Last modified: November 20, 2018

 

PDP Global (a DBA of PDP, Inc.) understands that your privacy is important and that you care about how your information is collected, processed, transmitted, stored, used, or shared. We respect and value the privacy of everyone who visits Our Sites and extend the same rights and protections to all visitors and Data Subjects. We will only collect and use information in ways that are useful to you and in a manner consistent with your rights and our obligations under the law.

This Policy applies to our use of any and all data collected by us in relation to your use of Our Sites or other means of collection. Please read this Privacy Policy carefully and ensure that you understand it. Your acceptance of Our Privacy Policy is deemed to occur upon your first use of Our Sites AND/OR you will be required to read and accept this Privacy Policy when signing up for an Account or responding to a survey invitation. If you do not accept and agree with this Privacy Policy, you must stop using Our Sites immediately.

Scope—What does this policy cover? 

This Privacy Policy applies only to your use of Our Web Sites. It does not extend to any websites that We do not own that are linked to from Our Sites (whether We provide those links or whether they are shared by other users). We have no control over how your data is collected, stored, processed, used, transmitted, or shared by other websites and We advise you to check the privacy policies of any such websites before providing any data to them.

Definitions

In this Policy the following terms shall have the following meanings:

“Respondent” The individual taking one of our surveys or completing one of our forms or acting as a student of our PDP eCampus educational material.
“Client” The licensed organization with a my.PDPworks account and certified PDP users.
“PDP Representative” The contracted organization and its users that market, sell and services client accounts. Representatives have access to client accounts and are trained annually on the importance of data confidentiality.
“Survey”

The questionnaire instruments for measuring the dynamics of behaviors. There are three types of surveys:

  1. ProScan Survey administered to individuals and employees,
  2. Applicant ProScan Survey administered to applicants, and
  3. Job Dynamics Analysis (JDA) Survey that is administered to managers and individuals knowledgeable of the job requirements.
“Cookie” A small text file placed on your computer or device by certain parts of Our Sites and/or when you use certain features of Our Sites. See Our Cookie Policy.
“Our Websites”

Includes but not limited to:

PDPglobal.com—Our corporate website my.PDPworks.com—Our web application where users login to process invitations and surveys and to retrieve resulting reports. eCampus.PDPglobal.com—Our Learning Management System (LMS)

“User” You, when you log in to any of our websites.
“We/Us/Our” PDP Global, a DBA of PDP, Inc., a C corporation registered in the State of Colorado, USA.
“Data Subject” Survey respondents, account users—anyone providing personally identifiable information (PII).
“Data Controller” A controller determines the purposes and means of processing personal data.
“Data Processor” A processor is responsible for processing personal data on behalf of a controller.

 

Are We registered with Privacy Shield in the USA?

PDP Global complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.  PDP Global has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/

We recognize that the European Economic Area (EEA) and Switzerland have established strict protections regarding the handling of Personal Data, including requirements to provide adequate protection for personally identifiable information (PII) transferred outside of the EEA or Switzerland. To provide adequate protection for PII received from customers, website users, and survey respondents (assessment takers) and transmitted to and stored in the US, we comply with both the EU-US Privacy Shield and Switzerland-US Privacy Shield Frameworks (collectively, the “Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of PII transferred from the EEA and Switzerland to the US (collectively, the “Privacy Shield Principles”). We have certified to the Department of Commerce that Our Privacy Policy adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles will govern. For more information about the Privacy Shield, see the US Department of Commerce’s Privacy Shield website located at: https://www.privacyshield.gov. To review Our representation on the Privacy Shield list, see PDP Global.

For purposes of enforcing compliance with the Privacy Shield, We are subject to the investigatory and enforcement authority of the US Federal Trade Commission.

Do We have a way for you to contact us to inquire about or exercise your data privacy rights?

Yes. For any question or request relating to your data and privacy, please email us at privacy@pdpglobal.com or call our office on +1 719-785-7300 and we will be happy to assist you in your concerns.

Under certain conditions, more fully described on the Privacy Shield website at How to Submit a Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our EEA/UK Representative:

Ensurety 
Attn: PDP Privacy 
Enterprise House 
Ocean Way 
Ocean Village 
Southampton, Hampshire SO14 3XB 
pdp.privacy@ensurety.co.uk

When do We act as a Data Controller and when do We act as a Data Processor?

We will act in most cases as a Data Processor for our clients. In a small number of cases We will act as the Data Controller. The following is a straightforward way to understand it:

The Data Controller decides what personal data is collected, how it is collected, and its purpose. The Data Processor acts on the explicit instructions of the Data Controller to complete a defined process involving the personal data that was provided.

In the vast majority of cases, We act as a Data Processor or a sub-processor for clients and we have agreements in place to ensure data security. We act in accordance with our customers’ requests and relevant data protection legislation and best practices.

We will occasionally act as Data Controller with data having to do with our own employees and Representatives, along with those situations involving technical support and testing.

What data do We collect on Our Websites, how does it flow, and how do we use it?

PDP Global is responsible for the processing of personal data it receives, under the Privacy Shield, and subsequently transfers to a third party acting as an agent on its behalf. PDP Global complies with the Privacy Shield for all onward transfers of personal data from the EU, including the onward transfer liability provisions. With respect to personal data received or transferred pursuant to the Privacy Shield, PDP Global is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.

Directly

When requesting information on Our Websites about our services, you may use a form where you are asked to provide your name, email address, mailing address, and phone number or other details to help your experience be as beneficial as possible or to provide you with documentation you require.

On the LMS, we may ask for the same information and you may answer test and quiz questions to help you and us to determine your level of knowledge acquisition.

Indirectly

Some data will be collected automatically by Our Websites. Please review our Cookie information. We may collect information about how you use Our Websites to aid Us in continually improving their functionality

This may include information about your originating IP addresses, (which may infer your geographic location but not your identity), Internet service providers, the files viewed and timestamps of activity on Our Websites.

We may also record which operating system, device, and browser version you use to help ensure that you have a positive on-line experience.

Below are flow charts summarizing the collection and processing of marketing, eLearning, and survey data:

PDPglobal.com ka7jcwa1b0f92cmgeavnc6mfbpxwojbf

 

ecampus.PDPglobal.com

srun70cyj6dmvl2zxq5j65wevyo4oyt4

 

When I complete a Survey at my.PDPworks, how is my personal data collected and used? 

The organization (typically Certified Client organizations—generally employers, or Licensed Representatives of PDP Global acting as HR consultants) that has requested that you to complete a survey on my.PDPworks is the Data Controller and We are acting as the Data Processor. The Data Controller decides what data is to be collected and how it will be used. We provide Client organizations with their own unique login to my.PDPworks to manage the data they collect from you. See the flow chart below, which explains the process:

 

kum0gb570z0d8o8ufp0ispeldqcntvui

Are the Surveys provided by Us considered “Automatic Decision Making,” including “Profiling?”

No. All Surveys provided by Us should never be used in isolation in recruitment or human resource processes. Each user from organizations using my.PDPworks.com are trained and instructed in this principle. Our Surveys are provided to Data Controllers as part of a larger decision-making process and structure, which include other information the Data Controller collects.

Do We use personal data from my.PDPworks in research?

As part of continual improvement and validation, We undertake research and analysis, which requires us to process personal data for this clearly defined purpose. When We process such personal data for research purposes, We do so a Data Controller under the lawful basis of Legitimate Interest.

When We process personal data for research, results are presented in group form (e.g., averages). We ensure appropriate safeguards, including anonymization of the data, secure transmittal and storage, and adherence to the principal of least privilege.

In instances where We act as Data Controller, what lawful basis do We have for processing your data?

Based upon the different services we offer and how we provide those services, We rely on the most appropriate lawful basis when processing your data. When the most appropriate lawful basis for processing is Legitimate Interests, We will always ensure that our interest are carefully balanced with and do not adversely impact your rights.

There may also be specific instances where we require your consent for the processing of your personal data. We will ensure the consent obtained is aligned with current applicable legislation that it is specific, informed, and freely given.

How do We ensure the security of our systems and protect my data?

Our employees, associates, and sub-contractors take the security of your personal data seriously.

If you would like to learn more about our security practices, please see Security, and Our Trusted Sub-Processors.

Do We engage with any sub-processors?

Yes. See Our Trusted Sub-Processors and Security document.

How and where is your data stored?

Your data is stored in cloud-based services in highly secured data centers in the US (see Our Trusted Sub-Processors). Your data is encrypted while it is in transit from your web browser to our data center and when at rest it is secure behind tightly held authentication and physical security.

How long do We keep personal data?

As prescribed in applicable law, We only keep personal data as long as necessary. When deciding the length of personal data retention, we take into account any minimum retention requirements set out in applicable legislation.

When We act as Data Processor, the client organization acts as the Data Controller. As such, the client organization will decide how long data should be retained and will manage the retention and anatomizing process accordingly.

When using aggregated data for research purposes, We function as Data Controller and follow what is described in the research question above.

What rights do you have as a data subject?

Your rights as a data subject under GDPR are detailed in Chapter 3 – Articles 12 to 23. You have eight fundamental (though not absolute) rights under GDPR.

  1. Right to Access Personal DataUnder the GDPR, data subjects have the right to access the data collected on them by a data controller. The data controller must respond to that request within 30 days (Article 15).
  2. Right to RectificationData subjects have the right to request modification of their data, including the correction or errors and the updating of incomplete information (Article 16).
  3. Right to ErasureThe right to erasure, also referred to as the right to deletion or the right to be forgotten, allows a data subject to stop all processing of their data and request their personal data be erased (Article 17).
  4. Right to Restrict Data ProcessingData subjects, under certain circumstances, can request that all processing of their personal data be stopped (Article 18).
  5. Right to be NotifiedData subjects must be informed about the uses of their personal data in a clear manner and be told the actions that can be taken if they feel their rights are being impeded. Data subjects must also be informed of any rectification or erasure of their personal data under articles 16, 17, and 18 (Article 19).
  6. Right to Data PortabilityA data subject can request that their personal data file be sent electronically to a third party. Data must be provided in a commonly used, machine readable format, if doing so is technically feasible (Article 20).
  7. Right to ObjectIf a request to stop data processing is rejected by a data controller, the data subject has the right to object to their Article 18 right being denied (Article 21).
  8. Right to Reject Automated Individual Decision-MakingData subjects have the right to refuse the automated processing of their personal data to make decisions about them if that significantly affects the data subject or produces legal effects—profiling for example (Article 22).

What if I have a privacy concern or want to exercise my data subject rights?

Please contact us at privacy@pdpglobal.com. Or you may write to Us at:

PDP Global
Attn: Privacy
13710 Struthers Road, Suite 215
Colorado Springs, CO 80921 USA

We will respond to your request within 30 days. Complex or excessive request may require a longer period for resolution. In situations where We function as the Data Processor, the first step will be to put you in contact with the client organization that functions as your Data Controller. Together we will work to address your request or concern. See overview of how requests work:

We reserve the right to charge an administrative fee or refuse a request where requests for data are clearly unreasonable or excessive, particularly if they are repetitive.

We have chosen to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC), respectively, and comply with information and advice the DPAs and the FDPIC may provide in relation to such unresolved complaints (as further described in the Privacy Shield Principles). Please contact us to be directed to the relevant DPA or FDPIC contacts.

You also have the right to refer data privacy issues or concerns to the ICO at any time. You will find details of how to contact the ICO at https://ico.org.uk/

69yyq46usssnk7tikfioawcu5tk1212s

Reporting a Data Breach

If you believe that a loss of personal data We use or manage has occurred, or an unlawful use or disclosure of the data has occurred contact us at privacy@pdpglobal.com, or you may write to us at:

PDP Global
Attn: Privacy
13710 Struthers Road, Suite 215
Colorado Springs, CO 80921 USA

 

Alternatively, you may contact our EEA/UK Representative:

Ensurety
Attn: PDP Privacy
Enterprise House
Ocean Way
Ocean Village
Southampton, Hampshire SO14 3XB
pdp.privacy@ensurety.co.uk