Effective on: May 2, 2019
Introduction and Scope
- our hosted Emergenetics+ web application located at plus.emergenetics.com;
- our hosted ESP web application located at esp.emergenetics.com;
- our STEP website located at step.emergenetics.com;
- our Emergenetics+ mobile application for iOS and Android;
- our website, located at emergenetics.com; and
- our offline mailing system (collectively, the “Emergenetics Platform” or the “Platform”).
The data subjects whose personal data we process within the context of this Policy include individuals who have taken one of our proprietary psychometric profiles, including, without limitation, the Emergenetics Profile, a STEP Youth Report, and/or an ESP Candidate Report (each, a “Profile”), including Emergenetics Associates and other representatives of our Partners (as defined below) who took a Profile as part of their Emergenetics training.
This Policy does not apply to personal data we collect by other means, such as personal data that we receive through our sales and marketing systems or personal data concerning our employees.
Categories of Personal Data
We may process the following types of personal data:
- biographical information such as your first, last name, gender, and the language you speak;
- contact information such as your email address, mailing address, and phone number;
- professional information, such as your role/job title or function; and
- to the extent they constitute personal data under the law, your responses to questions in a Profile.
In the context of this Policy, Emergenetics typically acts as a joint data controller for the data we process with each of our Partners. If you sign up to use our services directly via our website as an individual participant or by invitation from an Emergenetics Associate located in the United States, Emergenetics acts as a data controller for your personal data.
Basis of Processing
Within the scope of this Policy, we may rely on one or more of the following legal grounds for processing your personal data:
- the need to perform our obligations under a contract, such as the Emergenetics User Agreement, or to perform related pre-contractual duties;
- the need to pursue our legitimate interests or those of our customers, such as providing Emergenetics psychometric profiling services to our customers or facilitating the provision of such services by our customers to their employees;
- your consent; and
- any other ground, as required or permitted by law in the specific respective context.
Purpose of Processing
We process personal data for the purposes of:
- creating a psychometric profile of your personality based on your responses to Profile questions;
- where applicable, creating a Candidate Report of your work preferences and abilities based on your responses to an ESP assessment question;
- where applicable, enabling your use of the Platform;
- where applicable, responding to client companies for debriefing purposes related to Profiles;
- where applicable, sending you information about your Profile results by mail;
- where applicable, sending you email marketing communications relating to Emergenetics which we think may be of interest to you; and
- responding to your inquiries, and/or other requests;
- sending you email notifications about updates or changes to the Platform or our services;
- performing research and analysis to ensure that the Profiles remain accurate and current with societal norms.
When the purposes of processing are satisfied, we will delete such personal data within six months.
Sharing Personal Data with Other Emergenetics Users
The Emergenetics Platform includes a social feature called “Connections” which allows you to connect with and share your Profile with other Users. You have complete control over whether your Profile is private or public. Private Profiles are not searchable by other Users of the Platform. If you choose to make your Profile public, other Users will have the ability to search for you by your name and email address, and to send a request to connect. Each User can send requests to connect with other Users, and each User can decide whether or not to accept a request to connect. If you choose to connect with another Platform User, that User will be able to see your Profile, including your name, contact information, and information about your personality type as determined by the Emergenetics Platform.
Sharing Personal Data with Service Providers
We share personal data with our service providers, who process personal data on behalf of Emergenetics. Such third parties include those:
- providing web and application hosting services; and
- providing software development services.
Our service providers may be located outside of the United States; however, we will either obtain your explicit consent to transfer your personal data to such third parties, or we will require that those third parties maintain at least the same level of confidentiality that we maintain for such personal data. Emergenetics remains liable for the protection of your personal data that we transfer to our service providers, except to the extent that we are not responsible for the event giving rise to any unauthorized or improper processing.
Sharing Personal Data with Emergenetics Partners
Emergenetics works with a variety of individuals and organizations in the Americas, Europe, and Asia to bring Emergenetics science to participants around the world. Our partners are Emergenetics client organizations, independent Emergenetics, STEP, and ESP Associates, Country Representatives, Domain Administrators, and other third parties providing Emergenetics services globally (collectively, the “Emergenetics Partners” or the “Partners”).
In order to process your Profile(s), Emergenetics shares data with our Partners, who typically act as joint controllers with Emergenetics over the personal data processed via the Platform. If you took a Profile at the invitation of an Emergenetics, STEP, or ESP Associate, are an employee or member of a corporate client or client organization, or are a STEP participant, we likely received your data from a Partner. Emergenetics shares your personal data with its Partners in order to provide the Platform and services to you.
Other Disclosure of Your Personal Data
We may disclose your personal data (i) to the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to: in response to subpoenas, search warrants, or court orders, or (ii) if we sell or transfer all or a portion of our company’s business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring, or other company change, or (iii) to our subsidiaries or affiliates only if necessary for business and operational purposes as described in the section above.
We reserve the right to use, transfer, sell, and share aggregated, anonymous data, which does not include any personal data, about users of our Platform and services as a group for any legal business purpose, such as analyzing usage trends and seeking compatible advertisers, sponsors, clients, and customers.
If we must disclose your personal data in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your personal data will maintain the privacy or security of your personal data.
We will never sell your personal data to advertisers or marketers.
If you are a current Emergenetics client or user, we may send you occasional marketing newsletters. You will always have the ability to opt out or unsubscribe from marketing emails.
If you are not a current Emergenetics client or user, we will never send you any marketing materials without your express permission.
Data Integrity & Security
Emergenetics has implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect personal data from unauthorized processing such as unauthorized access, disclosure, alteration, or destruction.
Access & Review
If you are a data subject about whom we store personal data, you may have a right to request access to, and the opportunity to update, correct, or delete, such personal data. To submit such requests or raise any other questions, please contact the Emergenetics Partner that initially collected your personal data or contact Emergenetics directly by one of the methods described in the “Contact Us” section below.
Restriction & Objection to Processing; Portability
If you are a data subject whose personal data we process, you may have the right to ask that we limit our processing of your personal data, as well as the right to object to our processing of your personal data. To exercise such rights, where applicable, please contact us using the information in the Contact Us section of this Policy.
EU-U.S. and Swiss-U.S. Privacy Shield Frameworks
With respect to personal data processed in the scope of this Policy, Emergenetics complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework (the “Privacy Shield”) as adopted and set forth by the U.S. Department of Commerce regarding the processing of personal data. Emergenetics commits to adhere to and has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.
VeraSafe Privacy Program
Emergenetics is a member of the VeraSafe Privacy Program, meaning that with respect to personal data processed in the scope of this Policy, VeraSafe has assessed Emergenetics’ data governance and data security for compliance with the VeraSafe Privacy Program Certification Criteria. The certification criteria require that participants maintain a high standard for data privacy and implement specific best practices pertaining to notice, onward transfer, choice, access, data security, data quality, recourse, and enforcement.
Where a privacy complaint or dispute cannot be resolved through Emergenetics’ internal processes, Emergenetics has agreed to participate in the VeraSafe Privacy Shield Dispute Resolution Procedure. Subject to the terms of the VeraSafe Privacy Shield Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Privacy Shield Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/
If your dispute or complaint can’t be resolved by us, nor through the dispute resolution program established by VeraSafe, you may have the right to require that we enter into binding arbitration with you pursuant to the Privacy Shield’s Recourse, Enforcement and Liability Principle and Annex I of the Privacy Shield.
In the United States, Emergenetics is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
If you are a data subject whose personal data we process, you may also have the right to lodge a complaint with a data protection regulator in one or more of the European Union member states.
If we make any material change to this Policy, we will post the revised Policy to this webpage and update the “Effective” date above to reflect the date on which the new Policy became effective.
If you have any questions about this Policy or our processing of your personal data, please write to our General Manager by email at firstname.lastname@example.org or by postal mail at:
ATTN: General Manager
2 Inverness Dr East, Suite 189
Centennial, CO 80112
Please allow up to four weeks for us to reply.
VeraSafe is Emergenetics’ representative in the European Union (Article 27 representative). To contact VeraSafe, please use this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative
Alternatively, VeraSafe can be contacted at:
|VeraSafe Czech Republic s.r.o
Prague 1, 11002
|VeraSafe Ireland Ltd
Unit 3D North Point House
North Point Business Park
New Mallow Road