www.greatplacetowork.com Open in urlscan Pro
54.237.186.240  Public Scan

Submitted URL: https://www.greatplacetowork.com/privacy-policy
Effective URL: https://www.greatplacetowork.com/privacy-security-notice
Submission: On March 06 via manual from US — Scanned from DE

Form analysis 1 forms found in the DOM

POST https://www.greatplacetowork.com/modules/mod_exmenu/mod_exmenu.php

<form class="menu-form" method="post" action="https://www.greatplacetowork.com/modules/mod_exmenu/mod_exmenu.php"><select name="url" class="selectpicker select2-hidden-accessible" size="1"
    onchange="location.href=form.url.options[form.url.selectedIndex].value;" data-select2-id="1" tabindex="-1" aria-hidden="true" style="">
    <option value="https://www.greatplacetowork.com/" data-select2-id="3">United States</option>
    <option value="https://www.greatplacetowork.com.ar/">Argentina</option>
    <option value="http://www.greatplacetowork.com.au">Australia</option>
    <option value="https://www.greatplacetowork.at/">Austria</option>
    <option value="https://www.greatplacetowork.me">Bahrain</option>
    <option value="https://www.greatplacetowork.be/en/">Belgium</option>
    <option value="https://www.greatplacetowork.com.bo/">Bolivia</option>
    <option value="http://www.gptw.com.br/">Brazil</option>
    <option value="https://www.greatplacetowork.ca/en">Canada (English)</option>
    <option value="https://www.greatplacetowork.ca/fr">Canada (French)</option>
    <option value="https://greatplacetoworkcarca.com">Central America &amp; Caribbean (Spanish)</option>
    <option value="http://greatplacetowork.cn/">China (English)</option>
    <option value="https://www.greatplacetowork.cn/ch/">China (Chinese simplified)</option>
    <option value="http://www.greatplacetowork.cl">Chile</option>
    <option value="https://www.greatplacetowork.com.co/es/">Colombia</option>
    <option value="https://www.greatplacetowork.com.cy/">Cyprus</option>
    <option value="https://www.greatplacetowork.dk/">Denmark</option>
    <option value="https://www.greatplacetowork.com.ec/es/">Ecuador</option>
    <option value="https://www.greatplacetowork.fi/">Finland</option>
    <option value="http://www.greatplacetowork.fr">France</option>
    <option value="http://www.greatplacetowork.de">Germany</option>
    <option value="https://www.greatplacetowork.com.gh">Ghana</option>
    <option value="http://www.greatplacetowork.gr">Greece</option>
    <option value="https://www.greatplacetowork.com.hk/">Hong Kong (English)</option>
    <option value="http://www.greatplacetowork.is">Iceland</option>
    <option value="http://www.greatplacetowork.in">India</option>
    <option value="https://greatplacetowork.co.id/">Indonesia</option>
    <option value="http://www.greatplacetowork.ie">Ireland</option>
    <option value="https://www.greatplacetowork.co.il/">Israel</option>
    <option value="https://www.greatplacetowork.it/">Italy</option>
    <option value="http://hatarakigai.info">Japan</option>
    <option value="https://www.greatplacetowork.co.ke/en/">Kenya</option>
    <option value="http://gwpkorea.com">Korea</option>
    <option value="https://www.greatplacetowork.me">Kuwait</option>
    <option value="https://www.greatplacetowork.lu/fr/">Luxembourg</option>
    <option value="https://www.greatplacetowork.com.mx/">Mexico</option>
    <option value="http://greatplacetowork.com.mm/">Myanmar</option>
    <option value="https://www.greatplacetowork.com.ng">Nigeria</option>
    <option value="https://www.greatplacetowork.no/">Norway</option>
    <option value="https://www.greatplacetowork.me">Oman</option>
    <option value="https://www.greatplacetowork.com.py/">Paraguay</option>
    <option value="https://www.greatplacetowork.com.pe/">Peru</option>
    <option value="https://www.greatplacetowork.com.ph/">Philippines</option>
    <option value="https://www.greatplacetowork.pl/">Poland</option>
    <option value="https://www.greatplacetowork.pt/">Portugal</option>
    <option value="https://www.greatplacetowork.me">Qatar</option>
    <option value="https://www.greatplacetowork.me">Saudi Arabia (English)</option>
    <option value="https://www.greatplacetowork.com.sg">Singapore</option>
    <option value="http://www.greatplacetowork.es">Spain</option>
    <option value="https://www.greatplacetowork.lk">Sri Lanka</option>
    <option value="http://www.greatplacetowork.se">Sweden</option>
    <option value="https://en.greatplacetowork.ch/">Switzerland (English)</option>
    <option value="https://fr.greatplacetowork.ch/">Switzerland (French)</option>
    <option value="https://www.greatplacetowork.ch/">Switzerland (German)</option>
    <option value="http://www.greatplacetowork.nl">The Netherlands</option>
    <option value="http://www.greatplacetowork.com.tr">Türkiye</option>
    <option value="https://www.greatplacetowork.me">UAE</option>
    <option value="http://www.greatplacetowork.co.uk">United Kingdom</option>
    <option value="https://www.greatplacetowork.com.uy/">Uruguay</option>
    <option value="https://www.greatplacetowork.com.vn/">Vietnam</option>
    <option value="https://www.greatplacetowork.com.ve/">Venezuela</option>
  </select><span class="select2 select2-container select2-container--default" dir="ltr" data-select2-id="2" style="width: 150px;"><span class="selection"><span class="select2-selection select2-selection--single" role="combobox" aria-haspopup="true"
        aria-expanded="false" tabindex="0" aria-labelledby="select2-url-1f-container"><span class="select2-selection__rendered" id="select2-url-1f-container" role="textbox" aria-readonly="true" title="United States">United States</span><span
          class="select2-selection__arrow" role="presentation"><b role="presentation"></b></span></span></span><span class="dropdown-wrapper" aria-hidden="true"></span></span><input name="submit" type="submit" value="Go"
    class="menu-form-submit-autohide"></form>

Text Content

Unlock the secret to loyal employees with our latest report.

MENU
United StatesArgentinaAustraliaAustriaBahrainBelgiumBoliviaBrazilCanada
(English)Canada (French)Central America & Caribbean (Spanish)China
(English)China (Chinese
simplified)ChileColombiaCyprusDenmarkEcuadorFinlandFranceGermanyGhanaGreeceHong
Kong
(English)IcelandIndiaIndonesiaIrelandIsraelItalyJapanKenyaKoreaKuwaitLuxembourgMexicoMyanmarNigeriaNorwayOmanParaguayPeruPhilippinesPolandPortugalQatarSaudi
Arabia (English)SingaporeSpainSri LankaSwedenSwitzerland (English)Switzerland
(French)Switzerland (German)The NetherlandsTürkiyeUAEUnited
KingdomUruguayVietnamVenezuelaUnited States
 * Customer Login
 * Search

 * Certification
   * Earn Certification
   * Certified Companies
   * Webinar: How to earn Certification
   * Customer Reviews
 * Offerings
   * Certification
   * Employee Surveys
   * Employer Awards
   * Culture Newsletter
 * Best Workplaces Lists
   * Apply to Get On a List!
   * List Application Deadlines
   * FORTUNE 100 Best Companies to Work For®
   * Best Companies to Work For in the US
   * PEOPLE Companies that Care®
   * World's Best Workplaces™ 2023
   * Best Small & Medium Workplaces
   * Best Workplaces for Parents™
   * Best Workplaces for Millennials™
   * Best Workplaces for Women™
   * International Lists
   * View All Lists
 * Insights
   * Blog
   * Podcast
   * Reports
   * Case Studies
   * Videos
   * See All
 * Events
   * FOR ALL™ Summit
   * Certification Nation Day
   * Webinars
 * About Us
   * Our Mission
   * Our Team
   * Our CEO
   * Our Book
   * Careers
   * FAQ

SUBSCRIBE  CONTACT US


GREAT PLACE TO WORK PRIVACY & SECURITY NOTICE

 * Scope

 * What is Personal Information?
 * Links to Third-party Websites

 * GPTW’s Privacy Practices Affecting Users of Our Site

 * Sources of Personal Information We Collect From Site Visitors:
 * Information Collected Directly From Website Visitors Including Job Applicants
 * Information Provided by Third Parties or Publicly Available Sources
 * Information Collected by Cookies
 * Information Collected for Analytics
 * Information Collected Directly From Social Media Features
 * Other Information
 * Why We Use Your Personal Information
 * Disclosure of Your Personal Information
 * Choosing Not to Share Your Personal Information
 * Site Security

 * GPTW’s Privacy Practices Affecting Users of Our Product

 * Information We Collect
 * Use of Information We Collect
 * Data Retention
 * Disclosure of Personal Information

 * Protecting Your Information

 * Product Security
 * Access Provisioning and Review
 * Endpoint Security
 * Vulnerability Management
 * Backup and Disaster Recovery
 * Data Classification, Handling, and Labeling

 * Global Laws and Regulations

 * General Data Protection Regulation (GDPR)
 * California Residents – California Privacy Notice
 * International Transfers of Personal Information
 * Data Privacy Framework (DPF)
 * Data Processing
 * Data Subject Rights

 * Updates To Our Global Privacy & Security Notice
 * How To Contact GPTW

At Great Place To Work Institute, Inc. (“GPTW”, “we”, and/or “us”) we take
security and privacy seriously. GPTW is committed to protecting the privacy of
the individuals (“visitors,” “users,” and/or “you”) who visit our website and
subpages located at https://www.greatplacetowork.com (the “Site”) or use our
products and services.




SCOPE

This Privacy & Security Notice describes GPTW’s privacy practices in connection
with:

 * Your use of the Site
 * The GPTW products and services accessed by GPTW’s customers, partners or end
   users (hereafter, the “Product”)


This Privacy & Security Notice does not cover GPTW’s privacy practices for:

 * GPTW employees, contractors, or job applicants
 * Children and/or Minors. Our Site is neither designed nor intended for any
   visitors under 18 years of age. If you have any reason to believe that a
   visitor to our Site is under 18 years old, please contact us,
   at privacy@greatplacetowork.com and we will endeavor to delete the
   information from our databases.



WHAT IS PERSONAL INFORMATION?

For purposes of this Privacy & Security Notice, personal information means
information collected by GPTW relating to an identified or identifiable natural
person and includes similar terms as defined by various jurisdictions.



LINKS TO THIRD-PARTY WEBSITES

For your convenience, the Site may contain links to third-party websites and/or
information. When you access those links, you leave GPTW’s Site and are
redirected to a third-party website. GPTW does not control third-party websites,
and the privacy practices of third parties might differ from GPTW’s privacy
practices. We do not endorse or make any representations about third-party
websites. When you share personal information with third-party websites, the
third-party processing is not covered by this Privacy & Security Notice. We
encourage you to review the privacy policy of any website or company before
sharing personal information.

--------------------------------------------------------------------------------




GPTW’S PRIVACY PRACTICES AFFECTING USERS OF OUR SITE



SOURCES OF PERSONAL INFORMATION WE COLLECT FROM SITE VISITORS:

GPTW collects personal information from individuals who access our Site,
including:

 * Directly from a website visitor
 * From service providers or other third parties; and
 * Automatically from a web visitor’s visit or activity on our site



INFORMATION COLLECTED DIRECTLY FROM WEBSITE VISITORS INCLUDING JOB APPLICANTS

GPTW collects personal information when you visit our Site and when you choose
to provide personal information. For example, we collect information when you
contact us via our Site, provide your email, phone number or other similar
contact information, such as the information that you provide when you sign up
for a webinar.

WHAT WE COLLECT

The personal information collected from a visitor to our Site may include:

 * Name
 * Company
 * Job Title
 * Address
 * Phone Number
 * Email Address

The personal information collected from an applicant or employee of GPTW
includes, but is not limited to:

 * Personal Identifiers (Name, Address, Age, Date of Birth, Social Security
   Number);
 * Professional or Employment-related Information (Employment Record, Salary);
 * Education Information; and
 * Personal/Professional Contact Information

If you register to attend a GPTW sponsored Event, we may require certain data in
some instances, including:

 * Emergency contact
 * Dietary preferences
 * Health and safety information
 * Billing information (such as billing name, billing address, and credit card
   number)



INFORMATION PROVIDED BY THIRD PARTIES OR PUBLICLY AVAILABLE SOURCES

We may receive information about you from other sources and combine that
information with the information we collect directly. Examples of information we
may receive from other sources include: purchased business contact information
and from publicly accessible websites, such as your company’s website,
professional network services, or press releases.

Business contact information may include:

 * First name
 * Last name
 * Business email
 * Telephone number
 * Company name
 * Job level
 * Functional role
 * Business street address
 * Online identifier
 * Employment history

We use this data for our internal customer analytics, to identify prospective
customer marketing opportunities, and to improve the relevance of our Site
content and our advertising.



INFORMATION COLLECTED BY COOKIES

Like many websites, GPTW uses cookies and similar tracking technologies
(including for analytics, functionality, advertising, and other purposes).

You can set your Internet browser or operating system settings to stop accepting
new cookies, to receive notice when you receive a new cookie, to disable
existing cookies, to omit images (which will disable pixel tags) or adjust your
tracking preferences. Note that the opt-out will apply only to the browser that
you are using when you elect to opt out of advertising cookies. Without cookies
or pixel tags though, you may not be able to take full advantage of our sites’
features.



INFORMATION COLLECTED FOR ANALYTICS

Our Site may record information concerning how often you use the application,
the events that occur within the application, aggregated usage, performance
data, your IP address. We do not link the information we store within the
analytics software to any personal information you submit within the Site.

If you use certain systems provided by GPTW, we will collect data from you to
enable multifactor authentication, such as mobile number, email address, or
unique verification identifier.



INFORMATION COLLECTED DIRECTLY FROM SOCIAL MEDIA FEATURES

Our website may host various blogs, forums, wikis, and other social media
applications or services that allow you to share content with other users
(collectively “Social Media Applications”). Any personal information or other
information that you contribute to any Social Media Application can be read,
collected, and used by other users of that Social Media Application over whom we
have little or no control. Therefore, we are not responsible for any other
user’s use, misuse, or misappropriation of any personal information or other
information that you contribute to any Social Media Application.



OTHER INFORMATION

If GPTW collects any other personal information from you, we will explain which
personal information is collected and the purpose for its collection.



WHY WE USE YOUR PERSONAL INFORMATION

Our purposes of processing personal information include:

 * To fulfill the purpose(s) for which the information was collected or
   provided, including to communicate with you and respond to your inquiries and
   requests;
 * To improve our site, products and services, through testing, research,
   analysis and product development;
 * To market, advertise, and promote our products and services, such as to make
   suggestions and recommendations to you about products or services that may be
   of interest to you;
 * To provide training related to the products and services, such as making
   available training materials or events (whether in-person or online) for
   which we may use your personal information to provide notices and information
   regarding such training and events;
 * For security, audit, internal investigation, and fraud prevention purposes,
   such as to prevent unauthorized access or disclosure, to maintain data
   accuracy, to protect the confidentiality, integrity, and availability of your
   personal information; to allow only the appropriate use of your personal
   information; to identify any fraudulent, harmful, unauthorized, unethical or
   illegal activity;
 * To manage litigation, such as in connection with establishing, exercising, or
   defending our legal rights where it is necessary for our legitimate interests
   or the legitimate interests of others;
 * To improve the content and format of our Site by using cookies and other
   similar technologies, such as to measure the preferences of our Site
   visitors, analyze trends, administer the Site, analyze use of the Site, and
   to gather demographic information about visitors to the Site;
 * For other purposes for you have provided consent;
 * To aggregate or deidentify your personal information so that the information
   can no longer be linked to you or your device and use and share such data for
   any business purpose in accordance with applicable law; and
 * To comply with all applicable legal obligations, such as to comply with
   subpoenas and other court orders to process data where we have determined
   there is a legal requirement to do so.





DISCLOSURE OF YOUR PERSONAL INFORMATION

Please note, GPTW does not sell or share personal information to third parties.
The term “sell” as defined by applicable laws, means disclosure of personal
information to third parties for monetary or other valuable consideration. 

Please review each of the sections below to learn more about how we may disclose
your personal information. 

 * Affiliates, Licensees, and Subsidiaries: We might disclose your personal
   information with our affiliates, licensees, and subsidiaries in order to
   deliver a product or service or to complete a task requested by you.
   
   
 * Third-Party Suppliers or Service Providers: We might engage with third
   parties (suppliers and/or service providers) in order to deliver a product or
   service, perform certain functions such as enhancing or delivering the
   Product, or complete a task requested by you. 
   
   We have contracts with our Third-Party Suppliers or Service Providers to
   perform certain functions on our behalf, and only at our direction. Our third
   parties are bound by confidentiality agreements and other data protection
   terms designed to ensure the Third-Party Suppliers or Service Providers only
   use your personal information to the extent necessary to provide these
   contracted services in accordance with our instructions (and for the purposes
   we disclose).

In addition, GPTW might disclose personal information if we in good faith
believe that it is necessary:

 * To protect or defend our rights and property;
 * To protect against misuse or unauthorized use of our website;
 * To protect the personal safety or property of our users or the public (among
   other things, this means that, if you provide false information or attempt to
   pose as someone else, information about you may be disclosed as part of any
   investigation into your actions); and
 * To comply with the law or with legal obligations, such as with law
   enforcement officials, government authorities or other third parties in
   response to a lawful request for information by a competent authority, if we
   believe disclosure is in accordance with, or is otherwise required by, any
   applicable law, regulation, or legal process, including to meet national
   security or law enforcement requirements.



CHOOSING NOT TO SHARE YOUR PERSONAL INFORMATION

You may choose not to provide personal information. If you choose not to provide
personal information (or ask us to delete it), we may not be able to provide you
with our Site, the Site functionality may be limited, or we may not be able to
otherwise fulfill requests you submit to us. We will tell you what information
you must provide for us to fulfill your request by designating it as required at
the time of collection or through other appropriate means.



SITE SECURITY

GPTW utilizes physical, technical, and administrative controls and procedures
designed to safeguard the information we collect, prevent unauthorized access or
disclosure, to maintain data accuracy of your personal information, and to
restrict the processing of your personal information as set forth in this
Privacy & Security Notice.

We utilize a variety of physical and logical access controls, firewalls,
anti-virus, and backup systems. We use encrypted sessions when collecting or
transferring sensitive data through our Site.

We limit access to your personal information and data to those persons who have
a specific business purpose for maintaining and processing such information. Our
employees who have been granted access to your personal information are made
aware of their responsibilities to protect the confidentiality, integrity, and
availability of that information and have been provided training and instruction
on how to do so.

--------------------------------------------------------------------------------




GPTW’S PRIVACY PRACTICES AFFECTING USERS OF OUR PRODUCT

We generally market and sell our Product to businesses, not consumers. Our
commitments regarding the personal information we collect, use, and disclose
about the end users of the Product are largely driven by our contracts with
business customers. The information provided below is intended to help our
business customers understand our privacy practices. If you are an end user of
one of our products or services, you are encouraged to contact your employer
with questions about how your personal information is being collected, used, and
disclosed.



INFORMATION WE COLLECT

In most instances, GPTW customers are the controllers of the personal
information they collect, create, communicate, and store in our Product. The
types of personal information that can be stored in our Product may include, but
is not limited to:

 * End User Names
 * Company Names
 * Job Titles
 * Business Addresses
 * Email Addresses
 * Any personal information provided to us by Users of our Product, and which is
   required for us to execute our agreements with our Customers.



USE OF INFORMATION WE COLLECT

When we act as a processor, the personal information we collect is used to
deliver our products and services to Customers.  Any personal information we use
is done in accordance with our contracts with our Customers.

Because our business clients are data controllers, it is primarily them who must
undertake efforts regarding how information is collected and processed in
accordance with data-protection laws.  Therefore, if you have questions or
concerns about the processing of your information as an end user, you should
contact your employer directly or refer to its separate privacy policies. 

GPTW does not give anyone access to the personal information maintained in the
Product unless:

 * It is permitted to do so in its contract with the Customer.
 * The Customer instructs GPTW to do so;
 * The Customer consents (e.g., subprocessors used by GPTW);
 * If GPTW is legally obligated to do so; or
 * If GPTW has a legitimate interest (as defined under GDPR and other applicable
   laws) to do so.



DATA RETENTION

GPTW will only retain personal information for the length of time necessary to
fulfill the purpose(s) for which the information was collected or as required or
permitted by applicable laws, (including the resolution of disputes) and in
accordance with our customer contracts.

To determine the appropriate retention period for personal information, we
consider the amount, nature, and sensitivity of the personal information, the
potential risk of harm from unauthorized use or disclosure of the personal
information, the purposes for which we process your personal information, and
whether we can achieve those purposes through other means, and the applicable
legal requirements.

When we no longer require your personal information, we will either delete or
deidentify it or, if this is not possible, we will securely store it in
accordance with this policy and cease use of the personal information until
deletion is possible. If we deidentify your personal information (so that it is
no longer associated with you), we may retain this information for longer
periods. To support our research and enable historical comparisons, we retain
deidentified data indefinitely.



DISCLOSURE OF PERSONAL INFORMATION

We do not sell your personal information to third parties.  We may, however,
share your information with:

 * Affiliates, Licensees, and Subsidiaries:  We might share personal information
   with our affiliates, licensees, and subsidiaries in order to deliver a
   product or service or to complete a task requested by our customer.
   
   
 * Third Party Suppliers or Service Providers: We might engage with third
   parties (suppliers and/or service providers) in order to deliver a product or
   service, perform certain functions such as enhancing the Product, or complete
   a task requested by our customer. 
   
   We have contracts with our Third-Party Suppliers or Service Providers to
   perform certain functions on our behalf, and only at our direction. Our third
   parties are bound by confidentiality agreements, only have access to personal
   information to the extent necessary to provide these contracted services, and
   are only permitted to process personal information in accordance with our
   instructions (and for the purposes we disclose). 

In addition, GPTW might disclose personal information if we in good faith
believe that it is necessary:

 * To comply with the law or with a legal process
 * To protect or defend our rights and property
 * To protect against misuse or unauthorized use of our website
 * To protect the personal safety or property of our users or the public (among
   other things, this means that, if you provide false information or attempt to
   pose as someone else, information about you may be disclosed as part of any
   investigation into your actions).
 * In connection with, or during negotiations for, an acquisition, merger, asset
   sale, or other similar business transfer that involves all or substantially
   all of our assets or functions where personal information is transferred or
   shared as part of the business assets (provided that such party agrees to use
   or disclose of personal information consistent with our Privacy & Security
   Notice or gains your consent for other uses of disclosures). 

We will not cross-reference your personal information with that of any other
customer or entity. GPTW does not support “back door” access to any of its
products, services, or operations (including our data stores) by any government
or third party. GPTW does not share its encryption keys or provide the ability
to break our encryption keys with any government or third party. 

--------------------------------------------------------------------------------




PROTECTING YOUR INFORMATION

GPTW has many dedicated policies, practices, and protocols to protect our IT
infrastructure, networks, devices, and data from unauthorized access,
collection, retention, and use of sensitive, confidential, and/or proprietary
customer or user data, including personal information. These policies,
practices, and protocols include, but are not limited to:



PRODUCT SECURITY

Engineering and development access to the components that comprise the Product
is restricted using methods including, but not limited to, Single Sign-On, two
factor authentication, network segmentation, and IP restriction. Access to
servers and services inside the primary Product boundary is controlled using
centralized accounts, two-factor authentication, and bastion hosts. We employ
separation of duties between developers and operations staff to limit access to
the Product environment to those with a legitimate business need. The Product is
protected by a web application gateway and an outbound firewall with IdP. Data
is encrypted in transit and at rest using encryption that meets the current NIST
standard.



ACCESS PROVISIONING AND REVIEW



We have a policy and process for creating new accounts, adding and removing
permissions from existing accounts, and deprovisioning access upon separation.
Required approvals are collected from supervisors and application / group owners
to ensure that requests are reviewed for appropriateness by multiple leaders
before permissions are granted. In addition, we conduct a quarterly two- phase
access review that engages both supervisors and group owners. GPTW employee
permissions related to the Product that grant access to customer data are
included in this access provisioning and review process. The Product provides
customers with real-time information about the user accounts they have created
and gives them the ability to change or revoke access at any time.

Customers are responsible for managing access to the platform by creating and
revoking user accounts.



ENDPOINT SECURITY

Our employee endpoints (laptops and mobile devices) are connected to endpoint
management software. In order to sign on to any GPTW SSO protected resource
(including the Product), an employee must be using a device registered in our
endpoint management software that meets our compliance policy. The compliance
policy is designed to ensure that a device meets our standards for minimum
operating system version, hard drive encryption, secure boot/anti- rooting,
firewall enablement, anti-virus, etc. Users and administrators are notified when
a device is out of compliance. Non-compliant devices are automatically blocked
from accessing company resources once the compliance grace period expires.



VULNERABILITY MANAGEMENT

Our employee endpoints (laptops and mobile devices) as well as servers in the
Product environment are connected to vulnerability management software. We
actively scan for vulnerabilities and have a vulnerability management policy and
procedure designed to limit the number of known vulnerabilities and number of
exposed devices, according to the severity of the vulnerability. We have
periodic vulnerability management meetings to review current remediation status,
plan future remediations, manage exceptions and accepted risk, and review aged
vulnerabilities as time passes and the technical landscape evolves. On laptops
and mobile devices, we automatically update critical software (operating
systems, browsers, productivity software). Inside the Product environment, we
periodically update minor versions of operating systems, databases, and other
critical software through our change management process following validation in
pre-production environments.



BACKUP AND DISASTER RECOVERY

The Product environment is periodically backed up. All persistent data is backed
up with at least a 24 hour recovery point objective. Data that changes
frequently is backed up more frequently (up to and including continuous backup).
Backups are persisted to geo-redundant online storage at least every 24 hours to
protect against the catastrophic failure of a given data center. The majority of
our infrastructure is implemented using infrastructure as code. We have
documentation and code allowing us to build a new Product environment in the
event of a major disaster. We test our disaster recovery procedure annually.



DATA CLASSIFICATION, HANDLING, AND LABELING

We have a data classification, handling, and labeling policy. Data is classified
according to its risk. Employees receive training on the policy and its
practical implementation. We have a detailed list of all data artifacts related
to or produced by the Product that explains their classification in detail.

--------------------------------------------------------------------------------




GLOBAL LAWS AND REGULATIONS

We commit to comply with all applicable laws and regulations including, but not
limited to, the following outlined below.



GENERAL DATA PROTECTION REGULATION (GDPR)

The GDPR is a comprehensive data-protection law that regulates the processing of
personal data of European Union (EU) residents and provides individuals rights
to empower individuals by giving them more control over their personal
data. The GDPR enshrines major principles such as privacy by design,privacy by
default, and implementation of strong technical and organizational measures
designed to protect personal data.

The GDPR is not limited to the EU. It applies to all organizations that target,
collect, or use the personal data of any EU resident and mandates organizations
to:

 * Know what data they hold and have appropriate rights to use the data.
 * Be accountable and able to answer questions about what type of data they
   hold, and in some cases, delete data they no longer need.
 * Notify supervisory authorities of data breaches.
 * Use vendors that comply with the principles of the GDPR
 * Offer European Essential Guarantees by challenging governments’ requests to
   access personal data.

GPTW is committed to compliance with the GDPR and all applicable laws.  We have
enhanced process to prepare to address the rights of people in the EU and we are
prepared to answer questions from our customers as well as our employees.



CALIFORNIA RESIDENTS – CALIFORNIA PRIVACY NOTICE

The California Consumer Privacy Act (“CCPA”) and the California Privacy Rights
Act (“CPRA”) provide certain privacy-related rights to California residents. 
Learn more about GPTW privacy practices and compliance with the CCPA and CPRA.



INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

GPTW operates globally and, as such, may process personal data worldwide to
provide customer support; in connection with GPTW sub-processors, a list of
which is available below and their own sub-processors, where applicable; and in
connection with GPTW professional services. 

Strict data protection laws govern he transfer of personal data from the
European Economic Area (EEA), United Kingdom, and Switzerland, to countries
deemed by the European Commission as not offering an equivalent standard of
protection, including the United States. 

To address this requirement for our customers with operations in the EEA, the
United Kingdom, and Switzerland, GPTW has incorporated the European Commissions
approved standard contractual clauses, also referred to as the “SCCs,” into our
customer contracts. 

GPTW has started using the new SCCs, which were adopted on June 4, 2021, for all
new agreements, order forms, and other customer and supplier transaction
documents.  If you require an amendment to include the new SCCs, please reach
out to privacy@greatplacetowork.com.



DATA PRIVACY FRAMEWORK

Compliance and Certification: GPTW complies with the EU-U.S. Data Privacy
Framework (EU-U.S. DPF) and the Swiss-U.S. Data Privacy Framework (Swiss-U.S.
DPF) as set forth by the U.S. Department of Commerce.  GPTW has certified to the
U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy
Framework Principles (EU-U.S. DPF Principles) with regard to the processing of
personal data received from the European Union in reliance on the EU-U.S. DPF.
GPTW has certified to the U.S. Department of Commerce that it adheres to the
Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with
regard to the processing of personal data received from Switzerland in reliance
on the Swiss-U.S. DPF.  If there is any conflict between the terms in this
privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF
Principles, the Principles shall govern.  To learn more about the Data Privacy
Framework (DPF) Program, and to view our certification, please visit the Data
Privacy Framework website. 

Inquiries and Complaints: In compliance with the EU-U.S. DPF and the UK
Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, GPTW commits to cooperate
and comply respectively with the advice of the panel established by the EU data
protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO)
and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with
regard to unresolved complaints concerning our handling of personal data
received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF
and the Swiss-U.S. DPF.

If you believe GPTW maintains your personal data in one of the services within
the scope of our Data Privacy Framework certification, you may direct any
inquiries or complaints concerning our Data Privacy Framework compliance to
privacy@greatplacetowork.com. GPTW will respond within forty-five (45) days. If
you have an unresolved privacy or data use concern that we have not addressed
satisfactorily, please contact our U.S.-based third-party dispute resolution
provider (free of charge) at
https://feedback-form.truste.com/watchdog/request.  If neither GPTW nor our
dispute resolution provider resolves your complaint, you may have the
possibility to engage in binding arbitration through the Data Privacy Framework
Panel. For more information on this option, please see Annex I of the EU-U.S.
Data Privacy Framework Principles.  

Third parties who may receive personal data:  GPTW uses a limited number of
Third-Party Suppliers or Service Providers to assist us in providing our
services to customers. These Third-Party Suppliers or Service Providers offer
various services, including data storage services. These Third-Party Suppliers
or Service Providers may access, process, or store personal data in the course
of providing their services. GPTW maintains contracts with these third parties
restricting their access, use and disclosure of personal data in compliance with
our Data Privacy Framework obligations, including the onward transfer
provisions, and GPTW remains responsible and liable if they fail to meet those
obligations and we are responsible for the event giving rise to damage.

U.S. Federal Trade Commission enforcement:  GPTW’s commitments under the Data
Privacy Framework are subject to the investigatory and enforcement powers of the
U.S. Federal Trade Commission.

Compelled disclosure:  GPTW may be required to disclose personal information in
response to lawful requests by public authorities, including to meet national
security or law enforcement requirements. GPTW maintains transparency reports
accordingly. 



DATA PROCESSING

As part of providing the Product to you, we currently engage the following
sub-processors:

NameWebsiteDetails Microsoft Azure https://azure.microsoft.com/ Provides the
hosting environment and software development tools for the Product. AWS
https://aws.amazon.com/ Provides the hosting environment for the public Great
Place To Work website: https://www.greatplacetowork.com HTEC Group
https://htecgroup.com/ Provides software engineering and operational support
services for the Product.



DATA SUBJECT RIGHTS

In accordance with applicable law and depending on your location, you may be
entitled to exercise some or all the following rights regarding our collection,
use, and sharing of your personal information:

 * Access the personal information we maintain about you;
 * Update or correct any inaccurate or incomplete personal information about
   you;
 * Request that we delete your personal information;
 * Object to or restrict the processing of your personal information;
 * Receive the personal information you have previously provided to GPTW, in a
   machine-readable format, allowing you to transfer that personal information
   to another company at your discretion;
 * Not be subject to a decision based solely on automated processing, including
   profiling, which produces legal effects concerning you or similarly
   significantly affects you; and
 * File a complaint directly with your governmental representative (such as your
   Supervisory Authority) about how we process your personal information. 
 * Dispute resolution

Exercising Your Rights

To protect your privacy and security, we take reasonable steps to verify your
identity before granting access to your personal information. Please follow the
instructions below based on your relationship with GPTW and provide the
requested information to allow us to adequately address your request. We will
respond to your request within a reasonable timeframe and as otherwise required
by applicable law in your location.

If you are not a California resident and would like to request access to your
personal information or request erasure (right to be forgotten) of personal
information previously provided, please contact privacy@greatplacetowork.com.

If you have a question or request concerning personal information held by GPTW,
including your personal information collected through the use of the Product
please email privacy@greatplacetowork.com. To protect your privacy and security,
we may take reasonable steps to verify your identity before responding to your
request. We will respond to your request within a reasonable timeframe and as
otherwise required by applicable law in your location.





UPDATES TO OUR GLOBAL PRIVACY & SECURITY NOTICE

GPTW reserves the right to update or change portions of this statement at any
time and without prior notice. If we change or update this statement in a
material way, we will process new personal information received under this
Global Privacy & Security Notice according to the terms of this Notice, unless
you consent otherwise.

--------------------------------------------------------------------------------




HOW TO CONTACT GPTW

If you have any questions or comments about this Global Privacy & Security
Notice, GPTW’s privacy practices or if you would like us to update information
or preferences you provided to us, please e-mail us
at: privacy@greatplacetowork.com

Written responses may also be submitted to:

General Counsel
Great Place To Work® Institute, Inc.
1999 Harrison Street, Suite 2070
Oakland, CA 94612

Last Updated: 2024-29-01




 * Offerings
   * Great Place To Work® Certification™
   * Employer Awards
   * Employee Surveys
   * For All Summit
   * Customer Reviews

 * Best workplaces
   * Certified companies
   * Recent list publications
   * Upcoming list publications and deadlines

 * Popular lists
   * Fortune 100 Best Companies to Work For®
   * PEOPLE® Companies that Care
   * Best Small & Medium Workplaces
   * Fortune Best Workplaces for Women
   * World's Best Workplaces
   * Best Workplaces for Millennials™

 * Insights
   * Blog
   * Better podcast
   * Free reports
   * News articles
   * Press releases
   * Webinars
   * Newsletter sign-up

 * Popular Resources
   * Report: The Power of Purpose in the Workplace
   * 11 Benefits of Getting Great Place To Work-Certified
   * What Is Talent Management? Definition, Strategy, Processes and Models
   * How to Build a Successful Talent Acquisition Strategy
   * Creating a Culture of Recognition

 * About us
   * Our mission
   * Our methodology
   * Our team
   * Our book: A Great Place To Work For All
   * Careers

 * 
 * 
 * 
 * 
 * 

+1 415 844 2500
 * Terms and Conditions
 * User Guidelines
 * Privacy & Security Notice
 * Intellectual Property Usage Policy
 * Brand Identity Policy
 * Careers
 * Certification & Lists Terms
 * Press
 * Certification Badge Usage Guide
 * National List Badge Guide
 * Regional List Badge Guide
 * Category List Badge Guidelines
 * U.S. Best Workplaces™ List Guidelines
 * Master Services Agreement

This website will use cookies based on your browsing activity.

This will enable you to have full access to all the features of this website. By
using this website, you agree we may store and access cookies on your device.

I understand

© Great Place To Work® Institute. All Rights Reserved.