Last modified – 07/21/2021
Archived versions [01/05/2020]
By using a Service, you consent to the practices described in this Policy unless further consent is required under applicable law.
What Is Personal Information?
Generally speaking, your personal information includes your unique identifiers (full name, phone number, driver’s license number, email address, etc.) and information about your characteristics, conditions or behavior that is associated within one of your identifiers or could reasonably be linked to you.
Non-personal information, on the other hand, has been de-identified, aggregated or anonymized so that it cannot reasonably be linked to an individual.
Personal Information We Collect
3.1 Information You Provide
We may collect the following types of personal information when you visit our website, set up or use an account for our risk assessment portal on behalf of a client or supplier, sign up to receive emails from us, fill out our webform, use our online referral feature, or contact us with questions or comments:
- Contact information such as full name, phone number, address, email address
- Other identifiers associated with enrollment, risk assessment initiation or creation of a user account, such as social security number, taxpayer ID number, employer ID number, user ID, and other login information
- Payment card information, if you subscribe to a Service on behalf of a client or supplier, which is processed on our behalf by a trusted service provider
- Professional or business information
- Content in your comments, posts or communications
- Any other personal information you may choose to share with us
If you decline to provide requested information, we may not be able to provide certain Services or features.
3.2 Information Logged Automatically
Like many online services, our Services may automatically collect some or all of the following types of information about you or your device in log files when you visit or use our site or other online services (“Log Data”). Log Data helps make site features work properly, and may include, among other things:
- IP address
- other online identifiers (cookie ID, mobile advertising ID)
- device information (operating system, browser type)
- browsing activity (the name of the site you visit before or after navigating to our site)
- site usage (the pages you visit on our site, the time you spend there, and how you interact with site features)
Where feasible, we limit collection to non-personal Log Data, or we anonymize, aggregate, or otherwise de-identify Log Data before using or sharing it.
How We Use Personal Information
GRMS uses those categories of personal information for the following purposes, subject to any legal conditions that may apply in your area:
- to provide our risk assessment Services to our clients and their contracting suppliers
- to make our Service function correctly
- to process payments for our Services
- to secure parts of our Services that are restricted to authorized clients or suppliers
- to communicate with clients or suppliers about a Service or additional services they may be interested in
- to respond to inquiries
- to analyze website usage and performance
- to prevent fraud and enforce our terms of service
- to communicate with you about special offers or other services you may be interested in
- to analyze performance of our marketing efforts
- to protect our legal rights, comply with our legal obligations, or comply with regulatory or legal demands for documents and information
We may use non-personal information to analyze website usage, improve our services, or for any other purpose.
Add Your Heading Text Here
GRMS may share your information with vendors that perform services on our behalf, such as analyzing data, technical advice, providing marketing assistance, support for our services to clients, background investigations, data suppliers, providing screening services, processing credit card payments and providing customer service. Where necessary and appropriate, our agreements with vendors prohibit them from retaining, using, disclosing or otherwise processing the personal information GRMS shares with them for any other purpose.
5.2 Mandatory Disclosures And Legal Proceedings
5.3 Change In Control Or Merger
We may transfer your information in the event of the sale of substantially all of the assets of our business to a third-party or in the event of a corporate merger, consolidation, acquisition or reorganization. However, in such event, any acquirer will be subject to the provisions of our commitments to you or we will not disclose your information.
5.4 With Your Direction Or Consent
We will share your personal information with other third parties as you may direct or otherwise consent.
Cookies And Online Tracking
A browser cookie is a small piece of data sent by a website that is stored in your device’s browser. Most cookies contain a unique identifier called a cookie ID which is a string of characters that websites associate with the browser on which the cookie is stored. This allows websites to distinguish the browser from other browsers that store different cookies, and to recognize each browser by its unique cookie ID.
The cookies used on our site come from our web domain, and serve the following purposes:
- Essential – Essential Cookies support or enable security features, help detect malicious or fraudulent activity, and enable secure log-in.
- Functional – Functional Cookies help the site work better for you by remembering your log-in details, and making sure the site looks consistent to you.
- Analytics – Analytics Cookies help us learn how well the site is performing and to understand, improve, and research products, features, and services.
Most browsers are set up to accept cookies by default but you can change your browser settings to block some or all types of cookies. If you block cookies, some features of our website or other sites may not function correctly for you.
7.1 Third-Party Direct Marketing
If you are a California resident and have an established relationship with a business, you have a right to request information about the business’ disclosure of your personal information to third parties for the third parties’ direct marketing purposes. GRMS does not disclose personal information to third parties for their direct marketing purposes.
7.2 California Consumer Privacy Act
As of January 1, 2021, GRMS is not a “business” as defined in the California Consumer Privacy Act of 2018, as amended (the “CCPA”). As our business and operations expand, we are committed to reviewing applicability of the CCPA and other laws regarding privacy or data protection on at least an annual basis, and will update this Policy accordingly when necessary and appropriate.
Some of our clients may be covered businesses under the CCPA. For those clients, we collect or otherwise process personal information on their behalf as a “service provider” as defined in the CCPA. Our Notice Of Client Data Processing explains our commitment to safeguarding consumer privacy in our role as a service provider.
Data Subjects In The European Economic Area, United Kingdom or Switzerland
GRMS is headquartered in the United States. Our services are for business organizations; we do not offer goods or services to consumers or other natural persons in the European Economic Area (EEA) or elsewhere outside of the United States. If you visit our website or contact us, your personal data will be processed in the United States — which has neither sought nor received a finding of “adequacy” from the European Commission under Article 25 of the EU’s General Data Protection Regulation — and will be handled in accordance with this Policy and applicable U.S. law unless we have agreed otherwise in writing with you or with a client or supplier you are affiliated with.
Some of the data that we collect or otherwise process on behalf of clients may include Client Personal Information relating to natural persons who have rights under GDPR. GRMS processes such Client Personal Information strictly as a “data processor” to our client as that term is defined in the GDPR. Our Notice Of Client Data Processing describes our commitment to data protection in our role as a data processor.
"Do Not Track" Signals
Your browser may offer a Do Not Track (DNT) setting. If you turn that setting on, your browser sends a signal to websites indicating that you do not want to be tracked over time or across third party sites. We do not currently respond to these signals because there is not yet a common understanding of how to process them or a consensus on what “tracking” means.
GRMS maintains reasonable security procedures and practices to protect personal information from unauthorized access, theft, loss, misuse, alteration or destruction. Despite these precautions however, we cannot guarantee that unauthorized persons will not obtain access to your personal data because “perfect security” is impossible in the digital age.
We encourage you to help maximize security by applying your own personal security measures. For more information about what you can do to protect your data, please see the tips and resources offered by the U.S. Federal Trade Commission at https://www.consumer.ftc.gov/topics/privacy-identity-online-security and the California Attorney General at https://www.oag.ca.gov/privacy/consumer-privacy-resources.
Links To Third Party Sites
GRMS does not provide services or sell products to children under the age of eighteen (18). We do not knowingly collect or maintain any personal information from anyone under the age of eighteen (18). We will remove or delete any personal information we believe was submitted by any child under the age of eighteen (18).
Changes To This Policy
Global Risk Management Solutions
Attn: Legal Department
5271 California Ave. Suite 290
Irvine, CA 92617