Last Modified: July 6, 2018
What Information We Collect
How We Use the Information We Collect
How We Share the Information We Collect
Cookies and Other Technology
EU General Data Protection Regulation (GDPR) Policy
EU-U.S. AND SWISS-U.S. PRIVACY SHIELD POLICY
- “Assessment” means an instrument, questionnaire, or inventory, such as the Strength Deployment Inventory (“SDI”) that is completed by Respondents for the preparation of Reports; or to provide information about a Respondent to the Respondent, PSP, or PSP Customers.
- “Certified Facilitator” means an individual who has successfully completed one of our certification programs that can administer an Assessment to Respondents, and interprets the Reports or other output generated by PSP to provide feedback to the Respondent(s) about the contents of the Respondent’s Reports.
- “Customer” means an individual, business, or other entity that purchases PSP’s Products or Services, or with which PSP has a contractual relationship to provide Products or Services.
- “Non-Personal Information” means information such as IP address, device information, cookie data, or other session data that cannot lead to an identifiable individual.
- “Personal Information” means information such as name, email address, mailing address, telephone number, billing information, and account information, that is necessary for providing or receiving Products or Services of PSP.
- “Platform” means the offerings that we currently provide, such as Core Strengths and TotalSDI, and those that we may develop in the future.
- “Products and Services” means the products and services promoted, sold, or available for sale by PSP, such as our Assessments and Reports.
- “Reports” means an analysis of the responses provided in connection with an Assessment, which reflects a Respondent’s responses to an Assessment. Reports may be dynamically displayed in our platforms, or statically displayed in print or electronic form.
- “Respondent” means an individual who takes, will take, or has taken an Assessment.
- “Sender” means an individual who invites a respondent to complete an Assessment and who has access to the Reports generated about the Respondent.
- “Website” means this Website and any others owned and operated by PSP.
If you visit our Website, we collect Non-Personal Information that is provided to us by your browser and through our log files. We may record some of this data in one or more cookies that we send to your browser (see “Cookies and Other Technologies”).
If you register or create an account, we require that you provide certain Personal Information during account registration. We collect your name, contact information, and may ask you for other optional information, such as a photo or an evaluation.
If you complete an Assessment, we collect your name, contact information, Assessment responses, session data, and other information you may choose to provide or associate with your account.
If you choose to receive marketing communications, we may collect information on the open rate and whether a specific individual has clicked on a link.
If you are a Customer or other business contact, we may collect your name and other contact information in the regular course of our interaction with you.
If you interact with third parties regarding our Products or Services, we may receive information about you, such as from Customers, websites where we advertise, business partners, and service providers.
Our Policy Towards Children, Children under 18 are not permitted to use the Website or our Platform without the consent of a parent or guardian.
To facilitate the use of our Platform, we use session data to enhance navigation, to avoid requesting identity information when the visitor moves from page to page, and in general to enhance the quality of our Platform. We may use aggregated session data to better understand how our Platform is navigated, as well as the types of browsers and computer operating systems that our visitors use, and the IP addresses of the visitors.
In connection with Assessments, we use the responses to an Assessment to score the Assessment and to generate Reports and other data related to the Respondent. We may combine data from multiple Respondents; combine Respondent data with our general research data; or compare or associate Respondent data with other Respondent data.
For security purposes, we may use IP addresses and session data to ensure a secure connection, to diagnose problems with our servers, and to administer our Websites and Platforms.
For marketing purposes, we may use email or other contact information to send marketing communications and will always provide an unsubscribe option.
Customers: If you take an Assessment sponsored by a Customer, that Customer may receive Reports based on the Assessment you took in order to provide you with relevant products and services.
Mergers & Acquisition; Bankruptcy, we may disclose, share or transfer some or all of our Customers’ information to or with the appropriate entity in preparation of the transaction, as part of the due diligence, or after the transaction has been finalized, so that the successor entity can continue providing our services to our Customers.
Law Enforcement; Litigation, certain federal, state, local, or other government regulations may require that we disclose information that we hold. We will use reasonable efforts to disclose only the information required under applicable law in response to a valid court order, warrant, or subpoena.
To defend or enforce our rights, PSP may use information to protect itself, to prevent fraudulent activity, or where it is otherwise necessary to pursue available remedies. If a Customer neglects to pay amounts due and owed to PSP, PSP may send that Customer’s name, contact information, and account information to a third-party service provider for collection of overdue payments.
Most websites, including ours, use a browser feature to set a small file called a “cookie” on your computer’s browser. The website placing the cookie can then recognize that browser when you revisit the site to allow automatic login and track how you are using the site. You have the right to block cookies by configuring your browser’s preferences or settings to stop accepting cookies, or prompt you before accepting a cookie from a website that you visit.
We retain your Personal Information for as long as your account remains active or for as long as you continue to do business with us. Thereafter, we may retain Assessment responses and other data for as long as the information is needed for our research, statistical analysis, product development, or other commercial purposes.
We follow generally accepted industry standards to protect Personal Information, both during transmission and once we receive it. We use administrative, physical, and technical measures to protect Personal Information from any unauthorized access, loss, misuse, disclosure, alteration, or destruction.
All data collected through our Platforms are transmitted securely over the internet using 256-bit TLS encryption protocols or better. The data are stored on secure servers in an ISO 27001-certified data centers in Canada and the European Economic Area (EEA).
The GDPR is a set of regulations coming into effect on May 25, 2018 that enhances the date privacy rights of EU individuals. PSP is committed to upholding GDPR compliance among our Products and Services.
We have updated our internal policies and external contracts to ensure compliance with the GDPR prior to the official launch. PSP processes personal data on the following legal bases: (1) with your consent; (2) as necessary to provide our Products and Services; and (3) as necessary for our legitimate interests in providing the Products and Services where those interests do not override your fundamental rights and freedom related to data privacy. PSP has put in place safeguards to protect personal privacy and individual choice, including disclosures of its data processing activities and the use of consent mechanisms.
Right to lodge a complaint, Customer or others that interact with PSP that reside in the EEA or Switzerland have the right to lodge a complaint about our data collection and processing actions with the supervisory authority concerned. The contact details for data protection authorities are available here.
Transfers, Personal Information we collect may be transferred to, and stored and processed in, the United States or any other country in which we or our affiliates or subcontractors maintain facilities. Upon the start of enforcement of the General Data Protection Regulation (GDPR), we will ensure that transfers of Personal Information to a third country or an international organization are subject to appropriate safeguards as described in Article 46 of the GDPR.
Individual Rights, if you are a resident of the EEA or Switzerland, you are entitled to the following rights once the GDPR becomes effective. Please note, that in order to verify your identity, we may require you to provide us with personal information prior to accessing any records containing information about you.
The right to access and correction, you have the right to request access to, and a copy of, your personal data at no charge, as well as certain information about our processing activities with respect to your data. You have the right to request correction or completion of your personal data if it is inaccurate or incomplete. You have the right to restrict our processing if you contest the accuracy of the data we hold about you, for as long as it takes to verify its accuracy.
The right to request data erasure, you have the right to have your data erased from our Platform if the data is no longer necessary for the purpose for which it was collected, you withdraw consent and no other legal basis for processing exists, or you believe your fundamental rights to data privacy and protection outweigh our legitimate interest in continuing the processing.
The right to object to our processing, you have the right to object to profiling or other processing if your legitimate interests outweigh the legitimate interests of PSP and so long as it does not interfere with a task carried out for reasons of public interest.
Data breach notification policy, PSP will follow all applicable rules and regulations of the GDPR, along with guidance and instruction from the applicable data protection authorities, in handling, responding, and resolving a data breach.
Data governance obligations, PSP has established procedures for periodically verifying implementation of and compliance with the GDPR Principles. PSP conducts ongoing assessments of our data protection practices to verify the attestations and assertions of our privacy practices are have been implemented properly.
Privacy by Design, PSP has implemented various technical and organizational measures to protect and minimize the amount and use of personal data we receive. We have designed our systems and processes to ensure the necessary safeguards of data protection are met.
Details of staff training and competence, PSP has trained all necessary staff on the privacy regulations in effect and have appointed a global Data Protection Officer to administer the data governance framework globally.
PSP is subject to the investigatory and enforcement powers of the Federal Trade Commission. If PSP shares EU or Swiss data with a third-party service provider that processes the data solely on PSP’s behalf, then PSP will be liable for that third party’s processing of EU and Swiss data in violation of the Privacy Shield, unless PSP can prove that it is not responsible for the event giving rise to the damage.
If you would like to request access to, correction, amendment, or deletion of your personal data, you can submit a request to firstname.lastname@example.org/enuk. We may request specific information from you to confirm your identity.
PSP, Inc. provides choices and means for individuals to limit the use and disclosure of their personal data. Individuals are provided with information regarding the purpose for which personal data is being collected, how it will be used, and the third parties, if any, that would receive personal data. PSP, Inc. also provides a mechanism for registered account holders to delete their account and all associated personal data upon request.
PSP, Inc. will only process personal data in a manner compatible with the purpose that it was collected for. PSP, Inc. maintains reasonable procedures to ensure that EU and Swiss personal data is reliable for its intended use, accurate, complete, and current.
Under certain circumstances, we may be required to disclose your EU or Swiss personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
For any questions or complaints regarding our compliance with the Privacy Shield Framework, please contact us at: email@example.com/enuk. If PSP, Inc. does not resolve your complaint, you may submit your complaint free of charge to https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim PSP, Inc’s designated independent dispute resolution provider. Under certain conditions specified by the principles of the EU-U.S. and Swiss-U.S. Privacy Shield Framework, you may also be able to invoke binding arbitration to resolve your complaint.
Personal Strengths Publishing, Inc. (PSP)
2701 Loker Ave. West, Suite 250
Carlsbad, CA 92010
United States of America
Global Data Protection Officer
Tim Scudder, PhD
Personal Strengths Publishing, Inc.
2701 Loker Ave. West
Carlsbad, CA 92008
United States of America
GDPR EEA Representative
Tim Scudder, PhD
Personal Strengths (UK) Ltd.
Stuart House East Wing, St John’s Street Suite 244
Peterborough PE1 5DD