Privacy Policy

Effective Date: May 25, 2018

This website is owned and operated by CPP Inc. (“CPP,” “we,” or “us”), a California corporation.  We work diligently to protect the privacy, confidentiality, and security of the Personal Information (defined below) that we receive.  This Privacy Policy describes the principles and practices that apply to the Personal Information that we collect from individuals online or offline (“you”), such as individuals who browse through our Sites (defined below), register on the Site, use the services provided on the Sites, interact with the Sites, communicate with us through telephone, email, text, or other communications means, participate in our interviews, surveys, or promotions, read or receive our newsletters, or apply for employment with us.

Privacy Principles

This Privacy Policy is based on the following privacy principles:



Quick Links



Definitions

In this Privacy Policy, the following terms are defined as set forth in this section:



Your Agreement to this Privacy Policy

By creating an account, using the Site(s), and/or submitting Personal Information to us, you agree to the practices described in this Privacy Policy, and you agree that we may collect, use, disclose, store, transmit, and/or process such Personal Information in accordance with this Privacy Policy or as required by law.

If you reside in a country or territory that restricts the transfer of Personal Information out of that country or territory, you agree to the transfer, storage, and processing of your Personal Information to countries that may not have data protection laws that provide the same level of protection as those that exist in your country of residence.

Children are not permitted to use the Sites. Should we discover that a Child has sent Personal Information directly to us, we will use that information only to respond directly to that Child to inform him/her that we will not continue to process his/her Personal Information.


Links to External Sites

The Sites may link to websites that are operated by third parties. Because such websites are not operated by CPP, they are not subject to this Privacy Policy. We recommend that you read the privacy statements that are posted on these third-party websites to understand their procedures for collecting, using, and disclosing Personal Information.


What Personal Information We Collect and How

We collect only such Personal Information as necessary to (i) provide our Products or Services to you; (ii) inform you about our Products and Services; (iii) continue our research in the field; and (iv) improve our Sites, Products or Services, and your experience interacting with us. We describe below the different ways in which we collect or obtain Personal Information. Unless otherwise stated below, the legal basis for our processing of your Personal Information is our legitimate business interest in (i) providing the Sites, Products, or Services to you; or (ii) contacting or considering you as a candidate for employment with us.

If you visit the Sites—If you visit the Sites, we automatically collect the related Session Data. Session Data is provided to us by your browser, by third-party integrations on our Sites, and through our log files, which record your activities while browsing our Sites, such as when you click on a link. We may record some of this data in one or more cookies that we send to your browser (see “Cookies and Other Technologies")

If you register or create an account—If you register or create an account, we require that you provide certain Personal Information during account registration. We collect your name, contact information, and other information, and may ask you for other optional information that helps us serve you better.

If you complete an Assessment—If a Respondent completes an Assessment, we collect the Respondent’s name, email address, contact information, Assessment responses, Session Data, and other information you may choose to provide or associate with your account. In some cases, we ask questions to which the response is optional (such as demographic questions), and these questions are identified as such. In some instances, these optional demographic questions may involve collection of special categories of Personal Information, such as information regarding your racial or ethnic origin. You are free not to respond to these optional questions. For all optional questions, our legal basis for processing your Personal Information is your explicit, informed consent.

If you participate in a survey—If you choose to participate in one of our surveys, we may collect Personal Information such as your name, email address, and any other Personal Information that you may provide in your survey responses. Participation in surveys is optional, and we give you the ability to opt out of being contacted for surveys at any time.

If you sign up to receive marketing communications—If you sign up to receive our marketing communications, we may collect information on the open rate of the communications, and whether a specific individual has clicked on a link contained in a particular communication.

If you are a Customer or other business contact—If you are a Customer or other business contact, or if you are an employee or agent of a Customer or business contact, we may collect your name, email address, telephone number, and other contact information in the regular course of our interaction with you.

If you interact with third parties regarding our Products or Services—We may receive Personal Information about you from third parties, such as from Customers, websites where we advertise, business partners, and service providers. Some of this information pertains to a specific individual; other information can only be linked to an access point or a device.

If you apply for employment—If you choose to apply for an open position of employment we have designated as available, we may collect Personal Information such as your name, email address, and any other Personal Information that you may provide in conjunction with your application. We use this information only to consider you as a candidate for the position for which you are applying and to contact you for legitimate purposes relating to that application.


How We Use Personal Information

We use Personal Information in order to provide and enhance the Products or Services that we offer as explained below:

To facilitate the use of the Sites—We use Session Data to ease navigation throughout the Sites, to enhance navigation, keep track of login name and password in order to avoid requesting identity information when the visitor moves from page to page, and in general to enhance the quality of our Sites and the content provided on the Sites.

In connection with Assessments—We use the responses to Assessments to score the Assessments and to generate Reports and other data related to the Respondents to those Assessments. We sometimes combine data from multiple Respondents (for example, in team reports). We may also combine Respondent data with our general research data, or compare or associate Respondent data with other Respondent data. Certain subsets of this data are made available to our Customers, but your Personal Information is only shared with a Customer if you complete an Assessment that has been sponsored by that Customer.

To validate certification status—If you are or become a Certified Practitioner, we may share information regarding your certification, such as your name, the instruments in which you are certified/qualified, the date(s) of your certification/qualification, and the current status of your certification/qualification with individuals who inquire about such information.

For research purposes—We may use aggregated Session Data to better understand how our Sites are navigated, how many visitors arrive at specific pages, which pages or content attract more viewers, the length and frequency of stays at our Sites, the different types of searches of our Sites’ content and databases, the types of browsers and computer operating systems that our visitors use, and the IP addresses from which visitors connect to our Sites, in order to improve our Sites and enhance our content. We may use IP addresses to gather broad demographic information—information that is not associated with any individual, and is therefore anonymous. We also use aggregated Assessment responses and other data to improve our Products and Services.

For maintenance purposes—We may use IP addresses and Session Data to diagnose problems with our server, and to administer our Sites.

For marketing purposes—We may use email addresses or other contact information to send mailings, newsletters, and other marketing communications regarding product information and releases. We may use your telephone number to contact you for marketing purposes. We may use pixel tags to monitor the open rate of our communications. This helps us understand the effectiveness of the communications that we send. We give you the ability to opt out of marketing communications at any time.

For survey analysis—The information that we collect through our surveys is not used other than to garner survey results and statistical analysis.


To Whom We Disclose Personal Information

From time to time, we may disclose Personal Information to someone other than the individual who provided the Personal Information, as further described below:

Customers—CPP provides its Customers with the information that they need to properly administer or interpret Assessments. If you take an Assessment at the direction of one of our Customers, that Customer will receive from CPP one or more Reports based on the Assessment you took and the responses you provided to that Assessment so that the Customer may properly counsel or advise you or provide you with other services.

Gift Recipients—If you purchase Products or Services for use by another individual (for example, as a gift), then we may provide the recipient of such Products or Services with your Personal Information.

Service providers—We may engage certain third parties to perform functions and provide services to us, including, without limitation, customer relationship management, contract management, order fulfillment, mass mailing, hosting and maintenance, database storage and management, business analytics, and direct marketing campaigns. As of the effective date of this Privacy Policy, the current list of service providers to whom we disclose Personal Information is as follows:


Pursuant to written agreements between CPP and these service providers, each of these service providers only has access to such Personal Information as necessary to fulfill its obligation to CPP, is not permitted to use Personal Information for any purposes other than those directed by CPP, and is required to act in a manner consistent with the privacy principles articulated in this Privacy Policy and applicable law.

Foreign Distributors—-- We may provide Personal Information to our distributors in foreign markets. We only do so when we believe that providing such information will permit us to improve the Products or Services provided to Customers in that distributor’s territory, and only when the distributor’s use of such Personal Information is in accordance with the privacy principles described in this Privacy Policy. As of the effective date of this Privacy Policy, CPP’s distributors in foreign markets include:


If our processing of your Personal Information requires transfer of your Personal Information to countries outside of the European Economic Area or to an international organization, we will only do so when we can ensure that the level of protection of your Personal Information will not be undermined. To achieve this, we rely on a variety of data transfer mechanisms, including adequacy determinations by the European Commission, appropriate safeguards such as standard contractual clauses, or binding corporate rules.

To defend or enforce our rights—CPP may use Personal Information to protect itself or to protect the Sites, to respond to a breach of its Terms of Service (or other applicable legal terms), to prevent fraudulent activity, or where it is necessary to pursue available remedies. If a Customer neglects to pay amounts due and owing to CPP, CPP may send that Customer’s name, contact information, and account information to a third-party service provider for collection of overdue payments.

Co-Marketing Partners—We may collaborate with other companies to offer you additional Products or Services. We may share Personal Information that is necessary for these other companies to provide the Products or Services that you have requested. This Privacy Policy does not cover the use of your Personal Information by these companies. We encourage you to read a company’s Privacy Policy before requesting any affected Products or Services.

Mergers & Acquisition; Bankruptcy—If any or all of CPP’s assets are acquired by or merged with those of another entity, or in the unlikely event of a bankruptcy, we may disclose, share or transfer some or all of our users’ personal information to or with this entity in preparation of the transaction, as part of the due diligence, or after the transaction has been consummated, so that the successor entity can continue providing our services to our users. If the recipient of the Personal Information has privacy practices that do not meet the substance of this Privacy Policy, you will be given the opportunity to exercise your rights with respect to your Personal Information.

Law Enforcement; Litigation—Certain federal, state, local, or other government regulations may require that we disclose information that we hold. In such cases, we will use reasonable efforts to disclose only the Personal Information required under applicable law, such as in response to a facially valid court order, warrant or subpoena issued or made by a court, person or body. We may use or disclose Personal Information (a) if we believe in good faith that a law, regulation, rule or guideline requires it; or (b) to a person who needs the information because of an emergency that threatens the life, health or security of an identified group or person.

Aggregated data—Other than as stated above, if CPP provides a third-party with Personal Information, it will be in the form of aggregated data and used for product development, research, or statistical analysis. Aggregated data are created from records that are stripped of all personal identifiers, such as aggregated Assessment responses, or on-site behavior.

The Public—Certain of our Sites offer publicly-accessible blogs or community forums and any Personal Information you provide on these blogs or forums may be read, collected, and used by others who access those Sites. We encourage you to be thoughtful of what Personal Information you choose to provide on such Sites.


Cookies and Other Technologies

A cookie is a small text file that a website sends to a visitor’s browser and that sends back information each time the visitor makes a request from the website.  A cookie contains a unique identification number that identifies the visitor’s browser, but not necessarily the visitor.  Cookies can be accepted, rejected, or identified by configuring a browser’s preferences or settings.  Pixel tags or clear gifs are tiny graphics with a unique identifier that are embedded invisibly on a webpage and are used to track a visitor’s movements on a website.  We use the information gathered by clear gifs to help us better manage content on the Sites.  Cookies and pixel tags are used to help recognize a returning visitor, and to help customize the visitor’s online experience.  Unless a visitor specifically informs us of his/her identity (e.g., by registering with us), we will not know who the individual visitor is. 

The Site uses cookies as follows:


For more information about our specific use of cookies on the Sites, please visit the “Cookies” section on the relevant Site(s).

The Sites do not respond to “do not track” signals or other similar mechanisms.


How We Retain Personal Information

As a general principle, we keep data in personally-identifiable form only for as long as necessary to achieve the purposes for which it is being processed (subject to our reasonable archive, backup, and research practices). In practice, that generally means we may retain your Personal Information (i) for as long as your account remains active; (ii) for as long as you continue to do business with us; or (iii) for as long as we are required to by applicable law. When your account becomes inactive (as determined by us in our sole discretion), or if you cease doing business with us, we may retain your Personal Information for an additional period for our reasonable archive and backup purposes. The duration of our retention of your Personal Information may be set forth more specifically in our written agreement(s) with you, or our applicable Terms of Service or other legal terms. At all times, both while you are an active Customer, Practitioner, Respondent, or other registered user and thereafter, we may retain Assessment responses and other data in non-personally-identifiable format for as long as the information is needed for our research, statistical analysis, product development, or other commercial purposes.



How We Protect Personal Information

We follow generally-accepted industry standards to protect Personal Information, both during transmission and once we receive it. We use administrative, physical, and technical measures designed to protect Personal Information from unauthorized access, loss, misuse, disclosure, alteration, or destruction.

When we need to transfer information out of our firewall, we use industry-standard technological means to protect Personal Information while in transit through the Internet. We use encryption and a comprehensive authentication protocol to provide reasonable security.

No method of transmission over the Internet, or method of electronic storage, is fully secure, however. Therefore, while we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.



Your Rights

We respect your rights as a data subject. In those instances when we are a data controller, we provide you with the rights described below. In those instances where we are a data processor, we will reasonably assist the data controller in facilitating your ability to exercise the rights below.

Right of access—You have the right to obtain confirmation as to whether or not your Personal Information is being processed. If your Personal Information is being processed, you have the right to access your Personal Information and the following information: (a) the purposes of the processing; (b) the categories of Personal Information concerned; (c) the recipients or categories of recipients to whom your Personal Information has been or will be disclosed (including international organizations and recipients in other countries); (d) where possible, the period for which your Personal Information will be stored or the criteria used to determine that period; (e) the existence of your right to request that the data controller rectify or erase your Personal Information, or restrict processing of your Personal Information, or to object to processing of your Personal Information; (f) your right to lodge a complaint with a supervisory authority; (g) the source of your Personal Information (if it was not obtained from you directly); and (h) the existence of any automated decision-making (including profiling) along with meaningful information about the logic of such automated decision-making and its consequences.

Right to rectification—You have the right to rectify inaccurate Personal Information concerning you. Taking into account the purposes of the processing, in some instances you will have the right to have incomplete Personal Information completed by providing supplementary written statements to us.

Right to erasure—You have the right to request erasure of your Personal Information when one of the following applies: (a) your Personal Information is no longer needed to achieve the purpose(s) for which it was originally collected or processed; (b) the processing of your Personal Information is based on your consent, you choose to withdraw that consent, and we have no other legal basis for ongoing processing; (c) you object to the processing and we have no overriding legitimate grounds for ongoing processing; (d) your Personal Information has been processed unlawfully; or (e) your Personal Information must be erased for compliance with applicable law. In those instances where you exercise this right against CPP as the data controller, we will accommodate your request to the extent practicable, and to the extent that it does not otherwise conflict with any of our other obligations. We reserve the right to retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our contractual agreements.

Right to restriction of processing—You have the right to restrict processing of your Personal Information where one of the following applies: (a) you contest the accuracy of your Personal Information, in which case processing will be restricted for a period allowing the data controller to verify or rectify the accuracy of your Personal Information; (b) processing of your Personal Information is unlawful; (c) processing of your Personal Information is no longer necessary for the purpose(s) for which it was collected or processed but you require it for the establishment, exercise, or defense of legal claims; or (d) you object to the processing, in which case processing will be restricted for a period allowing the controller to demonstrate whether legitimate grounds exist that override your objection.

Right to data portability—Where technically feasible, and as related to Personal Information you have provided to a data controller based on your consent or a contract with you, you have the right to receive that Personal Information in a structured, commonly-used and machine-readable format and to transmit that Personal Information to another controller if the processing of that Personal Information is performed by automated means.

Right to object to processing—In certain instances, you may have the right to object to processing of your Personal Information. Should you so object, the controller of your Personal Information must stop processing your Personal Information unless the controller can demonstrate (i) compelling legitimate grounds for ongoing processing of your Personal Information that override your objection; or (ii) the need for the establishment, exercise, or defense of legal claims.

Right not to be subject to automated decision-making—In certain instances, you have the right not to be subject to decisions based solely on automated processing (including profiling) that produces legal effects concerning you or otherwise significantly affects you. As of the effective date of this Privacy Policy, we do not engage in any such automated decision-making or profiling.

Right to opt-out of marketing communications—If you are receiving marketing communications from us and you wish to unsubscribe, you may do so by clicking on the “unsubscribe” link provided in the communication or by managing your marketing communication preferences on the Site(s).

Right to block cookies—You have the right to block pixel tags and certain cookies. Most browsers automatically accept cookies. You can instruct your browser, by editing its options, to stop accepting cookies, or prompt you before accepting a cookie from the Site that you visit. If you decide not to accept our cookies, you may not be able to access portions of our Products or Services. Some cookies are strictly necessary for us to deliver the Sites or Products or Services, and those cookies cannot be disabled.

California Privacy Rights—California law requires that individuals be informed when their Personal Information is shared with third parties for these third parties’ direct marketing purposes. Other than as described in this Privacy Policy, we do not disclose your Personal Information to third parties for the direct marketing purposes of these third parties. If our practices change in the future, we will inform you of the change and will provide you with an opportunity to opt out of such information sharing for direct purposes of a third party.

If CPP is the controller of your Personal Information and you wish to exercise any of the rights described above, please contact us with proof of identity, as provided in the “Contact Us” section. In general, you can expect a response to your request within 30 days. However, if your request is complex or involves a high volume of data, CPP may inform you that the request could take up to an additional sixty (60) days. In some instances, fees may apply. If CPP is not the controller of your Personal Information, CPP will ask you to direct your request to the data controller, and CPP will reasonably assist the data controller in facilitating the request.


Privacy Shield

CPP complies with the E.U.-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. CPP has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms of this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit www.privacyshield.gov  

CPP has established procedures for periodically verifying implementation of and compliance with the Privacy Shield Privacy Principles. CPP conducts an annual self-assessment of its Personal Information practices to verify that the attestations and assertions that it makes about its privacy practices are true and that its privacy practices have been implemented as represented.

In the context of an onward transfer, a Privacy Shield organization has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. The Privacy Shield organization shall remain liable under the principles of the Privacy Shield if its agent processes such personal information in a manner inconsistent with the Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.

In compliance with the Privacy Shield Principles, CPP commits to resolve complaints about our collection or use of your personal information. E.U. and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact CPP at the information provided in the "Contact Us" section below.

CPP has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit JAMS for more information or to file a complaint. The services of JAMS are provided to you at no cost.

CPP commits to cooperating with E.U. data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the E.U. and Switzerland in the context of the employment relationship.

Under certain conditions, EU Citizens may invoke binding arbitration by a Privacy Shield panel, as outlined in Annex I of the Privacy Shield Framework. More information is available at www.privacyshield.gov.


Complaints and Disputes

If you have questions or complaints regarding our Privacy Policy or practices, you should first contact us as indicated in the “Contact Us” section below. 

Except as otherwise set forth under the ‘Privacy Shield’ section above for personal information originating in the E.U. or Switzerland, if our efforts to resolve your complaint through CPP’s internal dispute resolution mechanisms are unsatisfactory, you agree to first attempt to settle in good faith the dispute through mediation administered by JAMS, under its International Mediation Rules, which are accessible on the JAMS website at http://www.jamsadr.com/international-mediation-rules/.  The mediator may propose any appropriate remedy, such as publicity for findings of non-compliance, payment of compensation for losses incurred as a result of non-compliance, or cessation of processing of the Personal Information who has brought the complaint. The mediation will be held online and all documents and other correspondence will be transmitted through email.

If our efforts to resolve the dispute through mediation are unsuccessful, you agree to binding arbitration administered by JAMS pursuant to its International Arbitration Rules, which are accessible on the JAMS website at http://www.jamsadr.com/international-arbitration-rules/.  Judgment on the award rendered by the arbitrator may be entered into any court having jurisdiction over the matter.  The arbitration will be held online and all documents and other correspondence will be transmitted through email. 

You also have the right to complain to the relevant data protection Supervisory Authority. The UK Information Commissioner’s Office (ICO) is the relevant Supervisory Authority for OPP Limited (our UK-based subsidiary) and its European branch offices. We would appreciate the chance to deal with your concerns before you approach the ICO. You can however contact the ICO as follows:

Information Commissioner’s Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF


Email: casework@ico.org.uk
Telephone: + 44 303 123 1113
Website: www.ico.org.uk


Changes to this Privacy Policy

We may change this Privacy Policy from time to time. If we make material changes, we will place a prominent notice on the affected Site(s) or we will send you a notice to the email address associated with your account.


Contact Us

If you have any question about (a) this Privacy Policy, or (b) the collection, use, management, or disclosure of your Personal Information, or (c) accessing, modifying, or closing your account, please contact us as indicated below. We will attempt to respond to your questions or concerns promptly after we receive them.

By email: custserv@cpp.com
By phone: +800 624 1765 (toll-free when calling from the United States)
              or:  +1 650 969 8901
By mail: CPP, Inc.
                185 N. Wolfe Road
                Sunnyvale, CA 94086
                United States of America