Revised May 19, 2017
1. WEB SITE COVERED & LINKS TO OTHER SITES
2. USERS FROM OUTSIDE THE UNITED STATES
Unless otherwise agreed in writing by us, the Websites are provided from within the United States and is subject to the applicable state and federal laws of the United States. Unless otherwise agreed in writing by us, if you are located outside the United States, please be aware that your Information is being transferred to and stored in the United States.
3. WE OPERATE IN THE UNITED STATES
Our servers and offices are located in the United States, so your information may be transferred to, stored, or processed in the United States unless otherwise agreed in writing by us. While the data protection, privacy, and other laws of the United States might not be as comprehensive as those in your country, we take many steps to protect your privacy, including offering a data processing agreement to acknowledge our compliance with requirements regarding the cross-border transfer of Personal Data originating from the European Economic Area (EEA), including the EU Directive 95/46/EC on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data (as implemented in national law), and effective from 25 May 2018 the requirements under the Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (EU General Data Protection Regulation) (as implemented in national law in the case of EEA member states which are not part of the EU, and as amended from time to time).
Riskonnect also self-certifies under the U.S.-Swiss Safe Harbor Framework. To learn more about the Safe Harbor program, and to view our certification, please visit http://2016.export.gov/safeharbor/swiss/.
By using our Websites, you understand and consent to the collection, storage, processing, and transfer of your information to our facilities in the United States and those third parties with whom we share it as described in this policy unless otherwise agreed in writing by us.
4. INFORMATION COLLECTED
When expressing an interest in obtaining additional information about the Services or registering to use the Services, We require you to provide us with personal contact information, such as name, company name, address, phone number, and email address (“Required Contact Information”). When purchasing the Services, Riskonnect may require you to provide financial qualification and billing information, such as billing name and address, credit card number, and the number of employees within the organization that will be using the Services (“Billing Information”). Riskonnect may also ask you to provide additional information, such as company annual revenues, number of employees, or industry (“Optional Information”). Required Contact Information, Billing Information, and Optional Information about Customers are referred to collectively as “Data About Riskonnect Customers”, or in the case of Attendees, “Data About Riskonnect Attendees”.
With respect to employees and non-employee personnel of Riskonnect, on occasion, transfers personnel data to the United States in connection with the efficient management and operation of Riskonnect, enabling all Riskonnect personnel to communicate with one another and work together, human resources and benefits administration, and safety and security processes. Riskonnect may also transfer employee and non-employee personnel data to an agent of Riskonnect in connection with the above purposes, such as a payroll provider, benefits provider or background-screening provider. Personnel data may also be processed and transferred to the United States in connection with collection and discovery requests in the context of litigation or government investigations, and in such context it may be made available to adverse parties in litigation or governmental entities.
5. USE OF INFORMATION COLLECTED
Riskonnect uses Data About Riskonnect Customers to perform the services requested. For example, if you fill out a “Contact Me” Web form, Riskonnect will use the information provided to contact you about your interest in the Services.
Riskonnect also uses Data About Riskonnect Attendees to plan and host corporate events in which event attendees may participate and to populate online profiles for Attendees on Riskonnect’s web sites. Additional information on Riskonnect’s privacy practices with respect to Data About Riskonnect Attendees may be found in additional privacy policies on the event web sites, as the case may be.
Riskonnect may also use Data About Riskonnect Customers and Data About Riskonnect Attendees for marketing purposes. For example, Riskonnect may use information you provide to contact you to further discuss your interest in the Services and to send you information regarding Riskonnect, its affiliates, and its partners, such as information about promotions or events.
Riskonnect uses credit card information solely to check the financial qualifications and collect payment from prospective Customers and Attendees.
Riskonnect uses Web Site Navigational Information to operate and improve Riskonnect’s web sites. Riskonnect may also use Web Site Navigational Information alone or in combination with Data About Riskonnect Customers and Data About Riskonnect Attendees to provide personalized information about Riskonnect.
6. WEB SITE NAVIGATIONAL INFORMATION
As stated previously, Riskonnect uses commonly-used information-gathering tools, such as cookies and Web beacons, to collect information as you navigate the Company’s Web sites (“Web Site Navigational Information”). This section describes the types of Web Site Navigational Information used on Riskonnect’s web sites and how this information may be used.
6.2 Web Beacons. Riskonnect uses web beacons alone or in conjunction with cookies to compile information about Customers and Visitors’ usage of Riskonnect’s web sites and interaction with emails from Riskonnect. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you viewed a particular web site tied to the web beacon, and a description of a web site tied to the web beacon. For example, Riskonnect may place web beacons in marketing emails that notify Riskonnect when you click on a link in the email that directs you to one of Riskonnect’s web sites. Riskonnect uses web beacons to operate and improve Riskonnect’s web sites and email communications.
6.3 IP Addresses. When you visit Riskonnect’s web sites, Riskonnect collects your Internet Protocol (“IP”) addresses to track and aggregate non-personal information. For example, Riskonnect uses IP addresses to monitor the regions from which Customers and Visitors navigate Riskonnect’s web sites.
Riskonnect also collects IP addresses from Customers when they log into the Services as part of Riskonnect’s “Identity Confirmation” and “IP Range Restrictions” security features.
7. SHARING OF INFORMATION COLLECTED
7.2 Business Partners. From time to time, Riskonnect may partner with other companies to jointly offer products or services. If you purchase or specifically express interest in a jointly-offered product or service from Riskonnect, We may share Data About Riskonnect Customers collected in connection with your purchase or expression of interest with our joint promotion partner(s). Riskonnect does not control our business partners’ use of the Data About Riskonnect Customers we collect, and their use of the information will be in accordance with their own privacy policies. If you do not wish for your information to be shared in this manner, you may opt not to purchase or specifically express interest in a jointly offered product or service.
Riskonnect does not share Data About Riskonnect Attendees with business partners unless: (1) you specifically opt in to such sharing via an event registration form or (2) you register to attend a Riskonnect corporate event, including webinars. If you do not wish for your information to be shared in this manner, you may choose not to opt in via event registration forms and elect not to have your badge scanned at Riskonnect events. If you choose to share your information with business partners in the manners described above, your information will be subject to the business partners’ respective privacy policies.
7.3 Billing. Riskonnect uses a third-party service provider to manage credit card processing. This service provider is not permitted to store, retain, or use Billing Information except for the sole purpose of credit card processing on Riskonnect’s behalf.
7.4 Compelled Disclosure. Riskonnect reserves the right to use or disclose information provided if required by law or if Riskonnect reasonably believes that use or disclosure is necessary to protect Riskonnect’s rights and/or to comply with a judicial proceeding, court order, or legal process.
8. INTERNATIONAL TRANSFER OF INFORMATION COLLECTED
9. COMMUNICATIONS PREFERENCES
Riskonnect offers Visitors, Customers, and Attendees who provide contact information a means to choose how Riskonnect uses the information provided. You may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of Riskonnect’s marketing emails. Additionally, you may send a request specifying your communications preferences to firstname.lastname@example.org. Customers cannot opt out of receiving transactional emails related to their account with Riskonnect or the Services.
10. CUSTOMER DATA
Riskonnect Customers may electronically submit data or information (including personal data) to the Services for hosting and processing purposes (“Customer Data”). Riskonnect will not review, share, distribute, or reference any such Customer Data except as provided in a Master Services Agreement (or comparable agreement with Riskonnect), or as may be required by law. In accordance with a Master Services Agreement (or comparable agreement with Riskonnect), We may access Customer Data only for the purpose of: (i) providing the Services (including with our contracted service providers as further described in Section 5.1 hereto); (ii) preventing or addressing service or technical problems; (iii) at a Customer’s request in connection with customer support matters; or (iv) as may be required by law.
Riskonnect uses robust security measures to protect Customer Data from unauthorized access, maintain data accuracy, and help ensure the appropriate use of Customer Data. When the Services are accessed using Internet Explorer version 11.0 or later, Firefox version 48.0 or later, Chrome version 56.0 or later, Safari version 10.0 or later, Secure Socket Layer (“SSL”) technology protects Customer Data using both server authentication and data encryption. These technologies help ensure that Customer Data is safe, secure, and only available to the Customer to whom the information belongs and those to whom the Customer has granted access. Riskonnect also implements an advanced security method based on dynamic data and encoded session identifications, and Riskonnect hosts its web sites in a secure server environment that uses firewalls, intrusion detection systems, and other advanced technology to prevent interference or access from outside intruders. Riskonnect also offers enhanced security features within the Services that permit Customers to configure security settings to the level they deem necessary. Customers are responsible for maintaining the security and confidentiality of their Riskonnect usernames and passwords.
Because Riskonnect uses the Services to maintain Data About Riskonnect Customers and Data About Riskonnect Attendees, this information, which is stored in the Services, is secured in the same manner as described above for Customer Data.
12. CORRECTING AND UPDATING YOUR INFORMATION
Riskonnect shall allow you access to your personal Data and allow you to correct, amend or delete inaccurate information, except where the rights of persons other than you would be violated. Any requests We receive by email or webform to access, change, or delete your information will be completed within thirty (30) days. Normally, Customers may update or change their registration information by editing their user profiles or organization records at the appropriate Riskonnect website. Normally, Attendees may update or change their registration information after logging into appropriate Riskonnect website for the given Riskonnect corporate event.
If you have any questions or complaints regarding our compliance with the U.S-Swiss Safe Harbor Framework, please contact us. Riskonnect has a designated employee who oversees and is accountable for the security of Data on Riskonnect’s web sites. If a complaint or dispute cannot be resolved through our internal process, Riskonnect agrees to dispute resolution by the Swiss Data Protection Authority to serve as an independent recourse mechanism (IRM) for dispute resolution.
15. CONTACTING US