Privacy Policy

Date Posted and Effective Date: December 31, 2019

Last Modified: October 10, 2023

TRUSTe

 

The Professionals Group (“Pro Group”) is organized and sponsored (in part) by Workiva Inc. (“Workiva”) (the Pro Group and Workiva are collectively referred to as, “we,” “us,” or “our”). This privacy policy (“Privacy Policy”) describes our practices regarding the collection, use, and disclosure of personal information when you visit the following websites https://www.progroups.org, https://soxprofessionalsgroup.org/, and https://secprofessionals.org/ (“Site”); communicate with us; and register for, attend, or participate in our events or webinars.

IF YOU ARE A CALIFORNIA RESIDENT, this Privacy Policy also informs you about the personal information we collect from or about you in other contexts, including personal information collected online or offline in connection with our products and services (“Services”) and your interactions with our employees and representatives.  California residents can learn more about the personal information we collect from or about you, including how we may use and share it, as well as your rights under California law, in the Privacy Policy’s Supplemental Notice for California Residents found here (which is incorporated in and a part of this Privacy Policy).

Please take a moment to review the terms of this Privacy Policy. By using the Site or our Services, you agree to accept the terms of this Privacy Policy. If you do not agree to the terms of this Privacy Policy, please do not use the Site or Services.

PLEASE NOTE: BECAUSE THE PRO GROUP IS ORGANIZED AND SPONSORED (IN PART) BY WORKIVA, BOTH THE PRO GROUP AND WORKIVA COLLECT AND RECEIVE INFORMATION COLLECTED FROM OR ABOUT YOU (ONLINE OR OFFLINE) IN CONNECTION WITH YOUR USE OF THE SITE AND SERVICES. WORKIVA AND THE PRO GROUP WILL ONLY USE AND DISCLOSE PERSONAL INFORMATION IN COMPLIANCE WITH APPLICABLE LAWS AND IN ACCORDANCE WITH THIS PRIVACY POLICY.

I. Collection of Personal Information

A. Active Collection and Use:

In order to access the Site, services and the information available on the Site, or to use the Services, you are required to register with the Site (or via an alternate method made available to you) and provide us with your contact information, such as your name, email address, phone number, company name, job title, country and/or state information. You may edit your information at any time by logging onto the Site and updating your profile. You may also be provided an option to choose to subscribe to an email list. If you subscribe to our electronic mailing list and later decide to opt-out, simply follow the instructions that are included in each email. If you provide us with personal information, we will retain and may use that information to contact or respond to you. We also may retain or use your personal information for the period of time needed to pursue legitimate business interests. Legitimate business interests may include customizing the services or other content we provide to you and to otherwise ensure compliance with our policies and applicable laws. Our Site and Services collect, store and process this personal information on servers in the United States of America.

If you register for, attend, or participate in a Pro Group event (virtual or in person) or webinar, you may be required to provide us with your contact information, such as your name, email address, phone number, company name, job title, country and/or state information. You may also be required to provide your financial and billing information (such as the billing name and address, and credit card information) if the event or webinar has a registration fee.

When you provide us with personal information about your contacts, we will only use this information for the specific reason for which it is provided. If you believe that one of your contacts has provided us with your personal information and you would like to request that it be removed from our database, please contact us at info@secprofessionals.org.

B. Aggregate Information and Passive Information Collection:

From time to time, we may collect general, statistical information about the use of the Site, such as how many visitors visit a specific page on the Site, how long they stay on that page, and which hyperlinks, if any, they “click” on. We collect this information through the use of technologies such as “cookies” and “IP addresses,” which are discussed in greater detail below. Our system may also automatically collect operational information about the technology you use, such as your browser, type of computer, operating systems, internet service providers and the domain name of the site from which you linked to our Site. We collect this information in order to determine which areas of the Site are most popular and to enhance the Site for visitors. We may also use this information for security purposes, to detect and to block security breaches and to provide you with a safe online environment.

·       IP Addresses: An IP address is a number that is automatically assigned to your computer whenever you are surfing the web. Web servers, the computers that “serve up” web pages, automatically identify your computer by its IP address. We collect IP addresses for purposes of system administration, to report aggregate information to third parties and to track the use of the Site. When visitors request pages from the Site, our servers log the visitors' IP addresses. It is not our practice to link IP addresses to anything personally identifiable, which means that a visitor's session will be logged. However, we reserve the right to use IP addresses to identify a visitor when we feel it is necessary to enforce compliance with the Site's policies or to protect the Site, us, other sponsors, Site visitors, or others.

 

·       Cookies, Beacons and Successor Technologies: We may use, and permit our service providers and analytics providers to use, session cookies, persistent cookies, and web beacons, as well as other comparable or future technologies, to track information based on use of the Site.

 

Cookies are pieces of information that a website transfers to an individual's device for record-keeping purposes. Cookies make web surfing easier for you by saving your preferences while you're at the Site. The use of cookies is an industry standard -- you'll find them at most websites. By showing how and when visitors use the Site, cookies help us see which areas are popular and which are not. Information such as the total number of visitors and pages viewed is most easily tracked with cookies. We may use the information from cookies to make improvements and updates to the Site and to tailor our Services to our visitors' needs. For example, the Site allows visitors to increase the font size of the text contained on the Site to make it easier to read. Cookies enable the Site to automatically use your preferred font size the next time you visit the Site. You have the option of disabling cookies using your browser preferences. Most browsers are initially set up to accept cookies. You can reset your browser to refuse all cookies or indicate when a cookie is being sent. However, please be aware that some features of the Site may not function properly or may be slower if you refuse cookies.

 

We may also use electronic images known as web beacons (also referred to as single-pixel gifs) on the Sites or in our emails that permit us to count users who have visited our Sites and compile aggregated statistics concerning the use of the Sites (e.g., recording the popularity of certain Site content and verifying system and server integrity). Web beacons collect only a limited set of information, including a cookie number, the time and date of a page view, and a description of the page on which the web beacon resides. Web beacons/pixels may also be used by advertising partners to infer the presence of a common user across multiple devices or browsers to provide personalized advertising on devices inferred from browsing patterns. 

 

We also use Google Analytics, a web analytics service provided by Google, Inc. Google Analytics uses cookies to analyze use patterns and may collect information about your use of the Sites, including your IP address. More information on Google Analytics can be found here: www.google.com/policies/privacy/partners/. If you would like to opt-out of having your data used by Google Analytics, please use the Google Analytics opt-out available here: https://tools.google.com/dlpage/gaoptout/. Please note that we make no representations regarding the functionality of Google opt-out mechanisms, and further, opting out of Google Analytics will not preclude the use of your data by other analytics services that we may use.

 

Your browser may have setting that allows you to indicate a “Do Not Track” preference. As of the date of this Privacy Policy, not all browsers offer a “Do Not Track” option, and “Do Not Track” signals are not yet uniform. For this reason, please note that our Sites do not respond to “Do Not Track” signals or other similar mechanisms.

C. Information We Receive from Third Parties

We may receive information about you from other sources, including publicly available databases or social media sites, combine this data with information we already have about you. This helps us to update, expand and analyze our records, identify new customers, and provide services that may be of interest to you.

Examples of the types of personal information that may be obtained from public sources or purchased from third parties and combined with information we already have about you (for the purpose of creating more tailored advertising and products), may include:

    Purchased marketing data about our customers from third parties

    Data and other information available publicly on social media sites

II. Use of Personal Information

We may use information collected to:

  • Improve the content of our Sites and to improve our services;
  • Customize the Sites and the services we provide to your preferences;
  • Communicate with you about our services, webinars, events, certifications, promotions, and sweepstakes;
  • Conduct marketing and perform marketing research and other internal analytics;
  • Ensure you are no longer contacted in the event you unsubscribe from marketing campaigns;
  • Market future available services that may be of interest to you;
  • Measure your interest in our services;
  • Assess and identify new members and potential membership opportunities;
  • Conduct user experience research and administer experience surveys;
  • Provide webinars, events, certifications, promotions, and sweepstakes, including the management of your registration and participation in such events;
  • Provide you access to the Site and the Pro Group, including the registration and authentication of your identity to the Site;
  • Maintain the security of the Sites and our services;
  • Manage our general business administration, including Site management, accounting, recordkeeping, and legal functions; and
  • Enforce our policies and comply with applicable law.

We may also use information that does not personally identify you for any purpose, except where we are required to do otherwise under applicable law. We may combine, aggregate, or de-identify any of the information we collect from you with information we may collect from or about you from any other online or offline source and use it for any purpose, including product and service development and improvement activities, except where we are required to do otherwise under applicable law.

We do not use personal information for purposes of automated decision-making that produces legal effects concerning or similarly significantly affects you.

III. Use of Personal Information

We do not sell your personal information to third parties in exchange for money or as “sell” is traditionally defined. We may sell and share your personal information to third parties for business or commercial purposes, as the terms “sell” and “share” are defined in the California Consumer Privacy Act (e.g., our use of cookies and similar technologies may be considered a “sale” or “sharing” of personal information under California law). We may also disclose the personal information that we collect and use it as described in this Privacy Policy and any other applicable privacy notices or opt-ins that you receive.

·       Pro Group Members. Because the main purpose of joining the Site is to network with similarly situated colleagues, for as long as you are a member of the Pro Group your information will be available, via the Site or Services, to other members of the Pro Group. If you would not like to share your information with other members, do not join the Site or register for Services.

·       Affiliated Entities. We may disclose your personal information to our affiliated companies for the purposes described in this Privacy Policy.

·       Service Providers. We may disclose your personal information to service providers who provide us with services for our Sites, as well as other products and services, such as general administration, cloud providers, web hosting, data analysis, customer service, infrastructure provision, technology services, email and mail delivery services, legal services, and other similar services. We grant our service providers access to personal information only to the extent needed for them to perform their functions, and we require them to protect the confidentiality and security of such information.

·       Pro Group Sponsors and Partners. We may disclose your personal information to Pro Group Sponsors, our partners, including for instance speakers and presenters, for network purposes, or so they may promote such products and services for sale in conjunction with the Services. Depending on the choices you have made and the nature of the joint activity, these third parties may contact you regarding Pro Group related programs, services, and promotions that may be of interest to you.

·       At your direction. We may disclose your personal information to other parties with your consent or at your direction.

·       Business Transfers or Assignments. If we decide to reorganize or divest part or all of our business or a line of our business, including our information databases and websites, through a merger, sale, joint venture or collaboration, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings), we may transfer any and all information that we collect from Site users or offline to a third party. We will disclose your personal data to such company (without your consent or any further notice to you). In such circumstances, we will seek written assurances that your personal information submitted through our Sites will be protected consistent with this Privacy Policy.

·       Other Third Parties. We may disclose certain information collected by third parties to such third parties, such as information collected via cookies, pixels, web server data, and other similar technologies.

·       Legal and Regulatory. We reserve the right to disclose your personal information as required by law, when we believe disclosure is necessary or appropriate to comply with a regulatory requirement, judicial proceeding, court order, government request, or legal process served on us, or to protect the safety, rights, or property of our customers, the public, Workiva, or others. We have no obligation to notify you of such disclosures, except as required by applicable law.

·       Aggregate Information. We may disclose information that does not personally identify you for any purpose, except where we are required to do otherwise under applicable law.

IV. Links to Other Sites

Please be aware that when you are on the Site, you could be directed to other sites that are beyond our control. There may be links to other sites from the Site's pages that take you outside our Site. This Privacy Policy does not apply to any products, services, websites, or content that are offered by third parties that have their own privacy notices. These other sites may send their own cookies to visitors, collect data, or solicit personal information. The privacy policies of these other sites may be significantly different from this Privacy Policy. We are not responsible for the privacy practices of these other sites and cannot guarantee the security of any of your personal information collected there. We encourage you to read the privacy policy of such other sites to learn about such sites’ use of your data.

V. Security

Protecting the security of your personal information is very important to us. When you transmit personal information from your PC to our servers, your information is protected by industry standard encryption. Once we receive your transmission, we will take reasonable precautions to ensure its security on our systems. While we utilize all of our security and data protection preventative measures, the internet is inherently insecure. As a result, while we strive to protect your personal information and privacy, we cannot guarantee or warrant the security of any information you disclose or transmit to us online.

Users are required to sign-in to specific secured areas of the Site and services using a user ID and password. The ID and password authenticate the user and are designed to safeguard against unauthorized access and use of a user's account. The user ID and password are used on a secure web page and encrypted when transmitted over the internet.

The safety and security of your information also depend on you. Never share your password with anyone else, notify us promptly if you believe your password security has been breached, and remember to log off of the Site before you leave your computer.

Similarly, any personally identifiable information or personally sensitive data that you disclose through online forums hosted on the Site, may be collected and used by others. Although we restrict access to forums to members and other authorized users, please bear in mind that all members have access to your personally identifiable information and we cannot control how such members use your information.

VI. Privacy Policy for Children

We do not knowingly collect information from children under the age of 16 on the Site. If you are under the age of 16, please do not provide any personal information to us. If we become aware that we have collected personal information from a child under the age of 16, we will make commercially reasonable efforts to delete such information from our database.

VII. Data Retention

We retain your personal information for only as long as is necessary for the purpose for which it was collected. In certain circumstances, we may be required by law to retain your personal information, or may need to retain your personal information in order to continue providing a service.

VIII. Additional Information for Residents of the European Economic Area (“EEA”), the United Kingdom, and Switzerland

A. Legal Basis for Collection of Personal Information

We process your information for the specific purposes listed above pursuant to a legal basis, including the following:

  • Compliance with applicable laws or performance of a contract: In specific circumstances, we may need to process your information to comply with a relevant law/regulation or to fulfill our obligations under a contract with you. Where we process your information to meet our legal obligations, you will likely not be permitted to object to this processing activity, but you will usually have the right to access or review this information unless it would impede our legal obligations. Where we process your information to fulfill a contractual obligation to you, you might not be able to object to this processing, or if you do choose to opt-out or object to our processing, it may impact our ability to perform a contractual obligation that you are owed.
  • Our legitimate interest: We may process your information based on our legitimate interests in communicating with you and managing our interactions with you regarding our products, services, and education opportunities. In addition to the other rights you may have, described below, you have the right to object to such processing of your information. You can register your objection by contacting us at info@secprofessionals.org.
  • Your consent:  In some cases, at the point at which you provide information, we may ask you for your consent to collect and process your information.  If you choose to provide us with your consent, you may later withdraw your consent (or opt-out) by contacting us at info@secprofessionals.org. Please note that if you withdraw your consent, it will not affect any processing of your information that has already occurred. Where we process your information based on consent, we will provide more detailed information to you at the time when we obtain your consent.

B. Cross-Border Transfers of Personal Information

The Pro Group is a global community and Workiva is a global business. Personal information may be stored and processed in any country where we have operations or where we engage service providers. In particular, we collect and transfer to the United States personal information pursuant to the following legitimate basis detailed above.

We may transfer, access, or store personal information about you outside of the European Economic Area (“EEA”), Switzerland, United Kingdom, or another country that requires legal protections for international data transfer. Those countries (including the United States) may have data protection rules that are different from those of your country and may not have received a finding of “adequacy” from the European Union under Article 41 of the GDPR. For such transfers, we will ensure that an adequate level of protection is provided for the information by using one or more of the following approaches:

·       Adequacy Decisions: Workiva may transfer personal information to countries that have privacy laws that have been recognized by the country from which the data are transferred as providing similar protections for the data.

  • Standard Contractual Clauses: Workiva may enter into written agreements with recipients, such as standard contractual clauses approved by the European Commission or other applicable supervisory authority, that require the recipients to provide the same level of protection for the data.
  • Other Transfer Mechanisms: Workiva may rely on other transfer mechanisms approved by authorities in the country from which the data are transferred.

C. Data Subject Rights

You have the right to the following information regarding our processing of your personal information:

  • the purposes of the processing;
  • the categories of personal information concerned;
  • the recipients or categories of recipients to whom the personal information have been or will be disclosed; and
  • where possible, the envisaged period for which the personal information will be stored, or, if not possible, the criteria used to determine that period.

This notice is intended to provide all of this information. Any questions about these details may be directed to info@secprofessionals.org.

You also have the following rights with respect to your personal information:

  • the right to request access to the personal information that we maintain about you, as well as the right to request rectification of any information that is inaccurate or incomplete;
  • the right to request a copy of your personal information in electronic format, so that you can transmit the information to third parties, or to request that we directly transfer your personal information to one or more third parties;
  • the right to object to the processing of your personal information for marketing and other purposes;
  • the right to erasure of your personal information when it is no longer needed for the purposes for which you provided it, as well as the right to restrict processing of your personal information to certain limited purposes where erasure is not possible; and
  • the right to lodge a complaint with the supervisory authority where you believe that your rights have been violated.

To exercise any of these rights, please contact us at info@secprofessionals.org. We will respond to your request within a reasonable timeframe in accordance with applicable law.

D. Data Privacy Framework

Workiva complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. Workiva has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  Workiva has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Workiva is responsible for the processing of personal data it receives, under the DPF, and subsequently transfers to a third party acting as an agent on its behalf. Workiva complies with the DPF Principles for all onward transfers of personal data from the EU, UK, and Switzerland, including the onward transfer liability provisions.

The Federal Trade Commission has jurisdiction over Workiva’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. In certain situations, Workiva may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Workiva commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States.  If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint.  These dispute resolution services are provided at no cost to you.

Under certain conditions, more fully described on the Data Privacy Framework website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

E. EU Representative

Workiva Netherlands B.V. is Workiva’s EU data protection representative. The privacy representative of Workiva Netherlands B.V. can be reached at the following address: Workiva Netherlands B.V., Attn: Legal, Achtergracht 14, 1017 WP Amsterdam, Netherlands.

IX. Your Privacy Choices & Rights:

You may contact us at info@secprofessionals.org to update or correct your personal information and your preferences provided to us through the Site, or opt out of receiving mailings or other communications in which you previously chose to participate. Different programs and services may offer different phone numbers, links, or preference managers that allow you to inform us of your updates and choices, including opting out of particular communications. We may need to retain certain personal information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion. We will endeavor to comply with your request as soon as reasonably practicable and in accordance with applicable law.

X. Changes to These Terms

The terms of this Privacy Policy may change from time to time. We will notify you of any material changes to this Privacy Policy by posting a notice, on the homepage of the Site for a reasonable period of time prior to the changes becoming effective, stating that this Privacy Policy has been updated, and by changing the “Last Updated” date at the top of this Privacy Policy. We encourage you to check this page periodically for any changes. Your continued use of the Site following the posting of changes to these terms will mean you accept those changes.

XI. Questions

At any time, if you believe that we have willingly violated this Privacy Policy, please let us know by sending an email to info@secprofessionals.org or by calling 515-663-4435. We value your trust and will take the appropriate measures to ensure that the Site and services we provide to you are secure. If we are unable to resolve your privacy concerns or disputes, we will submit the dispute to an independent mediator, or you can contact our third party dispute resolution provider above. If you would like more information on this process and/or the independent mediator, please contact us at info@secprofessionals.org.

Any questions, inquiries, or complaints that you may have regarding this Privacy Policy should be directed to info@secprofessionals.org or via mail at: Workiva Inc., 2900 University Blvd., Ames, Iowa 50010, Attn: Legal.