Effective Date: May 25, 2018
- Access - In those instances where we control your data, we will provide you with (i) the opportunity to confirm whether we are processing your Personal Information; (ii) a way to obtain a copy of your Personal Information that we process; (iii) the ability to restrict or object to processing of your Personal Information; and (iv) the ability to correct, amend, or delete Personal Information that is inaccurate; all within a reasonable amount of time from the time you submit such a request.
- Accuracy - We take reasonable steps to ensure that the Personal Information we have is accurate or rectified without delay if it is determined to be inaccurate.
- Choice - We will provide you with mechanisms that will allow you to opt out of (i) our direct marketing campaigns; (ii) the disclosure of your Personal Information to third parties who are not acting as our agents; and (iii) the use of your Personal Information for purposes that are materially different from the purpose for which we originally collected the Personal Information.
- Data Integrity and Purpose Limitation - You will be able to (i) view the Personal Information that we have about you; (ii) correct or modify your Personal Information if it is inaccurate or incomplete; and (iii) limit the collection of data to such data that is relevant to the products and services we provide to you or on your behalf.
- Data Minimization - We process only that Personal Information which is adequate, relevant, and necessary to achieve the purposes for which it is collected
- Integrity, Confidentiality, and Security - We take reasonable measures to protect the security of your Personal Information, and our agreements with third parties with whom we share Personal Information require similar protections.
- Lawfulness, Fairness, and Transparency - We will process your Personal Information only when we have a legal basis for doing so, and we will process your Personal Information in a manner that is fair and transparent to you.
- Purpose Limitation - We collect Personal Information only for specific, explicit, and legitimate purposes, and refrain from further processing that Personal Information in any manner that is incompatible with those purposes (subject to our reasonable archive, backup, and research practices).
- Recourse, Enforcement, and Liability - We have processes for handling complaints relating to use of your Personal Information (see “Complaints and Disputes”).
- Storage limitation - We keep data in personally-identifiable form only for as long as necessary to achieve the purposes for which it is being processed (subject to our reasonable archive, backup, and research practices).
- Links to External Sites
- What Personal Information We Collect and How
- How We Use Personal Information
- To Whom We Disclose Personal Information
- Cookies and Other Technologies
- How We Retain Personal Information
- How We Protect Personal Information
- Your Rights
- Privacy Shield
- Complaints and Disputes
- Contact Us
- “Assessment” means an instrument, questionnaire, or series of tests that are completed by one or more Respondents to provide information about a Respondent to the Respondent, to CPP and to CPP’s Customers, usually with the aim of generating one or more Reports.
- “Certified Practitioner” means an individual (i) who has successfully completed one or more of our certification programs for certain Assessments, (ii) one or more Assessments to one or more Respondents and (iii) who interprets the Reports (or other output generated by CPP) to provide feedback to the Respondent(s) about the Reports.
- “Child” or “Children” means those individuals who are (i) in the United States and under age 13; (ii) in the European Union and under age 16; or (iii) in other countries or territories and under the minimum age of threshold to be considered an adult.
- “Customer” means an individual, business, or other entity that purchases CPP’s Products or Services, or with which CPP has a contractual relationship to provide Products or Services.
- “Personal Information” means any information, recorded in any form, about an identified individual, or an individual whose identity may be inferred from the information. Personal Information includes, for example, name, email address, mailing address, telephone number, billing information, account information, and other information incidental to providing or receiving Products or Services or which you may choose to provide to CPP. It also includes other information, such as IP address, device information, or other Session Data (as defined below) that can reasonably be linked to a specific individual, computer, or other device.
- “Practitioner” means an individual who administers one or more Assessments to one or more Respondents and who interprets the Reports (or other output generated by CPP) to provide feedback for the Respondent(s).
- “Products or Services” means the products or services promoted, sold, or available for sale on the Sites, such as our Assessments, Reports, and supplemental materials.
- “Reports” means an analysis of the scoring and responses provided in connection with an Assessment, which a Practitioner or Customer may use to interpret a Respondent’s responses to an Assessment. Some Reports, such as those generated on www.mbtionline.com, do not require an interpretation from a Practitioner.
- “Respondent” means an individual who takes, will take, or has taken an Assessment.
- “Session Data” means, as applicable, usage information, such as IP address, unique identifier of an individual’s mobile device, the type of browser, type of operating system, referring URL, date, time and duration of a visitor’s visit, the number of visits to a Site, the pages viewed, order of pages viewed, time spent on a particular page, the number of cookies accumulated, bytes sent, bytes received, protocol version, user agent, method, URI stem, URI query, or MAC address.
- “Site” means any websites that we may develop or have developed from time-to-time and includes, without limitation: www.cpp.com, www.cppblogcentral.com, elevate.cpp.com, www.mbtitype.com, and www.mbtionline.com
If you reside in a country or territory that restricts the transfer of Personal Information out of that country or territory, you agree to the transfer, storage, and processing of your Personal Information to countries that may not have data protection laws that provide the same level of protection as those that exist in your country of residence.
Children are not permitted to use the Sites. Should we discover that a Child has sent Personal Information directly to us, we will use that information only to respond directly to that Child to inform him/her that we will not continue to process his/her Personal Information.
If you visit the Sites—If you visit the Sites, we automatically collect the related Session Data. Session Data is provided to us by your browser, by third-party integrations on our Sites, and through our log files, which record your activities while browsing our Sites, such as when you click on a link. We may record some of this data in one or more cookies that we send to your browser (see “Cookies and Other Technologies")
If you register or create an account—If you register or create an account, we require that you provide certain Personal Information during account registration. We collect your name, contact information, and other information, and may ask you for other optional information that helps us serve you better.
If you complete an Assessment—If a Respondent completes an Assessment, we collect the Respondent’s name, email address, contact information, Assessment responses, Session Data, and other information you may choose to provide or associate with your account. In some cases, we ask questions to which the response is optional (such as demographic questions), and these questions are identified as such. In some instances, these optional demographic questions may involve collection of special categories of Personal Information, such as information regarding your racial or ethnic origin. You are free not to respond to these optional questions. For all optional questions, our legal basis for processing your Personal Information is your explicit, informed consent.
If you participate in a survey—If you choose to participate in one of our surveys, we may collect Personal Information such as your name, email address, and any other Personal Information that you may provide in your survey responses. Participation in surveys is optional, and we give you the ability to opt out of being contacted for surveys at any time.
If you sign up to receive marketing communications—If you sign up to receive our marketing communications, we may collect information on the open rate of the communications, and whether a specific individual has clicked on a link contained in a particular communication.
If you are a Customer or other business contact—If you are a Customer or other business contact, or if you are an employee or agent of a Customer or business contact, we may collect your name, email address, telephone number, and other contact information in the regular course of our interaction with you.
If you interact with third parties regarding our Products or Services—We may receive Personal Information about you from third parties, such as from Customers, websites where we advertise, business partners, and service providers. Some of this information pertains to a specific individual; other information can only be linked to an access point or a device.
If you apply for employment—If you choose to apply for an open position of employment we have designated as available, we may collect Personal Information such as your name, email address, and any other Personal Information that you may provide in conjunction with your application. We use this information only to consider you as a candidate for the position for which you are applying and to contact you for legitimate purposes relating to that application.
To facilitate the use of the Sites—We use Session Data to ease navigation throughout the Sites, to enhance navigation, keep track of login name and password in order to avoid requesting identity information when the visitor moves from page to page, and in general to enhance the quality of our Sites and the content provided on the Sites.
In connection with Assessments—We use the responses to Assessments to score the Assessments and to generate Reports and other data related to the Respondents to those Assessments. We sometimes combine data from multiple Respondents (for example, in team reports). We may also combine Respondent data with our general research data, or compare or associate Respondent data with other Respondent data. Certain subsets of this data are made available to our Customers, but your Personal Information is only shared with a Customer if you complete an Assessment that has been sponsored by that Customer.
To validate certification status—If you are or become a Certified Practitioner, we may share information regarding your certification, such as your name, the instruments in which you are certified/qualified, the date(s) of your certification/qualification, and the current status of your certification/qualification with individuals who inquire about such information.
For research purposes—We may use aggregated Session Data to better understand how our Sites are navigated, how many visitors arrive at specific pages, which pages or content attract more viewers, the length and frequency of stays at our Sites, the different types of searches of our Sites’ content and databases, the types of browsers and computer operating systems that our visitors use, and the IP addresses from which visitors connect to our Sites, in order to improve our Sites and enhance our content. We may use IP addresses to gather broad demographic information—information that is not associated with any individual, and is therefore anonymous. We also use aggregated Assessment responses and other data to improve our Products and Services.
For maintenance purposes—We may use IP addresses and Session Data to diagnose problems with our server, and to administer our Sites.
For marketing purposes—We may use email addresses or other contact information to send mailings, newsletters, and other marketing communications regarding product information and releases. We may use your telephone number to contact you for marketing purposes. We may use pixel tags to monitor the open rate of our communications. This helps us understand the effectiveness of the communications that we send. We give you the ability to opt out of marketing communications at any time.
For survey analysis—The information that we collect through our surveys is not used other than to garner survey results and statistical analysis.
Customers—CPP provides its Customers with the information that they need to properly administer or interpret Assessments. If you take an Assessment at the direction of one of our Customers, that Customer will receive from CPP one or more Reports based on the Assessment you took and the responses you provided to that Assessment so that the Customer may properly counsel or advise you or provide you with other services.
Gift Recipients—If you purchase Products or Services for use by another individual (for example, as a gift), then we may provide the recipient of such Products or Services with your Personal Information.
- Arkadin, Inc. (for telecommunications services);
- FedEx Corporation (for shipping services);
- Marketo, Inc. (for marketing communications);
- Microsoft Corporation (for platform infrastructure services);
- Mimecast Services Limited (for email archive services);
- Mozy, Inc. (for backup and archive services);
- PayPal, Inc. (for payment processing services);
- Salesforce.com Inc. (for customer relationship management);
- SendGrid, Inc. (for email delivery services);
- United Parcel Service (for shipping services); and
- Virtunet, LLC (for backup and recovery services).
- Assesta, Ltd. (South Korea);
- CPP Asia Pacific Pte. Ltd. (Brunei; Cambodia; Indonesia; Malaysia; Mongolia; Myanmar; and Singapore);
- CPP Asia Pacific Pty. Ltd. (Australia; Bangladesh; China; Hong Kong; India; Indonesia; Malaysia; Nepal; Pakistan; Singapore; Sri Lanka; and Taiwan);
- Fellipelli Consultoria e Diagnosticos (Argentina; and Brazil);
- Global Jobs Capacitacion S.P.A. (Chile);
- HDS Diagnostico Y Desarollo de Talento (Mexico);
- Heart to Heart Communication Consulting and Human Development (Egypt);
- Innovative HR Solutions (Bahrain; Kuwait; Oman; Qatar; Saudi Arabia; and the United Arab Emirates);
- Jopie Van Rooyen and Partners (Angola; Benin; Botswana; Burkina Faso; Burundi; Cameroon; Cape Verde; Central African Republic; Chad; Comoros; Republic of the Congo; Democratic Republic of the Congo; Cote d'Ivoire; Djibouti; Equatorial Guinea; Eritrea; Gabon; The Gambia; Ghana; Glorioso Islands; Guinea; Guinea-Bissau; Kenya; Lesotho; Liberia; Madagascar; Malawi; Mali; Mauritania; Mauritius; Mayotte; Mozambique; Namibia; Niger; Nigeria; Reunion Island; Rwanda; Sao Tome and Principe; Senegal; Seychelles; Sierra Leone; Somalia; South Africa; South Sudan; Sudan; Swaziland; Tanzania; Togo; Uganda; Zambia; and Zimbabwe);
- JPP Co., Ltd. (Japan);
- Levy Consulting (Israel);
- OPP Limited (Albania; Andorra; Austria; Belarus; Belgium; Bosnia Herzegovina; Bulgaria; Croatia; Czech Republic; Cyprus; Denmark; Estonia; Finland; France; Germany; Gibraltar; Greece; Greenland; Hungary; Iceland; Ireland; Italy; Kosovo; Latvia; Liechtenstein; Lithuania; Luxembourg; Macedonia; Malta; Moldova; Monaco; Montenegro; Norway; Poland; Portugal; Romania; Russia; San Marino; Serbia; Slovak Republic; Slovenia; Sweden; Switzerland; The Netherlands; Turkey; Ukraine; United Kingdom; Vatican City; and Yugoslavia); and
- Psychometrics Canada, Ltd. (Canada).
If our processing of your Personal Information requires transfer of your Personal Information to countries outside of the European Economic Area or to an international organization, we will only do so when we can ensure that the level of protection of your Personal Information will not be undermined. To achieve this, we rely on a variety of data transfer mechanisms, including adequacy determinations by the European Commission, appropriate safeguards such as standard contractual clauses, or binding corporate rules.
To defend or enforce our rights—CPP may use Personal Information to protect itself or to protect the Sites, to respond to a breach of its Terms of Service (or other applicable legal terms), to prevent fraudulent activity, or where it is necessary to pursue available remedies. If a Customer neglects to pay amounts due and owing to CPP, CPP may send that Customer’s name, contact information, and account information to a third-party service provider for collection of overdue payments.
Law Enforcement; Litigation—Certain federal, state, local, or other government regulations may require that we disclose information that we hold. In such cases, we will use reasonable efforts to disclose only the Personal Information required under applicable law, such as in response to a facially valid court order, warrant or subpoena issued or made by a court, person or body. We may use or disclose Personal Information (a) if we believe in good faith that a law, regulation, rule or guideline requires it; or (b) to a person who needs the information because of an emergency that threatens the life, health or security of an identified group or person.
Aggregated data—Other than as stated above, if CPP provides a third-party with Personal Information, it will be in the form of aggregated data and used for product development, research, or statistical analysis. Aggregated data are created from records that are stripped of all personal identifiers, such as aggregated Assessment responses, or on-site behavior.
The Public—Certain of our Sites offer publicly-accessible blogs or community forums and any Personal Information you provide on these blogs or forums may be read, collected, and used by others who access those Sites. We encourage you to be thoughtful of what Personal Information you choose to provide on such Sites.
A cookie is a small text file that a website sends to a visitor’s browser and that sends back information each time the visitor makes a request from the website. A cookie contains a unique identification number that identifies the visitor’s browser, but not necessarily the visitor. Cookies can be accepted, rejected, or identified by configuring a browser’s preferences or settings. Pixel tags or clear gifs are tiny graphics with a unique identifier that are embedded invisibly on a webpage and are used to track a visitor’s movements on a website. We use the information gathered by clear gifs to help us better manage content on the Sites. Cookies and pixel tags are used to help recognize a returning visitor, and to help customize the visitor’s online experience. Unless a visitor specifically informs us of his/her identity (e.g., by registering with us), we will not know who the individual visitor is.
- to collect Session Data and other session information;
- to process orders and to store order and shopping cart information;
- to store and hash usernames and passwords so that users do not have to re-enter this information each time they log in; and
- to collect analytics relating to visitors’ use of the Site.
The Sites do not respond to “do not track” signals or other similar mechanisms.
As a general principle, we keep data in personally-identifiable form only for as long as necessary to achieve the purposes for which it is being processed (subject to our reasonable archive, backup, and research practices). In practice, that generally means we may retain your Personal Information (i) for as long as your account remains active; (ii) for as long as you continue to do business with us; or (iii) for as long as we are required to by applicable law. When your account becomes inactive (as determined by us in our sole discretion), or if you cease doing business with us, we may retain your Personal Information for an additional period for our reasonable archive and backup purposes. The duration of our retention of your Personal Information may be set forth more specifically in our written agreement(s) with you, or our applicable Terms of Service or other legal terms. At all times, both while you are an active Customer, Practitioner, Respondent, or other registered user and thereafter, we may retain Assessment responses and other data in non-personally-identifiable format for as long as the information is needed for our research, statistical analysis, product development, or other commercial purposes.
We follow generally-accepted industry standards to protect Personal Information, both during transmission and once we receive it. We use administrative, physical, and technical measures designed to protect Personal Information from unauthorized access, loss, misuse, disclosure, alteration, or destruction.
When we need to transfer information out of our firewall, we use industry-standard technological means to protect Personal Information while in transit through the Internet. We use encryption and a comprehensive authentication protocol to provide reasonable security.
No method of transmission over the Internet, or method of electronic storage, is fully secure, however. Therefore, while we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.
We respect your rights as a data subject. In those instances when we are a data controller, we provide you with the rights described below. In those instances where we are a data processor, we will reasonably assist the data controller in facilitating your ability to exercise the rights below.
Right of access—You have the right to obtain confirmation as to whether or not your Personal Information is being processed. If your Personal Information is being processed, you have the right to access your Personal Information and the following information: (a) the purposes of the processing; (b) the categories of Personal Information concerned; (c) the recipients or categories of recipients to whom your Personal Information has been or will be disclosed (including international organizations and recipients in other countries); (d) where possible, the period for which your Personal Information will be stored or the criteria used to determine that period; (e) the existence of your right to request that the data controller rectify or erase your Personal Information, or restrict processing of your Personal Information, or to object to processing of your Personal Information; (f) your right to lodge a complaint with a supervisory authority; (g) the source of your Personal Information (if it was not obtained from you directly); and (h) the existence of any automated decision-making (including profiling) along with meaningful information about the logic of such automated decision-making and its consequences.
Right to rectification—You have the right to rectify inaccurate Personal Information concerning you. Taking into account the purposes of the processing, in some instances you will have the right to have incomplete Personal Information completed by providing supplementary written statements to us.
Right to erasure—You have the right to request erasure of your Personal Information when one of the following applies: (a) your Personal Information is no longer needed to achieve the purpose(s) for which it was originally collected or processed; (b) the processing of your Personal Information is based on your consent, you choose to withdraw that consent, and we have no other legal basis for ongoing processing; (c) you object to the processing and we have no overriding legitimate grounds for ongoing processing; (d) your Personal Information has been processed unlawfully; or (e) your Personal Information must be erased for compliance with applicable law. In those instances where you exercise this right against CPP as the data controller, we will accommodate your request to the extent practicable, and to the extent that it does not otherwise conflict with any of our other obligations. We reserve the right to retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our contractual agreements.
Right to restriction of processing—You have the right to restrict processing of your Personal Information where one of the following applies: (a) you contest the accuracy of your Personal Information, in which case processing will be restricted for a period allowing the data controller to verify or rectify the accuracy of your Personal Information; (b) processing of your Personal Information is unlawful; (c) processing of your Personal Information is no longer necessary for the purpose(s) for which it was collected or processed but you require it for the establishment, exercise, or defense of legal claims; or (d) you object to the processing, in which case processing will be restricted for a period allowing the controller to demonstrate whether legitimate grounds exist that override your objection.
Right to data portability—Where technically feasible, and as related to Personal Information you have provided to a data controller based on your consent or a contract with you, you have the right to receive that Personal Information in a structured, commonly-used and machine-readable format and to transmit that Personal Information to another controller if the processing of that Personal Information is performed by automated means.
Right to object to processing—In certain instances, you may have the right to object to processing of your Personal Information. Should you so object, the controller of your Personal Information must stop processing your Personal Information unless the controller can demonstrate (i) compelling legitimate grounds for ongoing processing of your Personal Information that override your objection; or (ii) the need for the establishment, exercise, or defense of legal claims.
Right to opt-out of marketing communications—If you are receiving marketing communications from us and you wish to unsubscribe, you may do so by clicking on the “unsubscribe” link provided in the communication or by managing your marketing communication preferences on the Site(s).
Right to block cookies—You have the right to block pixel tags and certain cookies. Most browsers automatically accept cookies. You can instruct your browser, by editing its options, to stop accepting cookies, or prompt you before accepting a cookie from the Site that you visit. If you decide not to accept our cookies, you may not be able to access portions of our Products or Services. Some cookies are strictly necessary for us to deliver the Sites or Products or Services, and those cookies cannot be disabled.
If CPP is the controller of your Personal Information and you wish to exercise any of the rights described above, please contact us with proof of identity, as provided in the “Contact Us” section. In general, you can expect a response to your request within 30 days. However, if your request is complex or involves a high volume of data, CPP may inform you that the request could take up to an additional sixty (60) days. In some instances, fees may apply. If CPP is not the controller of your Personal Information, CPP will ask you to direct your request to the data controller, and CPP will reasonably assist the data controller in facilitating the request.
CPP has established procedures for periodically verifying implementation of and compliance with the Privacy Shield Privacy Principles. CPP conducts an annual self-assessment of its Personal Information practices to verify that the attestations and assertions that it makes about its privacy practices are true and that its privacy practices have been implemented as represented.
In the context of an onward transfer, a Privacy Shield organization has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. The Privacy Shield organization shall remain liable under the principles of the Privacy Shield if its agent processes such personal information in a manner inconsistent with the Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.
In compliance with the Privacy Shield Principles, CPP commits to resolve complaints about our collection or use of your personal information. E.U. and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact CPP at the information provided in the "Contact Us" section below.
CPP has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit JAMS for more information or to file a complaint. The services of JAMS are provided to you at no cost.
CPP commits to cooperating with E.U. data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the E.U. and Switzerland in the context of the employment relationship.
Under certain conditions, EU Citizens may invoke binding arbitration by a Privacy Shield panel, as outlined in Annex I of the Privacy Shield Framework. More information is available at www.privacyshield.gov.
Except as otherwise set forth under the ‘Privacy Shield’ section above for personal information originating in the E.U. or Switzerland, if our efforts to resolve your complaint through CPP’s internal dispute resolution mechanisms are unsatisfactory, you agree to first attempt to settle in good faith the dispute through mediation administered by JAMS, under its International Mediation Rules, which are accessible on the JAMS website at http://www.jamsadr.com/international-mediation-rules/. The mediator may propose any appropriate remedy, such as publicity for findings of non-compliance, payment of compensation for losses incurred as a result of non-compliance, or cessation of processing of the Personal Information who has brought the complaint. The mediation will be held online and all documents and other correspondence will be transmitted through email.
If our efforts to resolve the dispute through mediation are unsuccessful, you agree to binding arbitration administered by JAMS pursuant to its International Arbitration Rules, which are accessible on the JAMS website at http://www.jamsadr.com/international-arbitration-rules/. Judgment on the award rendered by the arbitrator may be entered into any court having jurisdiction over the matter. The arbitration will be held online and all documents and other correspondence will be transmitted through email.
You also have the right to complain to the relevant data protection Supervisory Authority. The UK Information Commissioner’s Office (ICO) is the relevant Supervisory Authority for OPP Limited (our UK-based subsidiary) and its European branch offices. We would appreciate the chance to deal with your concerns before you approach the ICO. You can however contact the ICO as follows:
Information Commissioner’s Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Telephone: + 44 303 123 1113
By email: firstname.lastname@example.org
By phone: +800 624 1765 (toll-free when calling from the United States)
or: +1 650 969 8901
By mail: CPP, Inc.
185 N. Wolfe Road
Sunnyvale, CA 94086
United States of America