Effective March 22, 2019
A) General Information
B) Contact Information
Herrmann will control the use of your personal data. You may contact Herrmann at: Herrmann International, Inc. P.O. Box 389 Forest City, NC 28043 +1.828.348.6391 email@example.com
Our representative in the European Union is Herrmann International UK. You may contact the representative at: Herrmann International 10 John Street London, WC1N 2EB +44 (0) 208 123 7155 firstname.lastname@example.org
C) Personal Data We Collect and Purposes for which it is Used
I) Legal bases of the processing of personal data
Insofar as we obtain the consent for the processing of personal data, Art. 6 para. 1 lit. a of the EU General Data Protection Regulation ("GDPR") serves as the legal basis for the processing of personal data relating to persons who are in the European Union.
We also collect and process personal data to facilitate our legitimate business interests in accordance with Article 6 para. 1 lit. f of the EU General Data Protection Regulation ("GDPR"). These interests include providing our products and services to you, communicating additional information to you regarding our products and services, and conducting other activities associated with managing our business.
When we process your personal data to facilitate our business interests, we balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). Prior to collecting and processing special categories of personal data that are, or might reasonably be considered to be, sensitive or otherwise subject to heightened protection under applicable laws, we will ask for your explicit consent. We will also ask for your consent in each case before processing your personal data other than as described in this Privacy Statement or as previously consented to by you. If you participate in an assessment, we will first obtain your consent to process your personal data, including contact information, assessment responses, and resulting profiles and reports as reasonably necessary to conduct the assessment. Your consent will establish a legal basis for such processing in accordance with GDPR Article 6 para. 1 sentence 1 lit. (a). The consent document for each assessment will provide you with specific information regarding how your data will be processed, prior to your taking the assessment. In accordance with GDPR Article 6 para. 1 sentence 1 lit. (b) Personal data can be processed in order to establish, execute or terminate a contract with you. This is also the case if we are legally obliged to process your personal data, cf. Art. 6 para. 1 sentence 1 lit. (c) GDPR.
II) Examples of personal data we may collect and use include the following:
1. Personal Data required for the provision of products and services
To provide you with information regarding our products and services and to enable you to use and procure them, we may collect personal data including but not limited to: ● name, ● telephone number, ● address, and email address. Some products, such as assessments, require the collection of additional information such as your responses to questions which identify thinking style preferences. Demographic and research information may also be requested. We use information collected from assessments to create and deliver reports, such as the HBDI® individual profile reports, profile transparency pages, data summary sheets, narrative descriptions and other reports. These reports are provided to certified practitioners for interpretation and distribution to assessment subjects or, in some cases, may be sent directly to them. Certified practitioners have been accredited by Herrmann to distribute and interpret assessment results responsibly and are required to do so in accordance with applicable laws. To enable you to interact with our websites, mobile apps, products and services, we may also collect passwords, password hints, and similar security information needed for authentication and account access. To enable purchases of products and services, we collect data necessary to process payments. Such information may include a credit card number and the associated security code if that is your chosen method of payment. We may also request and collect other data from you via forms on our websites. In some cases, our apps may permit you to enter, sync, store and process third party personal data, which will not be accessible to us. If you choose to use such app functionality, you are responsible for processing the personal data you enter, sync, store and process in conformance with all applicable data processing and privacy laws and regulations.
2. Information collected via cookies
a) Description and purpose of data processing using cookies
b) Legal basis of data processing
3. Information automatically collected and stored in log files
a) Description and purpose of data processing using log files
Our websites may automatically gather and store certain information in log files, including, without limitation, IP Address, browser type, Internet service provider, referring/exiting pages, operating system, date/time stamp and clickstream data. We also use personal data, to the extent necessary to: i. protect against and prevent fraud, legal claims, and liabilities; and to manage risk exposure; ii. respond to your inquiries and requests; iii process and manage opt-out or unsubscribe requests; iv. comply with applicable laws, regulations, codes, and industry standards and practices; v. create and send communications to you; vi. respond to subpoenas or to orders of a court or government agency; and vii. establish, exercise, or defend legal claims, including, without limitation, to protect Herrmann's rights and/or property.
b) Legal basis of data processing
The processing of personal data relating to persons who are in the European Union through the use of log files is Art. 6 para. 1 lit. f GDPR.
III) How We Share Personal Data
Examples of services which may give contractors or service providers access to personal data include: ● hosting our websites and services; ● hosting our email server; ● processing your payments; ● maintaining, enhancing, or adding to the functionality of our websites; ● processing and fulfilling orders; ● collecting web analytics data; and g. enabling us to send you email, or performing other administrative services.
If you participate in taking the HBDI® thinking preference assessment or other assessments offered by us, we may share your contact information, assessment responses, and assessment results with certified practitioners who have been accredited by Herrmann to administer assessments and interpret assessment results and reports. We may also share such data with persons assisting certified practitioners and with others who are involved in administering and coordinating assessments. Before receiving your data, all persons described in this paragraph must have: (i) agreed to protect the data and to use it only in accordance with the terms of the Access Agreement which you may review here. and (ii) been determined by authorized Herrmann personnel to have a legitimate need to access assessment data in order to facilitate, administer or coordinate assessments.
IV) Transfers of Personal Data Subject to Appropriate Safeguards
We have further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please contact the independent recourse mechanism listed below.
NON-HR RECOURSE MECHANISM http://www.bbb.org/EU-privacy-shield/for-eu-consumers (BBB EU Privacy Shield Program) If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at: https://www.privacyshield.gov/article?id=ANNEX-I-introduction b. In other cases, we will seek your prior consent before transferring your personal data to countries not determined to ensure an adequate level of data protection within the meaning of the applicable data protection laws and regulations
D) Criteria and Time Period for Retaining Personal Data
We may retain your personal data for a period of time consistent with the original purpose of its collection. In most cases, this means that we will retain your personal data indefinitely. We also may retain your personal data during the period of time needed for us to pursue our legitimate business interests, conduct audits, comply with our legal obligations, resolve disputes and enforce our agreements.
E) Rights Available to You
Persons whose personal data is governed by the GDPR have several rights related to the processing of such personal data. These rights include the right to request access to personal data (Art. 15 GDPR) to rectification of personal data (Art. 16 GDPR), to erasure of personal data / right to be forgotten (Art. 17 GDPR), to restrict processing of personal data (Art. 18 GDPR), to object to processing of personal data (Art. 21 GDPR), to data portability (Art. 20 GDPR), and the right to lodge a complaint with a supervisory authority. In cases where you have given us your consent to collect and use your personal data, you have the right to withdraw that consent at any time (without affecting the lawfulness of processing based on your consent before its withdrawal). You may direct such requests to: Herrmann International,Inc P.O. BOX 389 Forest City NC 28043 email@example.com
Further information about these rights can be seen below:
I) The right to request access to personal data (Art. 15 GDPR)
You have the right to obtain confirmation from us to whether we process personal data about you, and, where that is the case, access to the personal data and certain information about how and why we process your personal data.
II) The right to rectification of personal data (Art. 16 GDPR)
You have the right to rectification and/or completion if the personal data concerning you is incorrect or incomplete.
III) The right to be forgotten / Right to erasure (Art. 17 GDPR)
You have the right to obtain the erasure of your personal data where one of the following grounds applies: ● Your personal data is no longer necessary in relation to the purpose for which they were collected or otherwise processed ● You withdraw consent and we have no other legal ground for the processing ● Your personal data have been unlawfully processed ● Your personal data has to be erased for compliance with a legal obligation ● Your personal data is collected in the context of information society services pursuant to Art. 8 para. 1 GDPR.
IV) The right to restrict processing of your personal data (Art. 18 GDRP)
You have the right to restrict processing of your data under the following conditions: ● The accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data ● Your personal data have been unlawfully processed and you request the restriction of processing instead of deletion ● We no longer need the personal data for the purpose of the processing, but the personal data is required by you for the establishment, exercise or defense of legal claims ● If you have objected to processing pursuant to Art. 21 para. 1 and it has not been determined whether the legitimate grounds of us override those of you.
V) The right to object to processing of your personal data (Art. 21 GDPR)
You have the right to object to our processing of your personal data based on legitimate interests (Art. 6 para. 1 lit. f GDPR), for the performance of a task carried out in the public interest (Art. 6 para. 1 lit. e GDPR) or for direct marketing purposes.
VI) The right to data portability (Art. 20 GDPR)
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format. Furthermore you have the right to transmit those data to another controller without hindrance from us, as far as: ● The processing is based on consent or on a contract pursuant to Art. 6 para. 1 lit. b GDPR ● The processing is carried out by automated means.
VII) The right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with the supervisory authority in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. You are not required to provide us with any personal data we may request. However, if the requested information is necessary for us to provide any product, service or information requested by you, we will be unable to fulfill your request.
F) How We Store Personal Data
G) Anonymized Data
We may use, transfer, sell, and share aggregated, anonymous data, which does not include any personal data, about our website’s users as a group for any legal business purpose, such as analyzing usage trends, generating reports and insights on the relationships within the data as well as with other data sets, providing services on the basis of the data, or seeking compatible advertisers, sponsors, clients, and customers.
We do not knowingly market our products or services to, and do not solicit or collect information from, children under the age of 16. We may ask users for their age to ensure that we are not collecting information from children under age 16 or to identify when additional steps may be necessary in connection with information collected from persons who have not reached the age of majority in the jurisdiction in which they reside. If we learn that we have collected personal data from a child under age 16 without parental consent, we will delete that information as quickly as possible. If you believe that we might have any personal data from or about a child under 16, please contact us at: firstname.lastname@example.org.
This policy may be amended from time to time, consistent with the requirements of any applicable laws. We will post the revised version on our website and update the "Effective" date above to reflect the date of the changes.