Privacy Policy

“The ability to learn faster than your competitors
may be the only sustainable competitive advantage.”
- Arie De Geus Royal Dutch / Shell


The GRC Sphere Privacy Policy
October 2015
Introduction

The GRC Sphere, a wholly owned division of RuleSphere International, Inc., values the privacy of its members, affiliates, and visitors to its websites and is strongly committed to each visitor's right to privacy. This privacy policy has been developed as a codification of our commitment in this area.

The privacy policy explains The GRC Sphere’s information gathering and handling practices. If you have any questions regarding The GRC Sphere’s privacy policy or do not feel that your concerns have been otherwise addressed, please contact us by sending an e-mail to [email protected]

Consent

By using The GRC Sphere’s websites, you signify your acceptance of our privacy policy. If you, as a visitor, choose to log on as a member, register for courses or events, purchase products, apply for membership or certification, or otherwise submit personally identifiable information, you are consenting to The GRC Sphere’s use of such data in accordance with its privacy policy.

Scope

It is the intent of The GRC Sphere to be in compliance with the principles of the Personal Information Protection and Electronic Documents Act of Canada, the European Union Safe Harbour Act, the Data Protection Act of the United Kingdom, and selected legislation worldwide regarding privacy of data. If any provision of this policy is in conflict with such legislation, the provisions of this policy shall apply, except when otherwise required by law.

This policy guides how The GRC Sphere stores and uses personal information that is collected by The GRC Sphere or provided to The GRC Sphere, whether through our websites or by other methods such as an application, enrollment, registration or order form, or other means. This policy covers all of The GRC Sphere websites including those of RuleSphere International, Inc. However, this policy does not cover affiliate websites whether or not linked to The GRC Sphere’s sites.

Membership Identity Number and Password

All individual GRC Sphere members (not corporations) are entered into our global membership database and are assigned a unique membership number. When members log on to the website, they will be asked to enter their e-mail address and to create a unique password to authenticate their membership.  Membership numbers are delivered to members together with basic information about membership benefits and services either directly from the global GRC Sphere website.

Collection and Use of Information

Even if you do nothing during your visit other than navigate a GRC Sphere website, read pages, or download information, we will automatically gather and store certain information about your visit. In order to ensure that our websites are as useful and effective an information source as they can be, we analyze information that identifies visitors by categories such as the location of visitors (by domain, not by personal e-mail address) and browser types. We also measure, in the aggregate, indicators such as number of visits, average time spent on the sites, and pages viewed. The GRC Sphere uses these statistics to improve site content and usability; this information does not identify visitors personally.

However, when a visitor enters an e-mail address and password obtained by the means described above on a GRC Sphere website for the purpose of logging in to restricted pages, a "temporary cookie" is deployed. This cookie — a small text file stored temporarily on the visitor's browser — enables the website to "remember" this authentication information during movement from one page to another. This makes it unnecessary to log in again on each page. The cookie will expire when the visitor leaves and no personal data is retained. In addition, to help prevent unauthorized users from using your identifying information, the cookie will expire if your session is idle for approximately 20 minutes. If you have set your Internet browser to reject cookies, access may be denied to secured areas of The GRC Sphere’s websites.

With the exception of specific secured pages, visitors are not required to be GRC Sphere members in order to gain access to GRC Sphere’s websites, although non-members may be required to register to receive all benefits available to users of the sites.

The GRC Sphere may use personally identifiable information you have voluntarily provided on our websites or by other means to notify you via e-mail or printed material of GRC Sphere’s events or other relevant products and services offered by The GRC Sphere. If you are a member of a GRC Sphere group, industry cluster, committee or other community, The GRC Sphere’s may contact you directly.  If you are a member of a GRC Sphere industry cluster or Special Interest Group, The GRC Sphere may produce member directories of such participants for networking purposes. If you do not want to receive notice of such events or be included in member directories, you may choose to opt out by the means detailed in the "Opting Out" section of this policy.

Collection of Personal Data from The GRC Sphere

The GRC Sphere collects, at a minimum, the names of GRC Sphere members who join GRC Sphere and records these in the global membership database in order to issue unique membership numbers. Members who wish to access the website will also have to provide e-mail addresses.  Transfer and update of data between GRC Sphere and members is allowed through an explicit consent of its members, or through adherence of GRC Sphere to the Safe Harbour Act in Europe, Data Protection Act in the UK, or other privacy policies worldwide. The amount of personal information recorded in the database depends on the services selected by GRC Sphere or the member and the preferred method of delivery. Members who do not wish to be contacted by GRC Sphere may choose so, while members who wish to access additional services may provide additional personal data either directly on GRC Sphere’s website or via GRC Sphere’s value-added affiliate services websites.

The GRC Sphere collects limited personal data from GRC Sphere affiliates worldwide in order to provide limited membership services to individuals who belong jointly to these affiliates and to GRC Sphere. Members of GRC Sphere who do not wish their personal data to be transferred should request exclusion through the "Opting Out" section of this policy.

Disclosure of Information to Third Parties

If you voluntarily provide The GRC Sphere with personally identifiable information, The GRC Sphere may share personal information with companies, organizations or individuals outside of GRC Sphere when we have your consent to do so. The GRC Sphere requires opt-in consent for the sharing of any sensitive personal information.  The GRC Sphere may release information on a selective basis to outside organizations whose products and services are of perceived benefit. These organizations include, but are not limited to:

  • Various companies that authenticate credit cards on behalf of The GRC Sphere if you provide a credit card for the purchase of products or services.
  • GRC Sphere community chapters, which may solicit you for local participation or local membership. In the case of GRC Sphere members, The GRC Sphere chapter may publish your name in a directory or use your data to mail or e-mail local materials, unless you contact GRC Sphere chapter and opt out of such disclosure.
  • For some North American members, The GRC Sphere may provide mailing information to other organizations whose products and services are of perceived benefit. If you do not want The GRC Sphere to provide your personally identifiable information to third parties other than to GRC Sphere chapters or as noted above, please see "Opting Out" section of this policy.
Disclosure of Information for Legal Reasons

The GRC Sphere will share personal information with companies, organizations or individuals outside of The GRC Sphere if The GRC Sphere has a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:

  • Meet any applicable law, regulation, legal process or enforceable governmental request.
  • Enforce applicable Terms of Service, including investigation of potential violations.
  • Detect, prevent, or otherwise address fraud, security or technical issues.
  • Protect against harm to the rights, property or safety of The GRC Sphere, our members or the public as required or permitted by law.

There are other instances in which The GRC Sphere may divulge your personal information. The GRC Sphere may provide your personal information if necessary, in The GRC Sphere’s good faith judgment, to comply with laws or regulations of a governmental or regulatory body or in response to a valid subpoena, warrant or order, or to protect the rights of The GRC Sphere or others.

Disclosure of Sensitive Personal Information to Third Parties

The GRC Sphere requires opt-in consent for the sharing of any sensitive personal information.  Sensitive personal information is a particular category of personal information relating to confidential medical facts, racial or ethnic origins, political or religious beliefs or sexuality. The GRC Sphere does not knowingly collect these specific types of sensitive personal information.

Right of Access

The GRC Sphere is dedicated to providing reasonable access to North American members and others who want to review their personal information maintained by The GRC Sphere and correct any inaccuracies therein. North American Members may view and update their data by accessing their Member Profile, available upon logging in to www.GRCsphere.org. GRC Sphere members and Non-members may verify and/or change their data by e-mailing [email protected] or by writing Member Support, The GRC Sphere c/o RuleSphere International, Inc. PO Box 152, Still River, MA 01467-0152, USA. The GRC Sphere, however, is not responsible for verifying the continued accuracy of either member or non-member information.

Security

Although The GRC Sphere does not monitor the websites, The GRC Sphere has reasonable policies in place to protect from misuse, the personally identifiable information provided by its users.

Links

The GRC Sphere’s websites contain "links" to other sites, including sites operated by GRC Sphere and GRC Sphere’s chapters. The GRC Sphere does not control, and is not responsible for, the accuracy, timeliness, security, or even the continued availability or existence of this outside information. Opinions expressed on other sites linked from The GRC Sphere’s websites are not necessarily those of The GRC Sphere, nor does The GRC Sphere endorse, warrant, or guarantee products or services described or offered on those other sites. Neither is The GRC Sphere responsible for the contents of any websites that choose to link to The GRC Sphere’s websites with or without The GRC Sphere’s consent.

Other organizations linked to The GRC Sphere’s websites may collect information about you when you view or click on these sites. The GRC Sphere cannot control this collection of information. You should contact these organizations directly if you have any questions about their use of the information they collect.

Changes to Privacy Policy

The GRC Sphere’s Privacy Policy may change from time to time. The GRC Sphere will not reduce your rights under this Privacy Policy without your explicit consent. The GRC Sphere will post any privacy policy changes on this page and, if the changes are significant, The GRC Sphere will provide a more prominent notice (including, for certain services, email notification of privacy policy changes). The users of The GRC Sphere’s websites should reference this policy periodically to ensure that they have knowledge of the current provisions of The GRC Sphere’s privacy policy.

DISCLAIMERS

THIS WEBSITE AND ITS CONTENT ARE PROVIDED "AS IS" AND THE GRC SPHERE EXCLUDES TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY OR FITNESS FOR A PARTICULAR PURPOSE. THE FUNCTIONS EMBODIED ON, OR IN THE MATERIALS OF, THIS WEBSITE ARE NOT WARRANTED TO BE UNINTERRUPTED OR WITHOUT ERROR. YOU, NOT THE GRC SPHERE, ASSUME THE ENTIRE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION DUE TO YOUR USE OF THIS WEBSITE.

Except as specifically stated in this Policy, or elsewhere on this website, or as otherwise required by applicable law, neither The GRC Sphere nor its directors, employees, content providers, affiliates or other representatives will be liable for damages of any kind (including, without limitation, lost profits, direct, indirect, compensatory, consequential, exemplary, special, incidental, or punitive damages) arising out of your use of, your inability to use, or the performance of this website or the Content whether or not we have been advised of the possibility of such damages.

The GRC Sphere uses reasonable efforts to ensure the accuracy, correctness and reliability of the Content, but we make no representations or warranties as to the Content's accuracy, correctness or reliability.

Some US states and foreign countries do not permit the exclusion or limitation of implied warranties or liability for certain categories of damages. Therefore, some or all of the limitations above may not apply to you to the extent they are prohibited or superseded by state or national provisions.

Opting In and Opting out of the Release of Personal Information

Members in North America are entered into the global membership database and given the choice to opt-out of receiving communications from The GRC Sphere or a GRC Sphere chapter. To opt out, please complete the appropriate mailing and e-mail option fields on the Member Profile form on The GRC Sphere’s website, or send your request via e-mail to: [email protected]

Members reported via their GRC Sphere are entered in the global membership database and given the choice to opt-in to receiving communications and additional services from The GRC Sphere. GRC Sphere’s members will not be contacted by The GRC Sphere unless they opt-in either by instructing their GRC Sphere or by logging into their profile on the GRC Sphere’s website and selecting to receive optional services and communications.

However, if you choose to provide The GRC Sphere with personally identifiable information by purchasing a product, registering for an event, or requesting other services, The GRC Sphere may use that information to provide you with the purchased products or services, for billing purposes, to send immediately relevant information to you, and for other purposes related to the reason you provided the information even if you opt out of the use of your information by the means detailed in this privacy policy.

The GRC Sphere
PO Box 153
Still River (Town of Harvard), MA 01467-0152
USA
Go to LinkedIn GRC Sphere Community to request approval to join us: https://www.linkedin.com/grp/home?gid=8338283
Phone: 1(978) 456-8253
Skype:  GRCsphere

Reinventing the Strategic Vision and Value of GRC…

“Come for our rich content, Stay for our awesome communities!”