:—Our corporate website—Our web application where users login to process invitations and surveys and to retrieve resulting reports.                        —Our Learning Management System (LMS)

“User” You, when you log in to any of our websites.
“We/Us/Our” PDP Global, a DBA of PDP, Inc., a C corporation registered in the State of Colorado, USA.
“Data Subject” Survey respondents, account users—anyone providing personally identifiable information (PII).
“Data Controller” A data controller determines the purposes and means of processing personal data.
“Data Processor” A data processor is responsible for processing personal data on behalf of a controller.


Do we have a way for you to contact us to inquire about or exercise your data privacy rights?

Yes. For any question or request relating to your data and privacy, please email us at or call our office at +1 719-785-7300 and we will be happy to assist you in your concerns.

Under certain conditions, more fully described on the Privacy Shield website at How to Submit a Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our EU/UK Representative:

Attn: PDP Privacy 
Enterprise House 
Ocean Way 
Ocean Village 
Southampton, Hampshire SO14 3XB

When do we act as a Data Controller and when do we act as a Data Processor?

We will act in most cases as a Data Processor for our clients. In a small number of cases, we will act as the Data Controller. The following is a straightforward way to understand it:

The Data Controller decides what personal data is collected, how it is collected, and its purpose. The Data Processor acts on the explicit instructions of the Data Controller to complete a defined process involving the personal data that was provided.

In the vast majority of cases, we act as a Data Processor or a sub-processor for clients and we have agreements in place to ensure data security. We act in accordance with our customers’ requests and relevant data protection legislation and best practices.

We will occasionally act as Data Controller with data having to do with our own employees and Representatives, along with those situations involving technical support and testing.

What data do we collect on Our Websites, how does it flow, and how do we use it?

PDP Global is responsible for the processing of personal data it receives, under the Privacy Shield, and subsequently transfers it to a third party acting as an agent on its behalf. PDP Global complies with the Privacy Shield for all onward transfers of personal data from the EU, including the onward transfer liability provisions. With respect to personal data received or transferred pursuant to the Privacy Shield, PDP Global is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.


When requesting information on Our Websites about our services, you may use a form where you are asked to provide your name, email address, mailing address, and phone number or other details to help your experience be as beneficial as possible or to provide you with documentation you require.

On the LMS, we may ask for the same information and you may answer test and quiz questions to help you and us to determine your level of knowledge acquisition.


Some data will be collected automatically by Our Websites. Please review our Cookie information. We may collect information about how you use Our Websites to aid us in continually improving their functionality.

This may include information about your originating IP addresses (which may infer your geographic location but not your identity), Internet service providers, the files viewed, and timestamps of activity on Our Websites.

We may also record which operating system, device, and browser version you use to help ensure that you have a positive online experience.

Below are flow charts summarizing the collection and processing of marketing, eLearning, and survey data: 

Cookie policy—Website visitors are given notice that cookies are used to improve the online experience.



Entrance from web forms—Consent check boxes are on all forms for communicating and processing.



Internal notifications— Contacts are assigned to PDP Sales Representatives and PDP Staff who are notified of the assignment.


Prospective client/PDP sales receives an auto-response email—The contact receives an auto-response email to schedule a meeting via a calendar app.


Contact information and contextual data is stored—Information such as email, phone, nature of interest, website interactions, and communications (i.e., email, calls, etc.) are stored in the CRM.


Cookie policy—Website visitors are given notice that cookies are used to improve the online experience.




Forms on eCampus—Learners use our forms either to: 1. register on eCampus or 2. identify knowledge obtained and/or views on what you are learning as part of a PDP course.



Registering—If you complete a form to gain access to the eCampus and specific content, PDP processes your data, gives you unique credentials, and stores your data in our hubspot database and in our eCampus. You are then emailed your credentials to provide access to the eCampus and the appropriate contact. Only authorized users may access your data.

New user begins—You, the learner, may begin accessing the eCampus and appropriate content.






Personal Information—Personal information we may collect from you the Learner (Data Subject) may include:

  • Name
  • Email
  • Quiz Answers
  • Response to questions to consider (ungraded)
  • Opinions about the value of the course and accuracy of the report (ungraded)
  • IP address

Existing users processing & emailing—PDP processes your quiz scores and stores your data in our secured eCampus website. Only authorized users may access your scores and responses. Inn some cases, we may send you, your trainer/PDP Representative, and/or employer your answers to follow up, depending on the situation.



Existing users continues—You, the learner, may retake quizzes or move on toward course completion.






When I complete a Survey at my.PDPworks, how is my personal data collected and used? 

The organization (typically Certified Client organizations—generally employers, or Licensed Representatives of PDP Global acting as HR consultants) that has requested you to complete a survey on my.PDPworks is the Data Controller and we are acting as the Data Processor. The Data Controller decides what data is to be collected and how it will be used. We provide Client organizations with their own unique login to my.PDPworks to manage the data they collect from you. See the flow chart below, which explains the process:

PDP SurveysOrganizations use our system to administer surveys (ProScan or JDA).

Personal informationPersonal information an organization may collect from you the respondent (data subject) may include:

  • Name
  • Email
  • Title
  • Survey responses
  • Notes (may be added by the organization)

Email processingPDP processes and stores your data in our secure cloud data center in the U.S., and on behalf of our client organizations, sends an email invitation to you the respondent with a link to a survey. Alternatively, our client organization may provide a paper form or a web page with a link to a survey.


Confirm informationYou, the respondent (employee, applicant, or team member), verifies or corrects your personal information and completes the survey.



Survey processingYour survey is processed and report(s) are generated, stored, and distributed to appropriate users in support of the organization's processes.




Are the Surveys provided by us considered “Automatic Decision Making,” including “Profiling?”

No. All Surveys provided by us should never be used in isolation in recruitment or human resource processes. Each user from organizations using is trained and instructed in this principle. Our Surveys are provided to Data Controllers as part of a larger decision-making process and structure, which include other information the Data Controller collects.

Do we use personal data from my.PDPworks in research?

As part of continual improvement and validation, we undertake research and analysis, which requires us to process personal data for this clearly defined purpose. When we process such personal data for research purposes, we do so as Data Controller under the lawful basis of Legitimate Interest.

When we process personal data for research, results are presented in group form (e.g., averages). We ensure appropriate safeguards, including anonymization of the data, secure transmittal and storage, and adherence to the principal of least privilege.

In instances where we act as Data Controller, what lawful basis do we have for processing your data?

Based upon the different services we offer and how we provide those services, we rely on the most appropriate lawful basis when processing your data. When the most appropriate lawful basis for processing is Legitimate Interests, we will always ensure that our interests are carefully balanced with and do not adversely impact your rights.

There may also be specific instances where we require your consent for the processing of your personal data. We will ensure the consent obtained is aligned with current applicable legislation and that it is specific, informed, and freely given.

How do we ensure the security of our systems and protect my data?

Our employees, associates, and sub-contractors take the security of your personal data seriously.

If you would like to learn more about our security practices, please see Security, and Our Trusted Sub-Processors.

Do we engage with any sub-processors?

Yes. See Our Trusted Sub-Processors and Security document.

How and where is your data stored?

Your data is stored in cloud-based services in highly secured data centers in the U.S. (see Our Trusted Sub-Processors). Your data is encrypted while it is in transit from your web browser to our data center and when at rest. Access to your data is restricted by strong and tightly held authentication and physical security.

How long do we keep personal data?

As prescribed in applicable law, we only keep personal data as long as necessary. When deciding the length of personal data retention, we take into account any minimum retention requirements set out in applicable legislation.

When we act as Data Processor, the client organization acts as the Data Controller. As such, the client organization will decide how long data should be retained and will manage the retention and anonymizing process accordingly.

When using aggregated data for research purposes, we function as Data Controller and follow what is described in the research question above.

What rights do you have as a data subject?

Your rights as a data subject under GDPR are detailed in Chapter 3 – Articles 12 to 23. You have eight fundamental (though not absolute) rights under GDPR.

  1. Right to Access Personal DataUnder the GDPR, data subjects have the right to access the data collected on them by a data controller. The data controller must respond to that request within 30 days (Article 15).
  2. Right to RectificationData subjects have the right to request modification of their data, including the correction or errors and the updating of incomplete information (Article 16).
  3. Right to ErasureThe right to erasure, also referred to as the right to deletion or the right to be forgotten, allows a data subject to stop all processing of their data and request their personal data be erased (Article 17).
  4. Right to Restrict Data ProcessingData subjects, under certain circumstances, can request that all processing of their personal data be stopped (Article 18).
  5. Right to be NotifiedData subjects must be informed about the uses of their personal data in a clear manner and be told the actions that can be taken if they feel their rights are being impeded. Data subjects must also be informed of any rectification or erasure of their personal data under articles 16, 17, and 18 (Article 19).
  6. Right to Data PortabilityA data subject can request that their personal data file be sent electronically to a third party. Data must be provided in a commonly used, machine readable format, if doing so is technically feasible (Article 20).
  7. Right to ObjectIf a request to stop data processing is rejected by a data controller, the data subject has the right to object to their Article 18 right being denied (Article 21).
  8. Right to Reject Automated Individual Decision-MakingData subjects have the right to refuse the automated processing of their personal data to make decisions about them if that significantly affects the data subject or produces legal effects—profiling for example (Article 22).

What if I have a privacy concern or want to exercise my data subject rights?

Please contact us at Or you may write to us at:

PDP Global
Attn: Privacy
13710 Struthers Road, Suite 215
Colorado Springs, CO 80921 USA

We will respond to your request within 30 days. Complex or excessive requests may require a longer period for resolution. In situations where we function as the Data Processor, the first step will be to put you in contact with the client organization that functions as your Data Controller. Together, we will work to address your request or concern. See overview of how requests work:

We reserve the right to charge an administrative fee or refuse a request where requests for data are clearly unreasonable or excessive, particularly if they are repetitive.

We have chosen to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC), respectively, and comply with information and advice the DPAs and the FDPIC may provide in relation to such unresolved complaints (as further described in the Privacy Shield Principles). Please contact us to be directed to the relevant DPA or FDPIC contacts.

You also have the right to refer data privacy issues or concerns to the ICO at any time. You will find details of how to contact the ICO at


Data subject requestData subjects can request a copy of their personal data in a CSV file by emailing They also may request modification or deletion (anonymization) of any personal data. Requests will be acted on within 30 days. The data subject will receive notification once their request is complete.

Communications throughout the deletion or correction processContacts will be given instructions to delete the data in the privacy policy. PDP will respond to requests for deletion which will be emailed to


Documenting the deletion processOnce a deletion or correction request is received, PDP will reply to confirm what action will taken, then notify the data subject once the request is complete. PDP will log the request and resulting actions with our EU Agent.


Reporting a Data Breach

If you believe that a loss of personal data we use or manage has occurred, or an unlawful use or disclosure of the data has occurred contact us at, or you may write to us at:

PDP Global
Attn: Privacy
13710 Struthers Road, Suite 215
Colorado Springs, CO 80921 USA


Alternatively, you may contact our EU or UK Representative:

UK Representative / UK and EU DPO
Ametros Group Ltd
Lakeside Offices, Thorn Business Park
Rotherwas Industrial Estate
0330 223 2246

EU Representative
Ametros Ltd
Unit 3D
North Point House
North Point Business Park
New Mallow Road