We are committed to protecting your privacy and developing technology that gives you a powerful and safe online experience. This Gensuite Privacy Statement (“Privacy Statement”) describes our privacy practices. Please read this Privacy Statement carefully to learn how we collect, use, store and otherwise process information relating to individuals (“Personal Data”) and your rights and choices regarding our processing of your Personal Data. A reference to (“Gensuite”, “we”, “us” or “our”) is a reference to Gensuite LLC
1. Processing activities covered
This Privacy Statement applies to the following processing activities:
- Visiting our websites which display or link through to this Privacy Statement;
- Visiting our offices; or
- Receiving communications from us, including emails, texts or fax.
Our websites may contain links to other websites, applications and services maintained by third parties. The information practices of such other services are governed by the third-party privacy statements, which we encourage you to review to better understand those third parties’ privacy practices.
2. Responsible Gensuite entity
Gensuite is the controller of your Personal Data and responsible for the collection, processing and disclosure of your Personal Data as described in this Privacy Statement, unless expressly specified otherwise.
This Privacy Statement does not apply to the extent we offer our customers various cloud products and services through which our customers may create their own websites and applications running on our platforms, perform internal environmental, health and safety compliance activities, send electronic communications to other individuals, and collect and analyze Personal Data from individuals.
3. What Personal Data do we collect?
(a)Personal Data we collect directly from you
The Personal Data that we collect directly from you may include the following:
- if you express an interest in obtaining additional information about our services, request customer support, use our “Contact Us” or similar features, register to use our websites, sign up for an event or webinar, or download certain content, we generally require you to provide us with your contact information, such as your name, job title, company name, address, phone number, email address, or username and password;
- if you make purchases via our websites or register for an event, we may also require you to provide us with financial information and billing information, such as billing name and address, credit card number, or bank account information;
- if you use and interact with our websites, we automatically collect log files and other information about your device and your usage of our websites through cookies, web beacons or similar technologies, such as IP-addresses or other identifiers, which may qualify as Personal Data;
- if you visit our offices, you may be required to register as a visitor and to provide your name, email address, phone number, company name and time and date of arrival.
(b)Personal Data we collect from other sources
We may also collect information about you from other sources, including third parties from whom we have purchased Personal Data, and combine this information with Personal Data provided by you. This helps us to update, expand and analyze our records, identify new customers, and create more tailored advertising to provide services that may be of interest to you. As is true of most websites, we gather certain information automatically and store it in log files. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information, which does not identify individual users, to analyze trends, to administer the site, to track users’ movements around the site and to gather demographic information about our user base as a whole. We do not link this automatically-collected data to personally identifiable information.
We use “cookies” to help personalize your online experience. A cookie is a small text file that is stored on a user’s computer for record-keeping purposes. We may link the information we store in cookies to your personal information in order to provide a faster and more pleasant online experience.
We use both session ID cookies and persistent cookies. We use session cookies to make it easier for you to navigate our site. A session ID cookie expires when you close your browser. A persistent cookie remains on your hard drive for an extended period of time. You can remove persistent cookies by following directions provided in your Internet browser’s “help” file.
Persistent cookies enable us to enhance the experience of users on our site. You have the ability to accept or reject cookies. Most web browsers automatically accept them, but you can usually modify your browser settings to reject cookies, if you prefer. If you reject cookies, you may still use our site, but your ability to use some areas of our website will be limited. [To opt-out from tracking by Google Analytics, please use the specific opt-out mechanism as indicated further below.]
The following sets out how we use different categories of cookies and similar technologies, as well as information on your options for managing the settings for the data collection by these technologies:
|Type of Cookies||Description||Managing Settings|
Required cookies enable you to navigate our websites and use their features, such as accessing secure areas of the websites.
If you have chosen to identify yourself to us, we may place on your browser a cookie that allows us to uniquely identify you when you are logged into the websites and to process your online transactions and requests.
Because required cookies are essential to operate the websites there is no option to opt out of these cookies.
Functional cookies allow us to remember information you have entered or choices you make (such as your username, language, or your region) and provide enhanced, more personal features.
Functional cookies may also be used to improve how our websites function and to help us provide you with more relevant messages, including marketing communications. These cookies collect information about how our websites are used, including which pages are viewed most often.
We may use our own technology or third party technology to track and analyze usage and volume statistical information to provide enhanced interactions and more relevant communications, and to track the performance of our advertisements.
Gensuite may also utilize HTML5 local storage or Flash cookies for these purposes. Flash cookies and HTML local storage are different from browser cookies because of the amount of, type of, and how data is stored.
To manage the use of functional cookies on our websites, consult your individual browser settings for cookies. Note that opting out may impact the functionality you receive when using our websites. [To opt out from data collection by Google Analytics, you can download and install a browser add-on, which is available here.]
To learn how to control functional cookies using your browser settings click here.
To learn how to manage privacy and storage settings for Flash cookies click here
Opt-Out from the collection of device and usage data
You may opt-out from the collection of device and usage data (see “What device and usage data we process” section above) by managing your cookies at the individual browser level. Please note, however, that by blocking or deleting cookies and similar technologies used on our websites, you may not be able to take full advantage of the website.
While some internet browsers offer a “do not track” or “DNT” option that lets you tell websites that you do not want to have your online activities tracked, these features are not yet uniform and there is no common standard that has been adopted by industry groups, technology companies or regulators. Therefore, we do not currently commit to responding to browsers’ DNT signals with respect to our websites. Gensuite takes privacy and meaningful choice seriously and will make efforts to continue to monitor developments around DNT browser technology and the implementation of a standard.
5. Purposes for which we process Personal Data and the legal basis on which we rely
We collect, process your Personal Data for the purposes and on the legal bases identified in the following:
- Promoting security of our websites: We will process your Personal Data by tracking use of our websites, creating aggregated, non-personal data, verifying accounts and activity, investigating suspicious activity, as well as violations of and enforcement of our terms and policies, to the extent this is necessary for the purpose of our legitimate interests in promoting the safety and security of the systems and application used for our websites, and protecting our rights and the rights of others;
- Managing user registrations: We will process your Personal Data by managing your user account for the purpose of performing the contract with you according to any applicable terms of service;
- Handling contact and user support requests: If you fill out a “Contact Me” web form, request user support, or if you contact us by other means, we will process your Personal Data for the performance of our contract with you and to the extent it is necessary for the purpose of our legitimate interests to fulfill your request and communicate with you;
- Managing event registrations and attendance: We will process your Personal Data to plan and host the event or webinar, including related communication with you, on basis of the performance of our contract with you;
- Managing payments: If you have provided financial information, we will process your respective Personal Data to check the financial qualifications and collect payments to the extent this is necessary for completing transaction with you under the contract entered into with you;
- Developing and improving our websites: We will process your Personal Data to analyze trends, track your usage of our websites and interactions with emails to the extent this is necessary for our legitimate interests to develop and improve our websites and to provide our users with more relevant and interesting content;
- Managing office visitors: We will process your Personal Data for security reasons, to register who visited our offices and who signed the non-disclosure agreement that visitors may be required to sign.
- Displaying personalized advertisements and content: We will process your Personal Data to conduct marketing research, advertise to you, provide personalized information about us on and off our websites, and other personalized content based upon your activities and interests to the extent it is necessary for our legitimate interests to advertise our websites or, where necessary, to the extent you have provided your prior separate consent (please also view “Your rights relating to your Personal Data” below to learn how you can control how your Personal Data is processed by Gensuite for marketing purposes);
- Sending marketing communications: We will process your Personal Data to send you marketing information, product recommendations and other non-transactional communications (e.g., marketing newsletters, SMS, or push notifications) about us and our affiliates and partners, including information about our products, promotions or events as necessary for our legitimate interests to conduct direct marketing or to the extent you have provided your prior separate consent (please also view “Your rights relating to your Personal Data” section below to learn how you can control how your Personal Data is processed by Gensuite for marketing purposes);
- Complying with legal obligations: We will process your Personal Data when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of Personal Data to protect our rights, and is necessary for our legitimate interests to protect against misuse or abuse of our websites, to protect personal property or safety, to pursue remedies available to us and limit our damages, to comply with a judicial proceedings, court order or legal process, and/or to respond to lawful requests.
Where we need to collect and process Personal Data by law, or under a contract we have entered into with you and you fail to provide that required Personal Data when requested, we may not be able to perform the contract.
6. Who do we share Personal Data with?
We may share your Personal Data with the following recipients:
- Our contracted service providers which provide services such as IT and system administration and hosting, credit card processing, research and analytics, marketing, customer support and data enrichment; such service providers comprise companies located in the countries in which we operate (available here: [INSERT LINK]);
- If you attend an event or webinar organized by us, we may share your information with sponsors of the event if: (1) you consent to such sharing via an event registration form; or (2) you allow your attendee badge to be scanned at a sponsor booth. In that event, your information will be subject to the business partners’ respective privacy statements. If you do not wish for your information to be shared, you may choose not to opt-in via event registration or elect not to have your badge scanned at our events;
- With third–party social networks, advertising networks and websites, which usually act as separate controllers, so that Gensuite can market and advertise on third party platforms and websites;
- In individual cases we may also share Personal Data with professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers based in countries in which we operate who provide consultancy, banking, legal, insurance and accounting services;
- If we are involved in a merger or reorganization, sell a website or business unit, or if all or a portion of our business, assets or stock are acquired by another company, we may transfer some or all of your Personal Data to such third party. In accordance with applicable laws, we will use reasonable efforts to notify you of any such transfer of Personal Data to an unaffiliated third party as processing of your Personal Data will be required for the purposes set out in “Purposes for which we process Personal Data and on which legal bases” section above.
- Any Personal Data or other information you choose to submit in communities, forums, blogs, or chat rooms on our websites may be read, collected, and/or used by others who visit these forums, depending on your account settings.
7. How long do we keep your Personal Data?
We may retain your Personal Data for a period of time consistent with the original purpose of collection (see “Purposes for which we process Personal Data and on what legal basis” section above). We determine the appropriate retention period for Personal Data on the basis of the amount, nature, and sensitivity of your Personal Data, the potential risk of harm from unauthorized use or disclosure, and whether we can achieve the purposes of the processing through other means, as well as the applicable legal requirements (such as applicable statutes of limitation).
After expiry of the retention periods, your Personal Data will be deleted. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further use of the data.
8. Your rights relating to your Personal Data
You have certain rights regarding your Personal Data, subject to local data protection laws. These may include the following rights:
- to access your Personal Data held by us (right to access);
- to rectify inaccurate Personal Data and ensure it is complete (right to rectification);
- to erase/delete your Personal Data to the extent permitted by other legal obligations (right to erasure; right to be forgotten);
- to restrict our processing of your Personal Data (right to restriction of processing);
- to transfer your Personal Data to another controller to the extent possible (right to data portability);
- to object to any processing of your Personal Data carried out on the basis of our legitimate interests (right to object). Where we process your Personal Data for direct marketing purposes or share it with third parties for their own direct marketing purposes, you can exercise your right to object at any time to such processing without having to provide any specific reason for such objection;
- not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects (“Automated Decision-Making”); Automated Decision-Making currently does not take place on our websites;
- to the extent we base the collection, processing and sharing of your Personal Data on your consent, to withdraw your consent at any time, without affecting the lawfulness of the processing based on such consent before its withdrawal.
(b)How to exercise your rights
To exercise your rights, please contact us in accordance with the “Contacting Us” section below. We try to respond to all legitimate requests within one month and will contact you if we need additional information from you in order to honor your request. Occasionally it may take us longer than a month, taking into account the complexity and number of requests we receive. If you are an employee of a Gensuite customer, we recommend you contact your company’s system administrator for assistance in correcting or updating your information.
In addition, if you have registered for an account with us, you may generally update your user settings, profile, organization’s settings or event registration by logging into the applicable website with your username and password and editing your settings or profile. To update your billing information, discontinue your account, and/or request return or deletion of your Personal Data and other information associated with your account, please contact us.
(c)Your rights relating to Customer Data
As described above, we may also process Personal Data in the role of a processor (see “Responsible Gensuite entity” section above). If your data has been submitted to us by a Gensuite customer and you wish to exercise any rights you may have under applicable data protection laws, please inquire with our customer directly. Because we may only access our customer’s data upon instruction from the respective customer, if you wish to make your request directly to us, please provide the name of the Gensuite customer who submitted your data when you contact us. We will refer your request to that customer, and will support them as needed in responding to your request within a reasonable timeframe.
(d)Your preferences for marketing communications
If we process your Personal Data for the purpose of sending you marketing communications, you may manage your receipt of marketing and non-transactional communications from us by clicking on the “unsubscribe” link located on the bottom of our marketing emails, by replying or texting ‘STOP’ if you receive SMS communications, or by turning off push notifications on our apps on your device. Additionally, you may unsubscribe by contacting us using the information in the “Contacting Us” section below. Please note that opting-out of marketing communications does not opt you out of receiving important business communications related to your current relationship with us, such as information about your subscriptions or event registrations, service announcements or security information.
9. Security of Your Personal Information
All personal information we collect is transmitted using the latest secure version of TLS and encrypted using AES.
We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
If you have any questions about security on our Website, you can send an email to us at the address listed below.
10. Business Transitions
In the event Gensuite goes through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of its assets, your personally identifiable information will likely be among the assets transferred. You will be notified by a prominent notice on our Website for 30 days of any such change in ownership or control of your personal information. You consent to the transfer of your personally identifiable information to any such successor entity unless you notify us via email to the contrary.
If we ever were to engage in any onward transfers of your data with third parties for a purpose other than which it was originally collected or subsequently authorized, we would provide you with an opt-in choice to limit the use and disclosure of your personal data.
We also may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
In cases of onward transfer to third parties of data of EU or Swiss individuals received pursuant to the EU-US Privacy Shield or Swiss-US Privacy Shield Frameworks, Gensuite LLC is potentially liable.
11. Accessing & Updating Your Personal Information
Personally Identifiable Information housed within the Gensuite applications is property of the Gensuite Customer. Through the applications permissions model, each Customer has the ability to determine who has access to view and update the personally identifiable information they have chosen to collect within the Gensuite applications. It is the responsibility of the Customer to determine and communicate what personally identifiable information is being collected and who has access to view and update this information. This information is not reviewed, shared or distributed by Gensuite without consent of the Customer to troubleshoot a user request or resolve a user identified issue.
Gensuite acknowledges that EU and Swiss individuals have the right to access the personal information that we maintain about them. An EU or Swiss individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct his/her query to Melissa Bradford (as noted below). If requested to remove data, we will respond within a reasonable timeframe.
Gensuite is subject to investigatory and enforcement powers of the Federal Trade Commission (FTC).
13. International Transfers of Information Collected
Your Personal Data may be collected, transferred to and stored by us in the United States and by our affiliates in other countries where we operate.
Melissa Bradford, Leader
Gensuite has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint.
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
Gensuite has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU and Switzerland in the context of the employment relationship.
14. Personal Health Information Protection Act
Gensuite, as a data processor, is fully compliant with the Personal Health Information Protection Act. In compliance with the Personal Health Information Act, Gensuite commits to the protection of the confidentiality of your health information (“PHI”). All Gensuite staff and agents are responsible for safeguarding the PHI they collect, use, and disclose in the course of their employment through the use of physical, administrative, technical and electronic safeguards described in EU-US and Swiss-US Privacy Shield and HIPAA compliance.
15. Changes to this Privacy Statement
Our Privacy Statement may change from time to time. We will post these changes on our website (https://www.gensuite.com), and other places we deem appropriate so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If we make significant changes to this Privacy Statement, we will provide a more prominent notice and/or notify the Gensuite Partners Community and any other affected parties via email.
16. Contact Information
We welcome your comments regarding this Privacy Statement. If you believe that we have not adhered to this statement, please contact us at firstname.lastname@example.org. We will use commercially reasonable efforts to promptly determine and remedy the problem.