Updated June 1, 2018
The Human Capital Institute (“HCI”) is committed to protecting your privacy and ensuring you have a positive experience on our website and in using our content, events, products and services (collectively, "Products"). This policy sets out how we handle your personal information if you’re an HCI user, member, or visitor to our website. It covers the HCI website (www.hci.org), as well as our mobile applications, our Learning Management Systems, and our Event Management Systems, and is applicable worldwide, except where our GDPR Notice below applies to Personal Data of residents of the countries in the European Union, consisting of the European Economic Area, Switzerland, and to the extent that the United Kingdom is no longer a member of the European Union, the United Kingdom (the “EU” or the “European Union”). The GDPR Notice explains why we have that information, how we use and handle it, and your rights to that information, all as required by the European Union’s General Data Protection Regulation (“GDPR”).
- 1. HCI is located at 1130 Main Street Cincinnati, OH 45202, USA.
- 2. When we say ‘we’, ‘us’ or ‘HCI’ – all references associate to Human Capital Institute, that’s who we are and we own and run the website.
The type of Personal Data we collect
- 4. We collect certain Personal Data (“Personal Data”) about visitors and users of our website, as well as about our members.
- 5. The most common types of Personal Data we collect include information you provide to us like : user-names (for members of HCI), member names, email addresses, work/mobile telephone numbers, postal address or physical address, social media profiles, survey responses, blogs, photos, payment information such as credit card or bank account number, transactional details, support queries, forum comments, content engagement types, subscription registrations (either newsletter or membership type), and information we collect when you visit our website such as IP addresses and other information collected passively, web analytics data. We will also collect Personal Data from job applications (such as, your resume/CV, the application form itself, cover letter and interview notes).
How we collect Personal Data
- 6. We collect Personal Data directly when you provide it to us, automatically as you navigate through the website, when you use products and services associated with the website, or through your organization as part of an Enterprise Membership or Corporate Training engagement.
- 7. We collect your Personal Data when you provide it to us when you complete membership registration and buy products or services on our website, subscribe to an e-newsletter, email list, submit feedback, enter a contest, take advantage of a promotional offer, fill out a survey, or send us a communication.
Personal information we collect about you from others
8. Although we generally collect Personal Data directly from you, on occasion, we also collect certain categories of Personal Data about you from other sources. In particular:
- a. financial and/or transaction details from payment providers located in the US and other regions in order to process a transaction;
- b. third-party service providers (like Google, Facebook, LinkedIn) who are located in the US or other regions, which may provide information about you when you link, connect, or login to your account with the third-party provider and they send us information such as your registration and profile from that service. The information varies and is controlled by that service provider or as authorized by you via your privacy settings at that service provider; and
- c. other third-party sources/and or partners from US or other regions, whereby we receive information about you (to the extent permitted by applicable law), such as demographic data or contact information. We may use that information and combine it with other information we have about you. We also receive information about you and your activities on and off the HCI platform through partnerships, or about your experiences and interactions from our partner ad networks.
How we use Personal Data
- 9. We will use your Personal Data:
- a. To fulfil a contract, or take steps linked to a contract: in particular, in facilitating and processing transactions that take place on the website, like where you purchase an item or product from our offering.
b. Where this is necessary for purposes which are in our, or third parties, legitimate interests, which we have balanced with the interests of our members, suppliers and business contacts. These interests include:
- i. operating the website;
- ii. providing you with services described on the website;
- iii. verifying your identity when you sign in to our website;
- iv. responding to support access issues or connection issues, and helping facilitate the resolution of any disputes;
- v. updating you with operational news and information about our website and services e.g. to notify you about changes to our website, website disruptions or security updates;
- vi. carrying out technical analysis to determine how to improve the website and services we provide;
- vii. monitoring activity on the website, e.g. to identify potential fraudulent activity and to ensure compliance with the user terms that apply to the website;
- viii. managing our relationship with you, e.g. by responding to your comments or queries submitted to us on the website or asking for your feedback on whether you want to participate in a survey;
- ix. managing our legal and operational affairs (including, managing risks relating to content and fraud matters);
- x. training HCI staff about how to best serve our user community;
- xi. improving our products and services
- xii. providing general administrative and performance functions and activities; and
- xiii. processing your job application to HCI
- c. Where you give us consent:
- i. providing you with marketing information about products and services which we feel may interest you; and
- d. For purposes which are required by law
- e. For the purpose of responding to requests by government, a court of law, or law enforcement authorities conducting an investigation
When we disclose your Personal Data
10. We will disclose Personal Data to the following recipients:
- a. companies that are in partnership or underwriter relationships with HCI which are located in the US and in other regions associated with our channel partnership network;
- b. subcontractors and service providers who assist us in connection with the ways we use Personal Data, in particular: website hosting providers which are located in the US; technical and customer support services which are located in the US; recruitment agencies which are located the US; marketing and analytics services which are located in the US; security and fraud prevention services which are located in the US; subscription management services related to our Learning Management Systems and our Event Management Systems which are located in the US; payment processing services which are located in the US. Our subcontractors and services providers may also transfer and access such information from other countries in which they have operations.
- c. our professional advisers (lawyers, accountants, financial advisers etc.) which are located in US;
- d. regulators and government authorities in connection with our compliance procedures and obligations;
- e. a purchaser or prospective purchaser of all or part of our assets or our business, and their professional advisers, in connection with the purchase;
- f. government authorities to respond to requests relating to a criminal investigation or alleged or suspected illegal activity;
- g. a third party, in order to enforce or defend our rights, or to address financial or reputational risks;
- h. a rights holder in relation to an allegation of intellectual property infringement or any other infringement; and
- i. other recipients where we are authorized or required by law to do so
Where we transfer and/or store your Personal Data
- 11. We are based in the United States of America so your data will be processed in the US. Some of the recipients we have described in section 10 above, and to whom we disclose your Personal Data, are based outside the US in places like the UK, Ireland, Philippines, Thailand, Vietnam, China and Australia and are connected to our channel partnership network and deliver HCI educational content by license. We do this on the basis of your consent to this policy. In order to protect your information, we take care where possible to work with subcontractors and service providers who we believe maintain an acceptable standard of data security compliance.
How we keep your Personal Data secure
- 12. We take appropriate steps to ensure your Personal Data is stored in a secure environment to prevent any unauthorized access. We store Personal Data on secure servers that are managed by us and our service providers, and occasionally hard copy files that are kept in a secure location in the US. If we use third parties to process Personal Data on our behalf, we have appropriate agreements in place to protect the data. Any data transfers between such third parties and ourselves are conducted by secure means. Personal information that we store or transmit is protected by industry standard security and access controls, including username and password authentication, two-factor authentication, and data encryption where appropriate.
How you can access your Personal Data
- 13. You can access some of your Personal Data that we collect about you by logging into your ‘My HCI’ profile. You also have the right to make a request to access other Personal Data we hold about you and to request corrections of any errors in that data. You can also close your account or remove your ‘My HCI’ profile at any time. To request a correction, use the Contact Us form on the HCI Website, log into your ‘My HCI’ profile or contact us using the contact details at the end of this policy.
Marketing choices regarding your Personal Data
- 14. Where we have your consent to do so (e.g. if you have subscribed to one of our e-mail lists or have indicated that you are interested in receiving offers or information from us or our underwriters), we send you marketing communications by email about products and services that we feel may be of interest to you. You can ‘opt-out’ of such communications if you would prefer not to receive them in the future by using the “unsubscribe” option provided in the communication itself
- 15. You also have choices about cookies, as described below. By modifying your browser preferences, you have the choice to accept all cookies, to be notified when a cookie is set, or to reject all cookies. If you choose to reject cookies some parts of our Website may not work properly in your case.
- 16. Opting Out: If you do not wish to participate in preference based advertising via these third-party advertising networks, go to http://www.aboutads.info/ and follow the simple opt-out process. A couple of important notes about this opt-out tool: (1) it includes all the advertising networks that we may work with, but also many that we do not work with; and (2) it may rely on cookies to ensure that a given advertising network does not collect information about you (“Opt-out Cookies”). Therefore, if you use or buy new computer equipment, change web browser or delete these Opt-out Cookies, you may need to perform the opt-out task again.
Cookies and web analytics
- 16. Typically, there are two types of tracking technologies we might use on our website:
- a. Cookies: a small data file sent from a server to your web browser or mobile device that is stored on your browser cache or mobile device
- b. Web beacons, web bugs: tiny graphics with a unique identifier similar in function to cookies, and are used to track the movements of web users between pages and websites. Unlike cookies, which are cached on a user’s computer, web beacons and web bugs are embedded invisibly on web pages and are about the size of a single pixel
- 17. We collect and analyze this information to measure the number of visitors to the different sections of our Site, to evaluate how visitors use our Site and to provide you with advertisements that are relevant and useful to you, unless you have told us not to. We also use the information we collect to understand customer needs and trends, to carry out targeted promotional activities, and to generally help us make our Site more useful to visitors.
- 18. We may use your Site data by itself or aggregate it with similar information we have obtained from others. We may share your Site data with our affiliates and other third parties to achieve these objectives.
19. When you visit our website, there’s certain information that’s recorded which is generally anonymous information and does not reveal your identity. If you’re logged into your account some of this information could be associated with your account. This could include the following kinds of details:
- a. your IP address or proxy server IP address’;
- b. the domain name you requested;
- c. the name of your internet service provider is sometimes captured depending on the configuration of your ISP connection;
- d. the date and time of your visit to the website;
- e. the length of your session;
- f. the pages which you have accessed;
- g. the number of times you access our website within a time period;
- h. the file URL you look at and information relating to it;
- i. the website which referred you to our website; and
- j. the operating system which your computer uses
- 20. We reserve the right to use IP addresses to identify a visitor when we feel it is necessary to enforce compliance with our website’s Rules, or to: (a) fulfill a government request; (b) conform with the requirements of the law or legal process; (c) protect or defend our legal rights or property, our Site, or other users; or (d) in an emergency to protect the health and safety of our Site’s users or the general public
- 22. Do Not Track Disclosures: Certain browsers may offer you the option of providing notice to websites that you do not wish for your online activities to be tracked for preference based advertising purposes (“DNT Notice”). Some browsers are, by default, set to provide a DNT Notice, whether or not that reflects your preference. Providing DNT Notice is often touted as a means to ensure that cookies, web beacons and similar technology are not used for preference based advertising purposes – that is, to restrict the collection of information your online activities for advertising purposes. Unfortunately, given how preference-based advertising works, DNT Notices may not effectively accomplish this goal. For this and a variety of other reasons, with respect to our Site, we do not take any particular action based on browser based DNT Notices. Rather, if you do not wish to participate in preference based advertising activities, you should follow the simple opt-out process identified above.
Your California Privacy Rights
Residents of the State of California, under certain provisions of the California Civil Code, have the right to request from companies conducting business in California a list of all third parties to which the company has disclosed certain personally identifiable information as defined under California law during the preceding year for third party direct marketing purposes. You are limited to one request per calendar year. In your request, please attest to the fact that you are a California resident and provide a current California address for our response. You may request the information in writing the address in Paragraph 23 below. You may learn more about your rights under California’s privacy laws at https://oag.ca.gov/privacy/privacy-laws).
Information you make public or give to others
- 23. If you make your Personal Data available to other people, we can’t control or accept responsibility for the way they will use or manage that data. There are lots of ways that you can find yourself providing information to other people, like when you post a public message on a forum thread, a blog, share information via social media, or make contact with another user (such as a third-party Author of a blog post) whether via our Website or directly via email
How long we keep your Personal Data
Please remember that if you use a link to go from our website to another website, or you request a service from a third party, this Privacy Notice will no longer apply once you have left this website. Your browsing and interaction on any other website is subject to that website’s own rules and policies.
When we need to update this policy
- 25. We will need to change this policy from time to time in order to make sure it stays up to date with the latest legal requirements and any changes to our privacy management practices
- 26. When we do change the policy, we’ll make sure to notify you about such changes, where required. A copy of the latest version of this policy will always be available on our website
How you can contact us
- 27. If you have any questions about our privacy practices or the way in which we have been managing your Personal Data, please contact us in writing at 1130 Main St Cincinnati, OH 45202 or firstname.lastname@example.org
GDPR PRIVACY NOTICE
If you reside in the countries in the European Union, consisting of the European Economic Area, Switzerland, and to the extent that the United Kingdom is no longer a member of the European Union, the United Kingdom (the “EU” or the “European Union”), the following Privacy Notice applies to you, and you have additional rights with respect to your Personal Data, as further outlined below. These rights include rights under the EU’s General Data Protection Regulation (“GDPR”):
- 1. For the purposes of applicable EU data protection law (including the General Data Protection Regulation (the “GDPR”), we are a ‘data controller’ of your Personal Data. “Personal Data is any information that can identify you, either directly or indirectly, such as a name, an identification number, your IP address, data about your location, or information about your physical, physiological, genetic, mental, economic, cultural, or social identity.
What is the Legal Basis and Purpose for holding and using your Personal Information?
|Purpose||Lawful Basis for Processing|
|To fulfil a query, request for products and/or to administer our services||For the performance of a contract or agreement|
|To facilitate your attendance at one of our events or webinars||For the performance of a contract or agreement|
|To maintain records of prospective, current and past clients and our suppliers||Our legitimate interests, which we have balanced with the interests of our clients, suppliers, and business contacts|
|To contact you to ask if you might be interested in being a guest speaker, or sponsoring one of our events||Our legitimate interests, which we have balanced with the interests of our clients, suppliers, and business contacts|
|To track your use of our website and interaction with our newsletters, and public forums. For example, to understand which newsletter content is most popular with our email audience (Please also see our Cookie Notice below).||Our legitimate interests, which we have balanced with the interests of our clients, suppliers, and business contacts|
|To email newsletters to you, if you have signed up via our website||Your consent|
- 2. If you are a customer, an employee, or a job applicant, the personal information we hold and use is necessary for the performance of the services contract to which you are a party.
- 3. If you are a prospective customer, the personal information we collect and use is necessary for our legitimate interest in providing you with information about the services we offer, and about which you have expressed an interest or that we believe will be of benefit to you.
- 4. In some cases, our legal basis is because you have expressly consented to our collection and use of your personal information.
How Long Do We Keep Your Personal Data?
- 5. We will keep your personal data on an ongoing basis for so long as we have a legitimate interest to inform you of our products and services, or until our contractual relationship has terminated, as the case may be. We are required to retain certain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices.
Your Rights as a Data Subject - How you can access your Personal Data
6. You have the following rights concerning your personal data that we hold and process that you can exercise at any time:
- Right of access – you have the right to request a copy of the information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organization.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to judicial review: in the event that HCI refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined in the process below.
Please note: we will not be able to delete information that is required to maintain our business purpose or that is required to facilitate your contract with us. All of the above requests will be forwarded on to other parties holding and processing your data where appropriate.
- 7. When you give us your consent, you are giving us permission to process your personal data specifically for the purposes identified in the consent request. Where we ask you for additional personal data, we will always tell you why and how the information will be used.
- 8. You may withdraw consent at any time by sending an email to email@example.com, or by sending a letter to: 1130 Main St Cincinnati, OH 45202.
Sharing With Third Parties
- 9. Any third parties that we may share your data with are obliged to keep your details securely, and to use them only for the purposes and to complete the tasks identified within our contract with that third party. When they no longer need your data to fulfil this service, they will dispose of the details in line with our procedures. If we wish to pass your Personal Data on to any additional third parties, we will only do so once we have obtained your consent, unless we are legally required to do otherwise.
International Transfer of Personal Data necessary for the performance of the contract between HCI and its members
- 11. HCI provides a voluntary service; you can choose whether or not you want to use our products and services. However, if you want to use the Services, you need to agree to our Membership Agreement, which set out the contract between HCI and its members. As we operate in countries worldwide (including in the US) and use technical infrastructure in the US to deliver the services to you, in accordance with the contract between us, we need to transfer your Personal Data to the US and to other jurisdictions as necessary to provide the products and services. Simply put, we can’t provide you with the Services and perform our contract with you without moving your personal information to the U.S.
- 12. When we transfer your Personal Data to third parties in the U.S. to provide you with our products and services, we transfer the information in compliance with applicable data protection laws. In particular, we have implemented safeguards in the form of standard data protection clauses to our contracts with those third parties, as approved by the European Commission. The safeguards ensure compliance with the data protection requirements of the GDPR as well as your rights appropriate to the processing of your personal data. You can obtain a copy of the standard contractual clauses by contacting support @hci.org.
Safeguarding Personal Data
- 13. We are continuously implementing and updating administrative, technical, and physical security measures to help protect your information against unauthorized access, loss, destruction, or alteration. However, the Internet is not a 100% secure environment so we can’t guarantee the security of the transmission or storage of your information.
Who Do I Contact to Lodge a Complaint About How My Personal Data Is Being Handled?
- 14. If you are concerned about the manner in which we have collected and used your personal data, please contact us using the contact us details in Paragraph 9 above. have unresolved concerns you also have the right to complain to EU data protection authorities. The relevant data protection authority will be the data protection authority of the country: (i) of your habitual residence; (ii) of your place of work; or (iii) in which you consider the alleged infringement has occurred.