Privacy Policy

“The ability to learn faster than your competitors
may be the only sustainable competitive advantage.”
- Arie De Geus Royal Dutch / Shell


GRC Sphere's Privacy Policy

April 12, 2018

Introduction

GRC Sphere values the privacy of its members, customers, affiliates, partners and visitors to its websites and is strongly committed to each individual's right to privacy. Our privacy policy has been developed as a codification of our commitment in this area and the European Union's General Data Privacy Regulation (GDPR) as well as other regulations and privacy standards as cited below.

Our privacy policy explains GRC Sphere’s information gathering and handling practices. If you have any questions regarding GRC Sphere’s privacy policy or do not feel that your concerns have been otherwise addressed, please contact us by sending an e-mail to MemberSupport@GRCsphere.org.

Voluntary Consent

By using GRC Sphere’s websites, you signify your acceptance of our privacy policy. If you, as a visitor, choose to log on as a member, register for educational courses or events, purchase products or services, apply for membership or certification, or otherwise submit personally identifiable information, you are consenting to GRC Sphere’s use of such data in accordance with its privacy policy. Your consent is entirely voluntary on your part. You have the right to not use our website as well as the right to not "opt-in" or register.

Scope

It is the intent of The GRC Sphere to be in compliance with the principles of the Personal Information Protection and Electronic Documents Act of Canada, the European Union Safe Harbour Act, the Data Protection Act of the United Kingdom, the EU's GDPR and selected legislation worldwide regarding privacy of data. If any provision of this policy is in conflict with such legislation, the provisions of this policy shall apply, except when otherwise required by law.

This policy guides how The GRC Sphere stores and uses personal information that is collected by GRC Sphere or provided to GRC Sphere, whether through our websites or by other methods such as an application, enrollment, registration, our purchase order form, or other means. This policy covers all of GRC Sphere's websites. However, this policy does not cover affiliate websites whether or not linked to GRC Sphere’s sites.

Membership Identity Number and Password

All individual GRC Sphere members (not corporations) are entered into our global membership database and are assigned a unique membership number. When members log on to the website, they will be asked to enter their e-mail address and to create a unique password to authenticate their membership.  Membership numbers are delivered to members together with basic information about membership benefits and services either directly from the global GRC Sphere website.

Collection and Use of Information

Even if you do nothing during your visit other than navigating a GRC Sphere website, read pages, or download information, we will automatically gather and store certain information about your visit. In order to ensure that our websites are as useful and effective an information source as they can be, we analyze information that identifies visitors by categories such as the location of visitors (by domain, not by personal e-mail address) and browser types. We also measure, in the aggregate, indicators such as the number of visits, average time spent on the sites, and pages viewed. The GRC Sphere uses these statistics to improve site content and usability; this information does not identify visitors personally.

However, when a visitor "opts-in" to get on GRC Sphere's distribution list (which is contained and managed within our Customer Relationship Management System, i.e. our CRM system), then they need to enter their name and an e-mail address and, for member registration, they need to designate a password which must be obtained for the purpose of logging in to restricted pages. When these actions take place, a "temporary cookie" is deployed. This cookie — a small text file stored temporarily on the visitor's browser — enables the website to "remember" this authentication information during movement from one page to another. This makes it unnecessary to log in again on each page. The cookie will expire when the visitor leaves and no personal data is retained. In addition, to help prevent unauthorized users from using your identifying information, the cookie will expire if your session is idle for approximately 20 minutes. If you have set your Internet browser to reject cookies, access may be denied to secured areas of The GRC Sphere’s websites.

With the exception of specific secured pages, visitors are not required to be GRC Sphere members in order to gain access to GRC Sphere’s websites, although non-members may be required to register to receive all benefits available to users of the sites. This voluntary process is known, technically, as "authentication" and non-technically as an "opt-in".

The GRC Sphere may use personally identifiable information which you have voluntarily provided on our websites or by other means to notify you via e-mail of digital content or other printed material of GRC Sphere’s events or other relevant products and services offered by The GRC Sphere. If you are a member of a GRC Sphere member group, industry cluster, committee or other community, The GRC Sphere’s may contact you directly.  If you are a member of a GRC Sphere industry cluster or Special Interest Group, The GRC Sphere may ask you if you'd like to be listed in our member directories for social networking purposes. If you do not want to receive notice of such events or be included in member directories, you have the right to do so.

Collection of Personal Data from The GRC Sphere

The GRC Sphere collects, at a minimum, the names of GRC Sphere members who join GRC Sphere and records these in the global membership database (i.e. our CRM system) in order to issue unique membership numbers. Members who wish to access the website will also have to provide their e-mail address.  Transfer and update of data between GRC Sphere and members is allowed through the explicit consent of its members or through adherence of GRC Sphere to the Safe Harbour Act in Europe, Data Protection Act in the UK, GDPR or other privacy policies worldwide. The amount of personal information recorded in the database depends on the services selected by GRC Sphere or the member and the preferred method of delivery. Members who do not wish to be contacted by GRC Sphere may choose so, while members who wish to access additional services may provide additional personal data either directly on GRC Sphere’s website or via GRC Sphere’s product and service order / purchase forms or on our value-added affiliate services websites.

The GRC Sphere collects limited personal data from GRC Sphere affiliates worldwide in order to provide limited membership services to individuals who belong jointly to these affiliates and to GRC Sphere. Members of GRC Sphere will always be provided with the right to voluntarily "opt-in" or register and also to request that all information that pertains to them in our CRM system be deleted upon request by them at any time. All they need to do is to contact us at MemberSupport@GRCsphere.org and request deletion of their data, have us modify it or get any other help that they may need regarding their personal information record.

Disclosure of Information to Third Parties

If you voluntarily provide The GRC Sphere with personally identifiable information, The GRC Sphere may share personal information with companies, organizations or individuals outside of GRC Sphere when we have your consent to do so. The GRC Sphere requires opt-in consent for the sharing of any sensitive personal information.  The GRC Sphere may release information on a selective basis to outside organizations whose products and services are of perceived benefit. These organizations include, but are not limited to:

  • Various companies that authenticate credit cards on behalf of The GRC Sphere if you provide a credit card for the purchase of products or services.
  • GRC Sphere community chapters, which may solicit you for local participation or local membership. In the case of GRC Sphere members, The GRC Sphere chapter may publish your name in a directory or use your data to mail or e-mail local materials, if and only if, you have provided your voluntary consent to do so.
  • For some North American members, The GRC Sphere may provide mailing information to other organizations whose products and services are of perceived benefit, if and only if, you have provided your voluntary consent to do so.
Disclosure of Information for Legal Reasons

The GRC Sphere will share personal information with companies, organizations or individuals outside of The GRC Sphere if The GRC Sphere has a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:

  • Meet any applicable law, regulation, legal process or enforceable governmental request.
  • Enforce applicable Terms of Service, including investigation of potential violations.
  • Detect, prevent, or otherwise address fraud, security or technical issues.
  • Protect against harm to the rights, property or safety of The GRC Sphere, our members or the public as required or permitted by law.

There are other instances in which The GRC Sphere may divulge your personal information. The GRC Sphere may provide your personal information if necessary, in The GRC Sphere’s good faith judgment, to comply with laws or regulations of a governmental or regulatory body or in response to a valid subpoena, warrant or order, or to protect the rights of The GRC Sphere or others.

Disclosure of Sensitive Personal Information to Third Parties

The GRC Sphere requires opt-in consent for the sharing of any sensitive personal information.  Sensitive personal information is a particular category of personal information relating to confidential medical facts, racial or ethnic origins, political or religious beliefs or sexuality. The GRC Sphere does not knowingly collect these specific types of sensitive personal information.

Right of Access

The GRC Sphere is dedicated to providing reasonable access to our members and others who want to review their personal information maintained by GRC Sphere and correct any inaccuracies therein. Members may view and update their data by accessing their Member Profile, available upon logging in to www.GRCsphere.org. GRC Sphere members and Non-members may verify and/or change their data by e-mailing MemberSupport@GRCsphere.org or by writing Member Support, The GRC Sphere c/o RuleSphere International, Inc. PO Box 152, Still River, MA 01467-0152, USA. The GRC Sphere, however, is not responsible for verifying the continued accuracy of either member or non-member information.

Security

Although The GRC Sphere does not monitor the websites, The GRC Sphere has reasonable policies in place to protect from misuse, the personally identifiable information provided by its users.

Links

The GRC Sphere’s websites contain "links" to other sites, including sites operated by GRC Sphere and GRC Sphere’s chapters. The GRC Sphere does not control, and is not responsible for, the accuracy, timeliness, security, or even the continued availability or existence of this outside information. Opinions expressed on other sites linked from The GRC Sphere’s websites are not necessarily those of The GRC Sphere, nor does The GRC Sphere endorse, warrant, or guarantee products or services described or offered on those other sites. Neither is The GRC Sphere responsible for the contents of any websites that choose to link to The GRC Sphere’s websites with or without The GRC Sphere’s consent.

Other organizations linked to The GRC Sphere’s websites may collect information about you when you view or click on these sites. The GRC Sphere cannot control this collection of information. You should contact these organizations directly if you have any questions about their use of the information they collect.

Changes to Privacy Policy

The GRC Sphere’s Privacy Policy may change from time to time. The GRC Sphere will not reduce your rights under this Privacy Policy without your explicit consent. The GRC Sphere will post any privacy policy changes on this page and, if the changes are significant, The GRC Sphere will provide a more prominent notice (including, for certain services, email notification of privacy policy changes). The users of The GRC Sphere’s websites should reference this policy periodically to ensure that they have knowledge of the current provisions of The GRC Sphere’s privacy policy.

DISCLAIMERS

THIS WEBSITE AND ITS CONTENT ARE PROVIDED "AS IS" AND THE GRC SPHERE EXCLUDES TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY OR FITNESS FOR A PARTICULAR PURPOSE. THE FUNCTIONS EMBODIED ON, OR IN THE MATERIALS OF, THIS WEBSITE ARE NOT WARRANTED TO BE UNINTERRUPTED OR WITHOUT ERROR. YOU, NOT THE GRC SPHERE, ASSUME THE ENTIRE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION DUE TO YOUR USE OF THIS WEBSITE.

Except as specifically stated in this Policy, or elsewhere on this website, or as otherwise required by applicable law, neither The GRC Sphere nor its directors, employees, content providers, affiliates or other representatives will be liable for damages of any kind (including, without limitation, lost profits, direct, indirect, compensatory, consequential, exemplary, special, incidental, or punitive damages) arising out of your use of, your inability to use, or the performance of this website or the Content whether or not we have been advised of the possibility of such damages.

The GRC Sphere uses reasonable efforts to ensure the accuracy, correctness and reliability of the Content, but we make no representations or warranties as to the Content's accuracy, correctness or reliability.

Some US states and foreign countries do not permit the exclusion or limitation of implied warranties or liability for certain categories of damages. Therefore, some or all of the limitations above may not apply to you to the extent they are prohibited or superseded by state or national provisions.

Opting In and Opting out of the Release of Personal Information

Members are entered into the global membership database (contained and managed solely within our CRM system) and given the choice to opt-in and / or register in order to receive communications from The GRC Sphere or a GRC Sphere chapter. To opt out or have your personal information deleted, please send your request via e-mail to: MemberSupport@GRCsphere.org.

GRC Sphere’s members will not be contacted by The GRC Sphere unless they opt-in either by opting-in, registering for free or purchasing a paid membership subscription to receive optional services and communications.

However, if you choose to provide The GRC Sphere with personally identifiable information by purchasing a product, registering for an event, or requesting other services, The GRC Sphere may use that information to provide you with the purchased products or services, for billing purposes, to send immediately relevant information to you, and for other purposes related to the reason you provided the information as detailed in this privacy policy.

The GRC Sphere
PO Box 153
Still River (Town of Harvard), MA 01467-0152
USA

Go to LinkedIn GRC Sphere Community to request approval to join us: 
https://www.linkedin.com/grp/home?gid=8338283

Phone:
1(978) 456-8253
E-Mail: MemberSupport@GRCsphere.org
Skype:  GRCsphere

Reinventing the Strategic Vision and Value of GRC…

“Come for our rich content, Stay for our awesome communities!”