O.C. Tanner Privacy Policy
Last Modified: June 28, 2018
O. C. Tanner and its affiliates ("OCT," "we," or "us") respect your privacy. This Privacy Policy describes how we collect, use, disclose, protect, and store information you provide to us when you use the services we make available via our websites and mobile applications (collectively, the "Services"), and the choices we offer you regarding our collection and use of such information.
OCT provides employee recognition and engagement services to its clients. Within the Services, specific portions are available only to OCT clients, with each client having a dedicated portion (each, a "Client Recognition Platform"). In some cases where your employer is an OCT client, OCT and your employer may have a written agreement that sets forth additional obligations with respect to the gathering and use of personal information via your employer’s Client Recognition Platform. To the extent any such obligations are more restrictive than those set forth in this Privacy Policy, OCT will comply with such more restrictive obligations while you are accessing the Services via your employer’s Client Recognition Platform.
PLEASE REVIEW THIS PRIVACY POLICY CAREFULLY. This Privacy Policy is incorporated into and made a part of our Terms of Use. By using the Services, you accept the terms of this Privacy Policy and our Terms of Use and consent to our collection, use, processing, disclosure, and retention of your information as described in this Privacy Policy. IF YOU DO NOT AGREE WITH ANY PART OF THIS PRIVACY POLICY OR OUR TERMS OF USE, THEN PLEASE DO NOT USE ANY OF THE SERVICES.
Information We Collect
Personal Information
We may collect personal information about you, meaning information that can uniquely identify you, such as:
- Your name and contact information;
- Information about your relationship with your employer;
- Information related to your employment: employee identification number, email address, hire date;
- Purchases, submissions, and redemptions you make using our Services; and
- Content such as messages, comments, photos, videos, and other information that you submit.
Payment Information
If you make a purchase when using the Services, our third-party payment processor may collect your payment card or bank account number, payment card expiration date and security code, and other payment details, as well as other personal information, in order to complete your purchase.
Location Information
If you access and use the Services on a mobile device and your mobile device’s settings allow it, we may collect information about your real-time location. Please see the "Your Choices" section below for information regarding how to limit the location information that we may collect when you access and use the Services on a mobile device.
Experience Information
We may conduct surveys at the request of your employer. We may also conduct marketing surveys for data research purposes, where we analyze the answers in the aggregate. We may ask for contact details in the event we need to verify or validate answers.
Anonymous Information
The information we may collect by automated means may include, without limitation:
- Information about the devices you use to access the Services (such as the IP address and the type of the device, operating system, web browser type, and mobile network information).
- Anonymous information regarding your access to and use of the Services, such as:
- Traffic data and logs;
- Actions taken when using the Services (such as searches, page views, and website navigation patterns);
- Dates and times;
- Duration of use of the Services (including whether you are a repeat or first time visitor); and
- Demographic information, in conjunction with voluntary, anonymous research surveys.
Website Usage Information
When you use the Services, we may also collect certain information by automated means, such as cookies and web beacons. A "cookie" is a text file that websites send to a visitor’s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. Some content or applications available through the Services may employ the use of third-party cookies served by third parties. We do not collect personal information through our own, or third-party cookies. We use cookies to identify the fact that you are a prior website visitor.
A "web beacon," also known as an Internet tag, pixel tag, or clear GIF, is used to transmit information about actions of the user opening the page or email containing the beacon back to a web server. We, and our subsidiaries, may use web beacons through our Services, including on our websites, in our emails, in our advertisements on other websites, or in our advertisements in others' emails. We utilize web beacons to measure visitor behavior, to help us improve visitor experience, and to manage website content.
How information is used
We use the information we collect to administer our employee recognition and engagement business, including to administer our "Wall of Fame", a social media platform which allows employees to post real-time recognition of achievements and add likes and comments to others' posts. Information posted on the Wall of Fame is shared across teams and departments within your company. If you do not wish to utilize the Wall of Fame or the platform, you may opt out at any time by contacting your program administrator or emailing privacy@octanner.com.
We may contact you to respond to your questions and comments or to provide customer support. We also may contact you to measure your interest in various services or special offers, to facilitate reward redemption, and to inform you about new products and services. We may disclose personal information about you to contractors, service providers, and other third parties in order to provide our services to you. Our third-party service providers are allowed to only use the information solely for the purpose of processing your request or arranging delivery of your requested product or service.
We use data collection tools through the Services to enable us to recognize you when you visit certain third-party websites in order to deliver advertisements about our Services that may be relevant to you. We also use the data we collect to analyze trends and statistics regarding use of our website and transactions conducted on the Services, to protect against and prevent fraud and unauthorized transactions, to enforce our Terms of Use, and other agreements, and to comply with applicable legal requirements and industry standards.
We may disclose personal information about you to: a buyer or other transferee in the event of a merger, divestiture, restructuring, reorganization, dissolution, sale, or other transfer of some or all of our assets, if the information in question is publicly available; if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of OCT, users of our website, or others; or if required in response to any lawful request by public authorities, including to meet national security or law enforcement requirements.
We do not share, sell, rent, or trade personal information with third parties for their promotional purposes. We may disclose aggregated information about our users, and other information that does not identify any specific user, without restriction.
Any personal information collected about visitors through the Services may be processed in the United States by us or by a party acting on our behalf. When you provide personal information to us through the Services, you consent to the processing of your data in the United States. The Services are hosted in the United States. For additional information about specific jurisdictional data transfer mechanisms, please contact legal@octanner.com
Your choices
For further information about disabling cookies you can visit www.allaboutcookies.org. If you choose to decline cookies, you may not be able to login or use other interactive features of our Services that depend on cookies.
If you receive an email from us regarding new products or services, you may request to be removed from our database list by clicking the "UNSUBSCRIBE" link at the bottom of the email message or by sending an email with "UNSUBSCRIBE" in the subject line to info@octanner.com that explains the desire to stop receiving communications and gives us the address (email and/or physical) to be removed, and we will promptly unsubscribe you.
You may disable the geo-location features of your mobile device or forego using our mobile applications, if you do not wish to make your location known.
Access and correction
If you become aware that information that we maintain about you in connection with a Client Recognition Platform is inaccurate, or if you wish to update or review your information, please contact your human resources department. They will either make the changes directly or contact us to take reasonable steps to permit you to correct, amend, or delete information that is demonstrated to be inaccurate. In all other cases where you would like to review or update your information, you may send your request to info@octanner.com, along with the correct information.
You will need to provide sufficient identifying information, such as name and address. We may request additional identifying information to confirm your identity and/or as a security precaution. In addition, we may limit or deny access to personal details where providing such access would be unreasonably burdensome or expensive in the circumstances. In some circumstances, OCT may charge a reasonable fee, where warranted, for access to personal information.
How Information is Retained and Secured
We retain information only as long as it is necessary and relevant for our operations. In addition, we retain personal information as necessary to comply with applicable law, prevent fraud, resolve disputes, troubleshoot problems, assist with any investigation, enforce the Terms of Use, and perform other actions permitted by law.
We employ industry standard security measures designed to protect the security of personal information submitted through the Services. We cannot be responsible for the acts of those who gain unauthorized access and we make no warranty we will prevent unauthorized access to your personal information. Additionally, the security of information transmitted through the Internet can never be guaranteed. We receive personal information transmitted to us through the Internet in encrypted format, when supported by our clients. We are not responsible for any interception or interruption of any communications through the Internet or for changes to or losses of data resulting from Internet transmission. We cannot ensure the confidentiality, integrity, or availability of the information from a Client Recognition Platform once it is accessed by the client to whom that portion of the Services is dedicated, nor can we limit how that client will use your information.
Users of the Services are responsible for maintaining the security of any password, user ID, or other form of authentication involved in obtaining access-protected or secure areas of the Services. In order to protect you and your data, we may suspend your use of any of the Services, without notice, pending an investigation, if any breach of security is suspected. Access to and use of protected and/or secure areas of any of the Services are restricted to authorized users only. Unauthorized access to such areas is prohibited and may lead to criminal prosecution.
Linked Services (Third Party Services)
The Services may contain links to third-party websites and services ("Third Party Services") with which we have no affiliation. A link to any Third Party Service does not mean that we endorse it or the quality or accuracy of information presented on it. If you decide to visit a Third Party Service, you are subject to its privacy policy and practices and not this Privacy Policy. We encourage you to carefully review the legal and privacy notices of all Third Party Services that you visit.
Special Provisions
Not Child Directed
We do not intentionally collect personally identifiable information about children under the age of 13. If you are under the age of 18 (but at least 13 years of age), you may use the Services only under the supervision of a parent or legal guardian who agrees to be bound by the Terms of Use. Children under the age of 13 may not use the Services, and parents or legal guardians may not agree to the Terms of Use on their behalf.
Some clients may opt to configure the Services to allow minor employees to post user-generated content through the Services. In such cases, minors, may delete and modify their user-generated content at any time using the same service used to create it. Alternatively, users may contact info@octanner.com for assistance with removing user-generated content. Such removal does not ensure complete or comprehensive removal of that information.
How We Respond to Do Not Track Signals
Some web browsers (including Safari, Internet Explorer, Firefox, and Chrome) incorporate a "Do Not Track" (DNT) or similar feature that signals to digital services that a visitor does not want to have his/her online activity tracked. If a digital service that responds to a particular DNT signal receives the DNT signal, the browser can block that digital service from collecting certain personal information about the browser's user. Not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, we and many other digital service operators do not respond to DNT signals. For more information about DNT signals, visit http://allaboutdnt.com.
EU-U.S. Privacy Shield
OCT self-certifies compliance with the U.S. - European Union ("EU") Privacy Shield Framework as set forth by the U.S. Department of Commerce and Swiss–U.S. Privacy Shield Framework regarding the collection, use, and retention of personal information from the European Union to the United States. OCT has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit www.privacyshield.gov. OCT’s participation in the Privacy Shield applies to all personal information that is subject to this Privacy Policy and is received from individuals who are resident in the European Union, European Economic Area, and Switzerland.
Where there is onward transfer of personal data of EU individuals to third parties, OCT requires such third parties who perform services for us to treat personal information securely and to restrict their access, use, and disclosure of such personal data in a manner consistent with our Privacy Shield obligations. If any such third party fails to so comply, OCT may have liability to the extent OCT is responsible for the event giving rise to the damage.
In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Policy should first contact OCT at legal@octanner.com.
OCT has further committed to cooperate with the panel established by the EU Data Protection Authorities ("DPAs") and the Swiss Federal Data Protection and Information Commissioner (“FDPIC”) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU and Switzerland in the context of the employment relationship. If you do not receive timely acknowledgement of your complaint from us, or if you have we have not addressed your complaint to your satisfaction, please contact the EU DPAs or the Swiss FDPIC for more information or to file a complaint. The services of the EU DPAs and the Swiss FDPIC are provided at no cost to you. Please contact us to be directed to the relevant contacts.
In addition, if you have an unresolved privacy or data use concern that we have not addressed satisfactorily, you may contact JAMS, our U.S.-based third party dispute resolution provider (free of charge).
As further explained in the Privacy Shield Principles, a binding arbitration option will also be made available to you in order to address residual complaints not resolved by any other means. OCT is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
Changes to Our Privacy Policy
OCT reserves the right to update or change this Privacy Policy at any time. If we make a change that reduces your rights in a meaningful way, we will provide you with notice within the Services. Your continued use of the Services after any amended Privacy Policy is posted constitutes your acceptance thereof. The amended Privacy Policy supersedes all previous versions. We encourage you to review this Privacy Policy periodically to check for any updates or changes.
Contact Us
Written questions or comments regarding this Privacy Policy, or our Privacy Shield certification, should be submitted to OCT as follows: