Menu

Privacy Notice 2018

Summary

The Performance Review Institute, comprising Performance Review Institute inc., PRI Europe Ltd. and PRI (Beijing) Certification Co., Ltd, (“PRI”, “we”) knows that you care about how your personal information is collected and used, and we appreciate your trust in our commitment to do so carefully and thoughtfully. PRI continually considers the organizational and technical steps we need to take to protect your information against loss, misuse, unauthorized access, unauthorized disclosure, manipulation, or destruction. This privacy notice (“Privacy Notice”) describes what personal data we collect including from our websites eAuditNet.com, p-r-i.org, priregistrar.org, rms.priregistrar.org, pri-training.com, ICIMS, and PRIQualification.org, how we collect and use it, how we protect that information and the rights that you have in relation to your personal data.

In some cases, your personal data is collected, processed and stored by PRI via third-party websites. While we practice due diligence in utilizing third-party websites, we encourage you to read the privacy notice of every website you visit.

About Us

Our registered head office is 161 Thorn Hill Road, Warrendale, Pennsylvania 15086-7527, USA.

Except as otherwise described in this Privacy Notice, we are the “controller” of the personal data we collect about you for the purposes of the EU General Data Protection Regulation 2016/679 (the “Regulation”). This means that we determine the purpose for which, and the means by which, we process your personal data and we are directly responsible for handling this data in accordance with the Regulation. For the purposes of this Privacy notice, our affiliates identified in the Affiliates section of this Privacy Notice are, in some circumstances, joint controllers with PRI in respect of the personal data (in that they jointly determine the purpose for which the personal data is processed and the means by which the personal data is processed), and this Privacy Notice is issued by us on behalf of these affiliates.

Contact Person

PRI has appointed a Data Protection Officer to ensure that PRI follows its Data Protection Policy and that its practices are consistent with those described in this Privacy Notice. Please contact privacy@p-r-i.org if you have any questions about your personal data and PRI’s processing of it, or questions about this Privacy Notice. Alternatively, you may write to:

Data Protection Officer
Performance Review Institute
1 York Street
London W1U 6PA
United Kingdom

Changes

PRI reserves the right to update this Privacy Notice at any time. This is the most current version.

What Information We Collect

Personal data means any information about an individual from which that person is identified or identifiable.

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

• Identity Data includes your name, username or similar identifier, employer, job title.
• Contact Data includes work address, work email address and work telephone numbers.
• Financial Data includes bank account and payment card details.
• Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
• Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, operating system and platform, and other technology on the devices you use to access this Website.
• Profile Data includes your username and password, purchases or orders made by you, feedback and survey responses.
• Usage Data includes information about how you use our website, products and services. Usage data may be provided voluntarily or involuntarily – see the section below on How we Collect Your personal data.
• Marketing and Communications Data includes your preferences in receiving marketing from us and and your communication preferences.

Except in a limited, specific number of cases, we do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. The exceptions are detailed in the table below.

How We Collect your Personal Data

We collect information about you when you visit our Website and when we otherwise interact with you or your business associates as follows:

• Information you voluntarily provide when registering at PRI websites or when communicating with PRI: You may give us your personal data by filling in forms or by corresponding with us by email. This includes personal data you provide when you:

• • apply for our products or services;
  • create an account on our Website;
  • request a quote for our products or services;
  • download resource material;
  • request support;
  • participate in industry managed programs, training and more;
  • subscribe to our service or publications;
  • request marketing to be sent to you;
  • enter a survey; or
  • give us feedback or contact us

• Information you involuntarily provide: As you interact with our Website, our server automatically logs information about your visit. This information includes things like the website address you came from, the browser you are using, your numeric internet address, the date and time of your visit, and what pages you are viewing. Collection of these types of information is a common practice by websites.
• Information provided by you or your business associates, needed to execute business: In addition to collecting the information noted above, the website provides a means to share information, including personal data, required to comply with industry-managed program procedures. This includes company Website account management and the provision of objective evidence to support the capability assessment process, which may include personal data.

PRI does not collect personal information from, or share information with, organizations that aggregate personal data for purposes unrelated to PRI business.

How We Use Your Personal Data

We have set out below, in a table format, a description of all the ways we plan to use your personal data and which of the legal bases we rely upon to do so.

Confirming your identity if we do not know you or your role at your organization

We may also need your personal data to comply with a legal obligation relating to how we manage our business or our relationship with your organization

To manage our relationship with you

Necessary for our legitimate interests to keep our records updated and to study how customers use our products/services

To process job applications submitted to PRI

Necessary for our legitimate interests in considering candidate applications for job vacancies and contacting you about them as well as retaining them for future opportunities. It may also be a necessary to comply with legal obligations relating to how we manage our business

It may also be a necessary to comply with legal obligations relating to how we manage our business

To administer and protect our business and this Website (including troubleshooting, data analysis, testing, system, maintenance, support, reporting and hosting of data)

Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise)

To make suggestions and recommendations to you about goods or services that may be of interest to you (e.g. programs and training)

Necessary for our legitimate interests in studying how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy

To establish, exercise or defend against legal claims

Necessary for our legitimate interests in establishing, exercising or defending against legal claims

To validate that records of eyesight examinations are current

Necessary for our legitimate interests in conducting our business and for the assessment of the working capacity of the employee

Where our or a third party’s legitimate interests is stated as being the legal basis for how we use your personal data, we make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we access our legitimate interests against any potential impact on you in respect of specific activities by contacting us at the contact address above.

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with services). In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.

Marketing

We strive to provide you with choices regarding certain personal data uses, particularly around marketing communications. By sending an e-mail for the purpose of enquiring about how our services could help your organization to any individual with a p-r-i.org domain or by submitting such an enquiry using the contact details in the ‘Contact Us’ section of the Website for this reason, you agree that we can contact you about the services that we may be able to provide to you, which may be the same or similar to those that you have enquired about or that your organization already receives from us. We will process your personal data to contact you in this way and the legal basis for this processing will be our legitimate interest in marketing and communication about services that may be of interest to you or your organization.

You are entitled to object to us contacting you by email or by telephone for this reason at any time. If you subsequently decide that you do not want to hear from us about the services we could provide to your organization, please let us know by emailing us at privacy@p-r-i.org with the subject heading “Unsubscribe” or please click the “unsubscribe” link at the bottom of any marketing email that we have sent to you. Objecting will not affect our use of the personal data prior to objecting but it will mean that we will not be able to contact you about the services we may be able to offer your organization in the future.

Third-party Marketing

PRI does not share your personal data with any third parties, except in the course of our primary business (for example, conducting audits and reviewing audit reports). We do not share your personal data with any third parties for marketing purposes. In the event that this position changes, we will notify you in writing.

Artificial Intelligence (AI)

As part of our commitment to providing you with the best possible experience, we may employ Artificial Intelligence (AI) technologies to analyze and improve our services. This may involve utilizing AI algorithms to process and derive insights from your personal information. Please be assured that we handle your data with the utmost care and in strict adherence to applicable data protection regulations.

Data Protection and Security

PRI protects the security of your personal data when you exchange that information with PRI websites. PRI uses industry-standard TLS (Transport Layer Security) and Secure Sockets Layer (SSL) technology when exchanging this information, which encrypts the information during transit. PRI also maintains firewall and other managed software, as well as physical and procedural safeguards, to protect systematically stored data.

PRI abides by the principles of privacy by design and default, and PRI retains data in accordance with the policies outlined in its company policies and program procedures.  PRI employees are bound by its Data Protection Policy, a copy of which can be obtained by emailing privacy@p-r-i.org.  PRI conducts regular training for its staff on data protection practices and policies, and PRI engages in annual cybersecurity and controls audits.

It is important that you protect your user ID and password for all applicable PRI websites. If you are logged in to any PRI website from a shared computer, be sure to log out when you are finished with a visit; a logout button can be found on nearly every page of our site.

Unfortunately, the transmission of information via the internet is not completely secure. Although we take appropriate measures to protect your personal data, we cannot guarantee the security of the personal data you provide to us during the transmission and any transmission by you of it to us is at your own risk.

Data Retention Practices

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purpose of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you or your organization. Our approach to data retention is detailed in our Records Retention and Disposition Policy, which is available on request.

HTTP Cookies

PRI websites use HTTP cookies, which are small text files stored on your computer and used to identify your web browser and store text information that can be used to customize your website experience. Cookies collect information about your interaction with the Website such as your IP address, traffic data, clickstream information, time stamp, location data, web logs, other communication data and the resources that you access. Cookies are used on PRI websites to provide a more personalized experience, process transactions, maintain customer records, and obtain statistics and other analytics regarding website usage. For example, Cookies can help us to:

• identify how much traffic various areas of the Website receive;
• determine when we should schedule site maintenance;
• determine demographic profiles of our visitors; and
• optimise the site for common browsers used at the Website.

Some PRI cookies are used to save you time by remembering your login and maintaining your session. Other PRI cookies are used for personalizing your visit and allowing you access to customized website features. Cookies help the PRI servers identify who you are and your relationship with PRI, enabling us to provide you with appropriate access to various areas of the site.

To the extent the information we collect from you using cookies is personal data, we use it to ensure that content from the Website is presented in the most effective manner for you and your device because it is in our legitimate interest to improve our customer’s online experience in relation to the Website.

PRI websites use both session and persistent cookies. Session cookies are stored in your browser’s memory and disappear when you shut down your browser or have no activity at a site for a defined period of time. Persistent cookies get written to your computer’s long-term memory and thus can stay on your computer to identify you for an extended period of time.

By continuing to use the Website you consent to our use of cookies as explained in this Privacy Notice.

The following table sets out the type of cookies used on our Website and provides details about what they are used for. When you use the Website for the first time, one cookie, which is essential to make our Website operate (see those identified as “essential cookies” below) will have been set but other cookies will not have been set unless you agreed to those cookies being set at that time. If you have agreed to accept cookies then the Website will remember this and continue to set cookies each time you visit.  If you do not want cookies to be stored, then you may turn off certain cookies listed below individually or you can select the appropriate options on your web browser. Most Internet browsers allow you to accept, block, or delete cookies (including essential cookies) as you see fit. You can consult the “Help” and other menu items of your particular browser to learn different ways to manage your cookies. Because certain our Website functions rely on cookies, the way you manage your cookies may impact your browsing experience or, in some cases, limit what the PRI websites can do for you. Depending on how you manage cookies, you may not be able to take advantage of personalization of the site or other site features and services.

Cookie types

Essential cookies

These are required for the operation of our Website.  They include, for example, cookies that enable you to log into secure areas of our website and to customize your account and news profile and cookies that allow us to recognize that you have agreed to conditions you must accept to view certain pages or documents or registered for alerts.

Analytical / Performance Cookies

These allow us to capture traffic and usage patterns, for example, to recognise and count the number, types and locations of visitors to our Website and to see how visitors move around our Website when they are using it. This helps us to improve the way our websites work, for example, by ensuring that users are finding what they are looking for easily, and to otherwise improve our users’ experience and understand the types and locations of visitors to our Website.

Functionality Cookies

These Cookies are used to recognize you when you return to our Website. This enables us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

Marketing or Targeting Cookies

These Cookies record your visit to our Website, the pages you have visited and the links you have followed. We may use this information to make our Website more relevant to your interests.

Third party cookies

Please note that Google and other third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies as a result of you visiting other websites, over which we have no control.

Children

PRI does not knowingly collect information about children under age 13. PRI will not contact children under age 13 for marketing purposes, nor will PRI knowingly exchange with any third-party information it stores about children under age 13.

Who we share Personal Data with

We share aggregate demographic information with our business partners. this data is not linked to any personal data. PRI does not sell your personal data to any parties that systematically collect personal data for marketing purposes unrelated to PRI business.

We partner with third parties to provide specific services, such as those below:

Communication Tools

These are required to enable PRI to communicate effectively and efficiently with external stakeholders

Recruitment Tools

To enable us to evaluate and process candidate applications

Affiliate organizations

For streamlined data hosting services

For you to successfully participate in associated activities, we share with the third party only that information which is necessary for the purpose of providing said services.  PRI communicates an expectation to all its partners and third parties providing such services that those partners maintain appropriate safeguards around your personal data and comply with all applicable regulations.

PRI may be required to provide information about its customers or prospective customers to law enforcement or government agencies if requested or necessary.

International Transfer of Personal Data

PRI may transfer your personal data internationally, including to third party companies (designated Processors) insofar as this is expedient for the Data Processing described in this Privacy Notice. The recipients will be obliged to protect your personal data to the same extent as ourselves. PRI takes appropriate measures to ensure and maintain oversight of our designated data processors activities with regard to protecting the personal data entrusted to them, including establishing an Intra-Group Data Transfer Agreement including EU Standard Contractual Clauses. The personal data that we process may be transferred to one or more countries outside the European Economic Area (“EEA”) which has not yet been deemed by the European Commission to offer adequate data protection. For example, the eAuditNet website is hosted on a server owned by PRI and housed in the USA whilst all other PRI websites are hosted outside of PRI and on servers around the world. With specific reference to the eAuditNet website, this is available regardless of user location; consequently, it may be accessed from any country in the world. We have taken the following steps to ensure an adequate level of data protection in the country of the recipient: Restricted staff access to personal information throughout our systems; Anonymization of personal information in eAuditNet after a specified period of time and in accordance with our industry managed program’s data retention policy; Deletion of personal data from PRI website in accordance with our industry managed program’s data retention policy; Minimizing personal data collection and storage duration.

If you wish to obtain a copy of these safeguards, please contact us at the contact address above. 

Your Rights and Responsibilities

You maintain control of the personal data that PRI collects and stores about you. PRI provides means, through the “Edit Profile” pages on its Website and/or by contacting PRI staff, for you to correct, update, and delete/deactivate your personally identifiable information and preferences on our Website.

Under certain circumstances you have the right with respect to the personal data that PRI collects about you:

• to request access to that personal data;
• to receive a copy of the personal data that you have provided to pri in a structured, commonly used and machine-readable format so that you can share it with others;
• whether that personal data is inaccurate or incomplete, to ask for the personal data to be rectified or completed;
• to ask for that personal data to be erased;
• to object to us processing your personal data by asking for the processing of that personal data to be restricted or stopped; and
• withdraw your consent to processing, in the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. Please note that the withdrawal of your consent will not affect the lawfulness of any processing of personal data based on your consent before its withdrawal.

You have the right to exercise your data protection rights at any time and to request information as to whether and which personal data relating to you has been processed by PRI. You may request to exercise your above rights at any time by contacting the following address: privacy@p-r-i.org. We reserve the right to exchange correspondence with you in this regard. Please note that PRI may be required to retain some or all of your personal data even after a request for erasure where there is a lawful reason or obligation to do so.  You may object at any time to the processing of your personal data for marketing purposes. In addition, you have the right to make a complaint concerning the data processing in question with the relevant supervisory authority. You can do this with the supervisory authority at your place of residence, at your place of work or at the place of the alleged data breach.

Our Affiliates

For the purposes of this Privacy notice, the following companies within the SAE Group will be joint data controllers of the personal data with PRI under certain circumstances:

Fullsight
SAE ITC
Thorn Hill LLC