Updated May 4, 2019
As set forth in Continuum GRC's Global Code of Conduct: "We respect the confidentiality and privacy of our clients, our people and others with whom we do business".
Certain Continuum GRC websites maintain their own privacy policies that apply to personal information collected via those sites and these policies may be accessed through those websites.
Personal information obtained from or relating to clients or former clients is further subject to the terms of any specific privacy notice provided to the client, any contractual arrangements with the client, and applicable laws and professional standards.
The data controller collecting the data described herein is the Continuum GRC firm in the visitor.s country or otherwise the Continuum GRC firm to which the visitor has submitted their data. Personal data collected by Continuum GRC may be transferred to other individual Continuum GRC firms, which are member firms of the worldwide Continuum GRC organization, where it is necessary to meet the purpose for which the visitor has submitted the information. By submitting data on Continuum GRC's website, the visitor is providing explicit consent to trans-border transmission of data collected on the website for the fulfillment of their voluntary requests.
We collect only personally identifiable information that is specifically and voluntarily provided by visitors to Continuum GRC's website. Continuum GRC receives limited identifiable information, such as name, Title, company address, email address, and telephone and fax numbers, and IP addresses and other analytical information from website visitors. Typically, identifying information is collected to:
- Register for certain areas of the site
- Utilize our proprietary applications
- Inquire for further information
- Distribute requested reference materials
- Submit resumes
- Understand visitor site usage
Demographic information, including gender and occupation, is not actively sought, but may be submitted when a visitor responds to an online job application. It is Continuum GRC's policy to limit the information collected to only the minimum information required to complete a visitor's request. In any instance where non-mandatory information is sought, the website visitor will be notified of this at the point of collection.
Although most publications are provided as downloads, visitors may also have the opportunity to purchase Continuum GRC publications either online, by calling toll free numbers to our fulfillment houses. We will collect order information and a customer's credit card information, where applicable, in order to facilitate shipment and payment for the publication.
Visitors are also able to send email through the site. Their messages will contain the user's screen name and email address, as well as any additional information the user may wish to include in the message. Because we use the website as a recruiting tool, a visit to the website may also result in the user sending a resume to an individual within Continuum GRC.
Continuum GRC's intention is not to seek any sensitive information through our website unless legally required for recruiting purposes. Sensitive information includes a number of types of data relating to: race or ethnic origin; political opinions; religious or other similar beliefs; trade union membership; physical or mental health; sexual life or criminal record. We suggest that you do not provide sensitive information of this nature. If you do wish to provide sensitive information for any reason, Continuum GRC accepts your explicit consent to use that information in the ways described in this privacy statement or as described at the point where you choose to disclose this information.
Use of data
A user may choose to provide personal information in the following examples:
- Order publications
- Submit resumes or work history information
- Participate in "join our mailing list" initiatives
- Participate in bulletin boards, discussion or message forums
- Contact us for further information
- Enter Quick Surveys, Quiz's or Benchmarking Surveys
- Register for events and conferences
- Register for premium online services
If you would like to find out more about the different categories of information collected, please review the data collection section.
Information attained by the site is used only for the intended purpose stated at the time that the information is collected. This data is not shared with other entities in the network for secondary or unrelated purposes, or shared with a third party, unless otherwise disclosed at the point of collection. If there is an instance where such information may be shared, the visitor will be asked for permission beforehand.
Continuum GRC makes every practical effort to avoid excessive or irrelevant collection of data. If a visitor believes the site has collected excessive information, we encourage the visitor to contact us at legal@ContinuumGRC.com to raise any concerns.
Except for the mailing list initiative described above, where visitors explicitly choose to receive specific Continuum GRC marketing or other materials, Continuum GRC may at times use this data collected from our websites to facilitate marketing activities.
Cookies and log files
If you are concerned about cookies, most browsers permit individuals to decline cookies. In most cases, a visitor may refuse a cookie and still fully navigate our websites however other functionality in the site may be impaired. After termination of the visit to our site, you can always delete the cookie from your system if you wish.
In order to properly manage our website we may anonymously log information on our operational systems, and identify categories of visitors by items such as domains and browser types. These statistics are reported in the aggregate to our webmasters. This is to ensure that our website presents the best web experience for visitors and is an effective information resource.
It is Continuum GRC's policy only to disclose information to third parties under the following circumstances:
- As required by law through subpoena, search warrant or other legal process
- When explicitly requested by a visitor
- When required to deliver publications, subscriptions or reference materials requested by a visitor
- When required to facilitate conferences or events hosted by a third party
- When required to maintain the site's technical health, performance, and functionality.
Continuum GRC's policy is to disclose information to third parties upon visitors submitting their requests (e.g., when ordering a publication, we display the party fulfillment the order).
Continuum GRC websites do not collect or compile personally identifying information for dissemination or sale to outside parties for consumer marketing purposes, or host mailings on behalf of third parties. However, in compliance with GDPR, the California Consumer Privacy Act (CCPA), and other consumer privacy-focused laws, consumers may inquire using the form below to make inquiries about opt out options and data sharing.
Third party links
Some of the information we receive is not retained. For example, we usually do not keep mailing addresses for white papers. Contact information about visitors (such as information generated though registration for access to areas on the site) will be kept as long as the information is required to completely service the contact request or until a user requests that we delete that information. Mailing list information, discussion posts and email are kept for only the period of time considered reasonable to facilitate the visitor's requests. Resumes are disposed of when they are either no longer under consideration, or are considered dated by our Human Resources departments.
As a policy, visitors are not required to register to gain access to areas of the Continuum GRC websites. In certain cases in the future, as your Continuum GRC website experience expands, we may require visitors to register in order to obtain a user-id and password for authentication and secure access to a transaction or certain business confidential or proprietary information services on premium websites.
Personally identifiable information provided to Continuum GRC through its website is provided voluntarily by visitors. Should visitors subsequently choose to unsubscribe from mailing lists or any registrations, we will provide instructions on the appropriate website area or in communications to our visitors; or a visitor may contact the webmaster of the appropriate site e.g., webmaster@ContinuumGRC.com.
Each visitor has the right of access to personal data they have submitted through the websites to Continuum GRC.
User updates of information should be handled by going back through the registration process. Inquiries about the accuracy of identifying information previously submitted to Continuum GRC through its website, or requests to have outdated information removed, should be directed to: webmaster@ContinuumGRC.com. Continuum GRC is committed to providing reasonable and practical access to visitors to allow them the opportunity to identify and correct any inaccuracies. When requested and practical, Continuum GRC will delete identifying information from current operational systems.
When personally identifiable information is retained, Continuum GRC assumes responsibility for keeping an accurate record of the information once a visitor has submitted and verified the data. Continuum GRC does not assume responsibility for verifying the ongoing accuracy of the content of personal information. When practically possible, if Continuum GRC is informed that any personal data collected through a website is no longer accurate, Continuum GRC will make appropriate corrections based on the updated information provided by the authenticated visitor.
Continuum GRC has implemented generally accepted standards of technology and operational security in order to protect personally identifiable information from loss, misuse, alteration or destruction. All Continuum GRC employees follow a network-wide security policy. Only authorized Continuum GRC personnel are provided access to personally identifiable information and these employees have agreed to ensure confidentiality of this information. Continuum GRC's policy is to use secure socket layer technology for the protection of credit card information submitted through web forms. This policy is also required for any fulfillment agents of our firms.
Continuum GRC understands the importance of protecting children's privacy especially in an online environment. The Continuum GRC sites covered by this privacy statement are not intentionally designed for or directed at children 13 years of age or younger. It is Continuum GRC's policy never to knowingly collect or maintain information about anyone under the age of 13.
Continuum GRC reserves the right to modify or amend this Statement at any time. The effective date will be displayed at the beginning of this statement. To keep visitors informed, Continuum GRC will notify users of changes to our Privacy Statement by prominently identifying the alteration for a period of not less than two weeks on our global home page at https://ContinuumGRC.com.