We may collect personal information about you, meaning information that can uniquely identify you, such as:
- Your name and contact information;
- Information about your relationship with your employer;
- Information related to your employment: employee identification number, email address, hire date;
- Purchases, submissions, and redemptions you make using our Services; and
- Content such as messages, comments, photos, videos, and other information that you submit.
If you make a purchase when using the Services, our third-party payment processor may collect your payment card or bank account number, payment card expiration date and security code, and other payment details, as well as other personal information, in order to complete your purchase.
If you access and use the Services on a mobile device and your mobile device’s settings allow it, we may collect information about your real-time location. Please see the "Your Choices" section below for information regarding how to limit the location information that we may collect when you access and use the Services on a mobile device.
We may conduct surveys at the request of your employer. We may also conduct marketing surveys for data research purposes, where we analyze the answers in the aggregate. We may ask for contact details in the event we need to verify or validate answers.
The information we may collect by automated means may include, without limitation:
- Information about the devices you use to access the Services (such as the IP address and the type of the device, operating system, web browser type, and mobile network information).
- Anonymous information regarding your access to and use of the Services, such as:
- Traffic data and logs;
- Actions taken when using the Services (such as searches, page views, and website navigation patterns);
- Dates and times;
- Duration of use of the Services (including whether you are a repeat or first time visitor); and
- Demographic information, in conjunction with voluntary, anonymous research surveys.
Website Usage Information
A "web beacon," also known as an Internet tag, pixel tag, or clear GIF, is used to transmit information about actions of the user opening the page or email containing the beacon back to a web server. We, and our subsidiaries, may use web beacons through our Services, including on our websites, in our emails, in our advertisements on other websites, or in our advertisements in others' emails. We utilize web beacons to measure visitor behavior, to help us improve visitor experience, and to manage website content.
We use the information we collect to administer our employee recognition and engagement business, including to administer our "Wall of Fame", a social media platform which allows employees to post real-time recognition of achievements and add likes and comments to others' posts. Information posted on the Wall of Fame is shared across teams and departments within your company. If you do not wish to utilize the Wall of Fame or the platform, you may opt out at any time by contacting your program administrator or emailing email@example.com.
We may contact you to respond to your questions and comments or to provide customer support. We also may contact you to measure your interest in various services or special offers, to facilitate reward redemption, and to inform you about new products and services. We may disclose personal information about you to contractors, service providers, and other third parties in order to provide our services to you. Our third-party service providers are allowed to only use the information solely for the purpose of processing your request or arranging delivery of your requested product or service.
We may disclose personal information about you to: a buyer or other transferee in the event of a merger, divestiture, restructuring, reorganization, dissolution, sale, or other transfer of some or all of our assets, if the information in question is publicly available; if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of OCT, users of our website, or others; or if required in response to any lawful request by public authorities, including to meet national security or law enforcement requirements.
We do not share, sell, rent, or trade personal information with third parties for their promotional purposes. We may disclose aggregated information about our users, and other information that does not identify any specific user, without restriction.
Any personal information collected about visitors through the Services may be processed in the United States by us or by a party acting on our behalf. When you provide personal information to us through the Services, you consent to the processing of your data in the United States. The Services are hosted in the United States. For additional information about specific jurisdictional data transfer mechanisms, please contact firstname.lastname@example.org
For further information about disabling cookies you can visit www.allaboutcookies.org. If you choose to decline cookies, you may not be able to login or use other interactive features of our Services that depend on cookies.
If you receive an email from us regarding new products or services, you may request to be removed from our database list by clicking the "UNSUBSCRIBE" link at the bottom of the email message or by sending an email with "UNSUBSCRIBE" in the subject line to email@example.com that explains the desire to stop receiving communications and gives us the address (email and/or physical) to be removed, and we will promptly unsubscribe you.
You may disable the geo-location features of your mobile device or forego using our mobile applications, if you do not wish to make your location known.
If you become aware that information that we maintain about you in connection with a Client Recognition Platform is inaccurate, or if you wish to update or review your information, please contact your human resources department. They will either make the changes directly or contact us to take reasonable steps to permit you to correct, amend, or delete information that is demonstrated to be inaccurate. In all other cases where you would like to review or update your information, you may send your request to firstname.lastname@example.org, along with the correct information.
You will need to provide sufficient identifying information, such as name and address. We may request additional identifying information to confirm your identity and/or as a security precaution. In addition, we may limit or deny access to personal details where providing such access would be unreasonably burdensome or expensive in the circumstances. In some circumstances, OCT may charge a reasonable fee, where warranted, for access to personal information.
We employ industry standard security measures designed to protect the security of personal information submitted through the Services. We cannot be responsible for the acts of those who gain unauthorized access and we make no warranty we will prevent unauthorized access to your personal information. Additionally, the security of information transmitted through the Internet can never be guaranteed. We receive personal information transmitted to us through the Internet in encrypted format, when supported by our clients. We are not responsible for any interception or interruption of any communications through the Internet or for changes to or losses of data resulting from Internet transmission. We cannot ensure the confidentiality, integrity, or availability of the information from a Client Recognition Platform once it is accessed by the client to whom that portion of the Services is dedicated, nor can we limit how that client will use your information.
Users of the Services are responsible for maintaining the security of any password, user ID, or other form of authentication involved in obtaining access-protected or secure areas of the Services. In order to protect you and your data, we may suspend your use of any of the Services, without notice, pending an investigation, if any breach of security is suspected. Access to and use of protected and/or secure areas of any of the Services are restricted to authorized users only. Unauthorized access to such areas is prohibited and may lead to criminal prosecution.
Not Child Directed
Some clients may opt to configure the Services to allow minor employees to post user-generated content through the Services. In such cases, minors, may delete and modify their user-generated content at any time using the same service used to create it. Alternatively, users may contact email@example.com for assistance with removing user-generated content. Such removal does not ensure complete or comprehensive removal of that information.
How We Respond to Do Not Track Signals
Some web browsers (including Safari, Internet Explorer, Firefox, and Chrome) incorporate a "Do Not Track" (DNT) or similar feature that signals to digital services that a visitor does not want to have his/her online activity tracked. If a digital service that responds to a particular DNT signal receives the DNT signal, the browser can block that digital service from collecting certain personal information about the browser's user. Not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, we and many other digital service operators do not respond to DNT signals. For more information about DNT signals, visit http://allaboutdnt.com.
EU-U.S. Privacy Shield
Where there is onward transfer of personal data of EU individuals to third parties, OCT requires such third parties who perform services for us to treat personal information securely and to restrict their access, use, and disclosure of such personal data in a manner consistent with our Privacy Shield obligations. If any such third party fails to so comply, OCT may have liability to the extent OCT is responsible for the event giving rise to the damage.
OCT has further committed to cooperate with the panel established by the EU Data Protection Authorities ("DPAs") and the Swiss Federal Data Protection and Information Commissioner (“FDPIC”) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU and Switzerland in the context of the employment relationship. If you do not receive timely acknowledgement of your complaint from us, or if you have we have not addressed your complaint to your satisfaction, please contact the EU DPAs or the Swiss FDPIC for more information or to file a complaint. The services of the EU DPAs and the Swiss FDPIC are provided at no cost to you. Please contact us to be directed to the relevant contacts.
In addition, if you have an unresolved privacy or data use concern that we have not addressed satisfactorily, you may contact JAMS, our U.S.-based third party dispute resolution provider (free of charge).
As further explained in the Privacy Shield Principles, a binding arbitration option will also be made available to you in order to address residual complaints not resolved by any other means. OCT is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.