www.navex.com
Open in
urlscan Pro
2600:1f18:16e:df02::64
Public Scan
Submitted URL: http://info.navex.com/NTQ0LVNBVS0wMzAAAAGUo1pGqGBrEwuRCSSgpiyRy4Brtle4pmuraulEs169S2QcDwCxDPQHmG_6_ETiENS_7wq-4wk=
Effective URL: https://www.navex.com/en-us/privacy-statement/?mkt_tok=NTQ0LVNBVS0wMzAAAAGUo1pGqA7FGvStHHbplYHnoHV2SSkV_jcA3FsxsI8BTDN...
Submission: On August 05 via api from US — Scanned from US
Effective URL: https://www.navex.com/en-us/privacy-statement/?mkt_tok=NTQ0LVNBVS0wMzAAAAGUo1pGqA7FGvStHHbplYHnoHV2SSkV_jcA3FsxsI8BTDN...
Submission: On August 05 via api from US — Scanned from US
Form analysis 2 forms found in the DOM
GET /en-us/search
<form method="get" action="/en-us/search">
<div class="search-input-group">
<label id="global-search-label" for="global-search-input" class="hidden-visually"></label>
<input id="global-search-input" name="term" type="search" placeholder="Search NAVEX">
<button type="reset" onclick="{handleClear}" class="search-clear hidden-visually"> X </button>
</div>
<button id="global-search-submit" type="submit" class="[ action-link ][ hidden-visually ]" disabled="">Search NAVEX</button>
</form>GET /en-us/search
<form method="get" action="/en-us/search">
<div class="search-input-group">
<label id="mobile-search-label" for="mobile-search-input" class="hidden-visually"></label>
<input id="mobile-search-input" name="term" type="search" placeholder="Search NAVEX">
</div>
<button id="mobile-search-submit" type="submit" class="[ action-link ][ hidden-visually ]">Search NAVEX</button>
</form>Text Content
blank
Skip to content.
✨The NAVEX Next Virtual Conference is your free pass to compliance expertise.
Secure your spot for Sept. 19.✨
Secondary navigation
* Search
X
Search NAVEX
* Blog
* Careers
* Customer Support
* 1-866-297-0224
* * English (US)
* English (US)
* English (UK)
* Deutsch
* Italiano
* Français
* Español
* 日本
* Svenska
* Suomi
Book a Demo
Primary navigation
* NAVEX One® GRC Platform
NAVEX ONE® GRC PLATFORM
* Back
* NAVEX One® GRC Platform
Where governance, risk and compliance problems find their solutions.
* Enhance Employee Compliance
Bridge compliance requirements with a healthy workplace culture.
* AI-powered Compliance Assistant
* Compliance Hub
* Whistleblowing & Incident Management
* Ethics & Compliance Training
* Policy & Procedure Management
* Disclosure Management
* Code of Conduct
* GRC Progam Awareness
* Manage Third Party Risks
Anticipate and analyze ongoing third-party, reputational and IT risks.
* Third Party Risk Monitoring & Screening
* Third Party Risk Management Software
* IRM Out of the Box
* Automate Business Risk Governance
Improve risk visibility to drive better decision-making and performance.
* Compliance for Whistleblowing Regulations
* Integrated Risk Management
* IT Risk Management
* Operational Risk Management
* Privacy, Risk & Compliance Management
* ESG Disclosures
* Compliance Program Management
* Integrate GRC Data Intelligence
Consolidate data and find more meaningful insights for your risk and
compliance program.
* GRC Dashboards & Reporting
* GRC Benchmarking
* How We Help
HOW WE HELP
* Back
* By Regulation
Unpack complex regulations to understand how they affect you.
* Whistleblowing Laws & Regulations
* California SB-553
* DOJ Guidance on Corporate Compliance
* FCPA
* GDPR
* HIPAA
* PCI-DSS
* Sapin II
* More Regulations
* By Industry
Stay ahead of relevant developments with industry-specific insights.
* Healthcare
* Financial Services
* Insurance
* Manufacturing
* Energy & Utilities
* Higher Ed
* SMB
* Government
* More Industries
* By Role
Make your job easier with purpose-driven resources and guidance.
* Risk & Compliance
* Human Resources
* Legal & Risk
* Information Security
* Audit
* Board of Directors
* More Roles
* By Challenge
Identify and overcome common compliance challenges with confidence.
* Third Party Risk
* Employee Compliance
* Harassment & Discrimination
* Conflicts of Interest
* Data Privacy
* More Issues
* View All Solutions
* Resources
RESOURCES
* Back
* Resource Center
Take your pick of our expert GRC knowledge to enrich your journey.
* Blog
* Events
* Webinars
* Benchmark Reports
* Customer Stories
* Definitive Guides
* Getting Started With GRC
* See all Resources
* About
ABOUT
* Back
* About NAVEX
Learn why 13,000+ organizations trust us to help manage their GRC
challenges.
* Careers
* Leadership Team
* Press Room
* Corporate Responsibility
* Our Customers
* Our Partners
* Protecting Your Data
* Why NAVEX?
*
Search NAVEX
* Contact us
* Get Pricing
* Book a Demo
NAVEX PRIVACY STATEMENT
OVERVIEW
NAVEX and its affiliates and subsidiaries (“NAVEX,” “we,” “us,” etc.) offer
guidance, software and technology products for companies to manage risk and
reach their compliance goals. We provide risk and compliance solutions
including, without limitation: compliance training, policy and procedure
management, ethics and incident management (including a hotline), vendor risk
management, risk management software, claims management, and compliance
analytics. We also offer various resources and ways for compliance
professionals to connect through our websites.
We are dedicated to improving workplace integrity worldwide. We help our
business customers create a more resilient business by providing tools to
identify and reduce risk and misconduct. When it comes to handling your
personal information, then, it is not enough for us to simply abide by the law.
We believe it is important to set an example for other companies to follow,
which includes transparency about how we process information that identifies,
relates to, describes, or can be associated with you. This Privacy Statement is
part of our effort to provide that transparency.
We want you to be confident that we are handling your personal information with
care and respect, whether you’re completing job training, delivering or
receiving corporate policies that shape how your job gets done, or filing a
complaint, concern or question. We also want to explain the tools and options
available to you to manage and protect that information within the bounds of
law, your rights, and your company’s risk and compliance goals.
We will collect personal information in different ways and for different
purposes as we run our business and deliver services to our business customers.
NAVEX does not process personal information for any purposes that are materially
different from the purpose for which it was originally collected. We have
created separate Privacy Statements, one for our corporate business operations
and one for our service Applications, intended to provide you with information
about what personal information we collect, why we collect it, how we use it,
with whom we share it, how we protect it, and how long we keep it.
Go to Privacy Statement
Go to Applications Privacy Statement
PRIVACY STATEMENT
Updated: August 2023
NAVEX and its affiliates and subsidiaries (“NAVEX,” “we,” “us,” etc.) offer
guidance, software and technology for companies to manage risk and reach their
compliance goals. We are dedicated to improving workplace integrity worldwide
and helping companies create a more resilient business by providing tools to
identify and reduce risk and misconduct.
This Statement applies to personal information NAVEX collects, uses and
discloses as a “controller” in connection with operating our business and in
connection with the representatives of NAVEX’s business customers and business
partners, including (1) on our Websites (https://www.navex.com/,
https://www.netclaim.com/, and all subdomains hosted by NAVEX) and any sites or
products that display these terms (collectively “Website”); (2) through webinars
or online events we may host or sponsor; and (3) at in-person events, such as
trade shows or conferences, and other outreach and marketing activities and
communications.
This Privacy Statement does not apply to any website, mobile app, service, or
product that does not display or link to this Privacy Statement or that contains
its own privacy notice.
Our Applications Privacy Statement covers our privacy practices in connection
with the use of the software applications and related services that we provide
to our business customers.
HOW WE COLLECT PERSONAL INFORMATION
We may collect personal information from you directly or indirectly. For
example, when you register for one of our web seminars or virtual events or sign
up to receive our email communications, you provide personal information
directly to us. Other times, personal information is collected automatically as
you use our Website. In addition, we also may receive personal information from
third parties with whom we work.
We collect personal information when you provide it
You may provide certain kinds of personal information directly by interacting
with NAVEX online and offline (via social media or Web forms, by phone, email,
in person – or even through postal mail). Personal information may also be
provided to us directly or indirectly through the use of our customer
relationship management systems, in order for us to track support for the
service in our role as a controller.
When you register for a web seminar or download white papers available on our
Website, for example, you typically provide your email address, phone number and
geographic location. Or, to become a member of Compliance Next, you may provide
your name and email address and then create a username and password, information
that on subsequent visits helps us confirm your identity and grant you access to
member-exclusive content.
We may also collect personal information, including your name and contact
information that you voluntarily provide at industry events.
We collect personal information from third-party sources
We may collect personal information about you from third parties, including from
conference partners, public databases or third parties from whom we have
purchased data, including advertising companies that specialize in
interest-based ads. We may combine this with information we already have about
you.
This helps us update, expand, and analyze our records, identify new customers,
and provide information tailored to products and services that may interest
you. You may opt out of receiving interest-based advertising by clicking here
(or if you are in the European Union, the United Kingdom, or Switzerland, click
here.) Opting out of interest-based advertising will not prevent ads from being
served to you; the ads will simply be more general.
We also work with third parties to support delivery of our online services (such
as email and content streaming), or those that help us manage events. Your
personal information may be provided to us by those third parties.
We also may collect personal information from online social networks if you take
part in a forum, for example, on LinkedIn. We may collect personal information
when you click “Share This” or “Like” buttons or otherwise use social media
buttons or plug-ins.
We collect personal information using automated technologies
Sometimes personal information is collected by automated technologies and shared
with us when Website visitors navigate through our products and services
online. We may track your browsing actions and log your IP address. We track
product preferences and content downloads, to make future visits to our Website
more efficient.
Other automated collection technologies – such as cookies, beacons, tags, and
scripts – are used by us to analyze trends, administer the Website, and track
users’ movements around the Website. We, and our third-party partners, may also
use these technologies to gather demographic information about our user base as
individuals and in the aggregate. You may opt out of us sharing your
information with our advertising partners by not accepting our cookies on your
internet browser. Keep in mind that declining certain cookies may decrease the
functionality of the Website or disable some features. Read more about our use
of cookies associated with the applicable components of our Websites
(https://www.navex.com/, https://www.netclaim.com/, and all subdomains hosted by
NAVEX) here.
We will not knowingly collect information from anyone younger than 16 years
Our Website and services associated with our Website are not intended for use by
anyone younger than 16 years old, and we do not knowingly collect personal
information from anyone younger than that. If we become aware that personal
information of anyone younger than 16 has been provided to us, for any purpose,
we will delete the information from our files.
Our Legal Basis for Collection
Certain data protection laws require that we have a legal basis for collecting
your personal information. The legal basis we rely upon may be different in
each circumstance or we may have one or more legal basis for the collection.
When accessing our Website, for example, we collect personal information from
you where 1) we have your consent, 2) where your personal information is
necessary for us to provide a service (for example, when you register for a
webinar), or 3) where we have a legitimate interest to process your information
and that legitimate interest is not overridden by your data protection interests
or fundamental rights and freedoms. In some cases, we may have a legal
obligation to process your personal information, or to process your personal
information to exercise, establish or defend legal claims.
Do-not-track requests
Some browsers offer a “Do Not Track” privacy preference. Generally, when a user
turns on the Do Not Track Signal, their browser sends a message to websites
requesting that the user not be tracked. Our Website currently does not respond
to “Do Not Track” signals. For California residents, please refer to the
California Consumer Privacy Statement for information on using the Global
Privacy Control signal.
HOW WE USE PERSONAL INFORMATION
As users navigate through the Website, their movements may be tracked and
analyzed. We use the personal information we obtain:
* To provide our products and services, including our Website.
* To market our products and services, including through email and phone.
* To respond to support requests.
* To personalize your experience with the Website.
* To provide access to and maintain the security and integrity of the Website
and services, which include personal information associated with logs
generated from our service Applications.
* To provide updates regarding the Website and marketing information, such as
special promotions or surveys, etc.
* To perform analytics (including market and consumer research, trend analysis,
financial analysis, and anonymization of personal information).
* Operate, evaluate, develop, manage and improve our business (including
operating, administering, analyzing and improving our products and services;
developing new products and services; managing and evaluating the
effectiveness of our communications; performing accounting, auditing, billing
reconciliation and collection activities and other internal functions).
* To manage professional relationships with our business customers and
partners.
* To comply with legal and regulatory requirements applicable to our business
and internal policies for maintaining records.
* To protect all parties in the event of disputes.
* To comply with court orders and legal processes, and to enforce our Terms of
Use and this Privacy Statement.
* For any other legal, business, or marketing purposes that comply with the
practices described in this Statement.
As noted above, this Privacy Statement applies to the personal information we
process as a controller. In contrast, when processing information in connection
with the delivery of our Applications, including providing guidance and services
to our business customers, we act as a processor. The information we receive
through our Applications and related services is subject to our Applications
Privacy Statement.
WHEN WE SHARE PERSONAL INFORMATION
We may share your personal information amongst our affiliates for the purposes
described in this Privacy Statement. We also may share your personal
information with third-party service providers that provide services on our
behalf and under our instructions, such as email delivery, data hosting,
analytics, payment processing and content streaming. In addition, we may share
your personal information with other third-party service providers, such as our
advertising partners that provide services on our behalf and under our
instructions, that help us with our marketing efforts, including sending and
analyzing our marketing efforts by measuring whether recipients have opened an
email and clicked on any content within it. We do not authorize such service
providers to retain, use or disclose the information except as necessary to
perform the services they provide to us or comply with legal requirements. Our
service providers and advertising partners may collect browsing data that
includes IP addresses, referring pages, and users’ movements as they navigate
the Website.
We also may disclose personal information about you (1) if we are required to do
so by law or legal process (such as a court order or subpoena); (2) to
establish, exercise or defend our legal rights; (3) when we believe disclosure
is necessary or appropriate to prevent physical or other harm or financial loss;
(4) in connection with an investigation of suspected or actual illegal activity;
(5) when we believe disclosure is reasonably necessary to protect against fraud,
or to protect our property or other rights or those of other individuals, third
parties, or the public at large; or (6) otherwise with your consent.
We reserve the right to transfer any personal information we have about you in
the event of a potential or actual sale or transfer of all or a portion of our
business or assets (including in the event of a merger, acquisition, joint
venture, reorganization, divestiture, dissolution or liquidation).
HOW WE SECURE PERSONAL INFORMATION
We have implemented and maintain administrative, physical, and technology-based
security measures to protect against loss, misuse, unauthorized access or
disclosure, destruction and alteration of personal information.
DATA RETENTION
Where NAVEX collects your personal information for its own independent business
purpose, such as through our Websites, or in connection with webinars and
events, we will retain your information in accordance with our data retention
practices and in accordance with applicable law. To the extent required by
applicable law, we will retain your personal information for the time necessary
to serve the purpose for which it was originally collected or you subsequently
authorized. For example, we will retain your information for as long as your
account is active, as necessary to comply with our legal obligations and rights,
to resolve disputes, and to enforce our agreements.
DATA STORAGE AND INTERNATIONAL TRANSFERS
NAVEX is headquartered in the United States. Your personal information may be
transferred to, processed, and maintained in places other than where you live.
This means that we may transfer, access, or store personal information about you
outside of the European Economic Area (“EEA”), Switzerland, the United Kingdom,
Japan, or another jurisdiction that requires legal protections for international
data transfers. When we do, we will ensure that an adequate level of protection
is provided for the personal information by utilizing appropriate safeguards and
terms in accordance with applicable law. Specifically, NAVEX will use one or
more of the following approaches:
* We may transfer personal information to jurisdictions that have privacy laws
that have been recognized by the jurisdiction from which the data are
transferred as providing similar protections for the data..
* We may enter into written agreements, such as standard contractual clauses
and other data transfer agreements, with recipients where required to help
ensure the same level of protection for the data is provided.
* We may seek consent for transfers of your personal information for specific
purposes.
* We may rely on other transfer mechanisms approved by authorities in the
country from which the data are transferred.
Data Privacy Framework
NAVEX complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK
Extension to the EU-U.S. DPF (“UK Extension”), and the Swiss-U.S. Data Privacy
Framework (“Swiss-U.S. DPF”), including the onward transfer liability
provisions, as set forth by the U.S. Department of Commerce (the “Frameworks”).
NAVEX Global, Inc. has certified to the U.S. Department of Commerce that it
adheres to the Data Privacy Framework Principles (“DPF Principles”) with regard
to the processing of personal data received from the European Union, United
Kingdom (including Gibraltar) and Switzerland in reliance on the DPF. If there
is any conflict between the terms in this Privacy Statement and the EU-U.S. DPF
Principles and/or the Swiss-U.S. DPF Principles (the “DPF Principles”), the DPF
Principles shall govern. To learn more about the Data Privacy Framework (“DPF”)
program, and to view our certification, please
visit https://www.dataprivacyframework.gov/.
As required by the Frameworks, any personal information we receive under the
Frameworks will be maintained in accordance with the DPF Principles. NAVEX is
responsible for the processing of personal information it receives, under each
of the Frameworks, and subsequently transfers to a third party acting as an
agent on its behalf. In certain situations, we may be required to disclose
personal information in response to lawful requests by public authorities,
including to meet national security or law enforcement requirements.
The Federal Trade Commission has jurisdiction over NAVEX’s compliance with the
EU-U.S. DPF, the UK Extension, and the Swiss-U.S. DPF.
Data Privacy Framework Inquiries & Complaints (data from the EEA, Switzerland,
or the United Kingdom (and Gibraltar))
In compliance with the Frameworks, NAVEX commits to resolve DPF
Principles-related complaints about our collection and use of your personal
information. EU, UK, and Swiss individuals with inquiries or complaints
regarding our handling of personal data received in reliance on the EU-U.S. DPF,
the UK Extension, and the Swiss-U.S. DPF should first contact NAVEX
at: privacy@navex.com.
In compliance with the EU-U.S. DPF, the UK Extension, and the Swiss-U.S. DPF,
NAVEX commits to refer unresolved complaints concerning our handling of personal
data received in reliance on the EU-U.S. DPF, the UK Extension, and the
Swiss-U.S. DPF to the TRUSTe Privacy Dispute Resolution program, an alternative
dispute resolution provider based in the United States. If you do not receive
timely acknowledgment of your DPF Principles-related complaint from us, or if we
have not addressed your DPF Principles-related complaint to your satisfaction,
please visit https://feedback-form.truste.com/watchdog/request for more
information or to file a complaint. The services of the TRUSTe Privacy Dispute
Resolution program are provided at no cost to you.
Under certain conditions, described more fully on the Data Privacy Framework
website, you may invoke binding arbitration when other dispute resolution
procedures have been exhausted.
YOUR RIGHTS
We understand that you want to protect and control your personal information.
This section details how you may review, update, correct, or delete that
information.
Viewing or updating your personal information
You may contact us to update your name, contact information, email preferences,
job title and other business information by completing the form located here or
by emailing us at privacy@navex.com and including “Update My Information” in the
subject line. For our Compliance Next members, please access your account on
the Website to update your contact information, or email us at
info@compliancenext.com with “Update My Compliance Next Account Information” in
the subject line.
Opting out of promotional emails
If you do not wish to receive promotional e-mails from us, you may follow the
unsubscribe process at the bottom of the promotional e-mail you received or by
emailing us at privacy@navex.com. For our Compliance Next members, please
access your account on the Website to update your email subscription
preferences, or email us at info@compliancenext.com. Please keep in mind that
you still may receive transactional e-mails from us (such as e-mails related to
the completion of your registration, correction of user data, password reset
requests, reminder e-mails you have requested, and other similar communications)
that may be necessary for us to make the Website available to you or respond to
your inquiries and support requests.
Deactivating your account
You may deactivate your Compliance Next account any time. To deactivate your
account, please edit your account on the Website by clicking “Email Compliance
Next to delete my account” or send an email to info@compliancenext.com with
“Deactivate Compliance Next Account” in the subject line. Upon receiving your
request, NAVEX will deactivate your account and delete personal information
where required by applicable law.
California
If you are a California resident, for more information about your privacy
rights, please see the California Consumer Privacy Statement available here.
Individual data subject rights
Depending on your location, you may have certain rights associated with your
personal information based on applicable law.
Subject to any exceptions or limitations under applicable law, you may have the
following data protection rights:
* You can request access to, correction of, updates to, or request deletion of
your personal information based on information collected from accessing our
Website or participating in our web seminars, forums or events.
* You can request more information about how we process your personal
information, where and how we collected that information, the categories of
that information, with whom we share it, and how long we retain it.
* You can object to the processing of your personal information, ask us to
restrict the processing, or request portability of your personal information.
* You have the right to opt out of marketing communications we send at any
time. You can opt out by clicking on the “unsubscribe” or “opt-out” link in
any marketing email we send you.
* When we have collected and processed your personal information based upon
your consent, then you can withdraw your consent at any time. However,
withdrawing your consent will not affect the lawfulness of any processing we
conducted before your withdrawal, nor will it affect processing of your
personal information when we have relied on other legal grounds for the
processing.
* Upon your request, and where it is technically feasible, NAVEX will provide
you with a copy of your personal information or transmit it directly to
another controller.
* You have the right to make a complaint to the data protection authority about
our collection and use of your personal information. For more information,
please contact your local data protection authority. Contact details are
available here.
To make a request, please contact us by completing the form located here or by
emailing us at privacy@navex.com with “Personal Information Request” in the
subject line. Provide full details relating to your request, including your
contact information and any other details you believe are relevant. We are
committed to responding to requests to exercise data protection rights in
accordance with applicable laws.
Identity verification requirement
The law may require us to verify that any request submitted was made by someone
with the legal right to access the information. Therefore, before accessing or
divulging any information pursuant to a data access request, we may request that
you provide us with additional information so we can verify your identity and
legal authority, particularly where the information provided with the request is
insufficient to confirm legal authority and/or identity.
We will provide a response to an access request within the timeframes required
by law. If we cannot substantively respond in a timely manner, we will notify
you and provide the reason for the delay.
Under certain circumstances, we may not fulfill your request, such as when doing
so would interfere with our regulatory or legal obligations, when we cannot
verify your identity, if your request involves disproportionate cost or effort,
or when the law allows us to retain that information. But we will respond to
your request within a reasonable time, as required by law, and provide an
explanation.
OTHER ONLINE SERVICES AND THIRD-PARTY FEATURES
For your convenience and information, our Website may contain links to other
online services, and may include third-party features such as apps, tools,
widgets and plug-ins. These online services and third-party features may operate
independently of NAVEX. The privacy practices of these third parties, including
details on the information they may collect about you, is subject to their own
privacy policies or notices, which we strongly suggest you review.
In addition, if you make a post on a third-party social media site, such as
LinkedIn, or by identifying us in your social media feed by tagging us using a
hashtag (#) or “at” (@), your personal information may be publicly available and
is subject to the privacy policies of those third-party social media sites.
We are not responsible for the content of any online services that are not
affiliated with NAVEX, any use of those services, or the privacy practices of
those services. We recommend you review the privacy policies or notices of any
third-party sites you visit to understand their data collection and practices.
UPDATES
We reserve the right to amend this Statement at any time, for any reason,
without additional notice to you, other than through posting the updated Privacy
Statement on our Website. We invite you to return to this page to ensure you
are informed of any updates we make about how we collect, use, and protect
customer information. You can see when this Privacy Statement was last updated
by checking the “last updated” date displayed at the beginning of this
Statement.
CONTACT US
If you have questions or complaints about the way we handle personal
information, please contact us via the below contact details. Alternatively,
and at your choice, if you have an unresolved privacy or data use concern that
we have not addressed satisfactorily, please contact our U.S.-based third party
dispute resolution provider (free of charge) at
https://feedback-form.truste.com/watchdog/request.
NAVEX
Attention: Data Protection Officer
5500 Meadows Road, Suite 500
Lake Oswego, OR 97035
(866) 297-0224
privacy@navex.com
APPLICATIONS PRIVACY STATEMENT
Updated: August 2023
NAVEX and its affiliates and subsidiaries (“NAVEX,” “we,” “us,” etc.) offer
guidance, software and technology for companies seeking to manage risk and reach
their compliance goals. We are dedicated to improving workplace integrity
worldwide and helping companies create a more resilient business by providing
tools to identify and reduce risk and misconduct.
This Statement applies to our software related services and solutions, (the
“Application” or “Applications”) and any sites or products that display these
terms. It does not apply to any website, mobile app, service, or product that
does not display or link to this Privacy Statement or that contains its own
Privacy Statement. For information about how we use personal information we
receive in connection with operating our business, including our websites,
please visit our Privacy Statement.
As part of the services we provide to our business customers, you may interact
with us online (through the Applications) or by phone and in doing so, you may
share your personal information with us. The information received by NAVEX in
delivering the Applications is done on behalf of our business customers and is
processed by us according to the contract with that business customer.
HOW WE COLLECT PERSONAL INFORMATION
We may collect personal information from you directly or indirectly. For
example, when your employer or other related company purchases one of our
technology solutions to manage risk or operate within applicable legal and
ethical standards, you may provide personal information directly to us through
your participation in job training, reviewing policies and procedures or
reporting a concern. Other times, personal information may be collected
automatically as you use our Application as we outline in this Statement. In
addition, we also may receive personal information from our business customers
or other related third parties.
We collect information through the Application on behalf of business customers
who use our software solutions including, without limitation: compliance
training, policy and procedure management, ethics and incident management
(including a hotline), vendor risk management, risk management software, claims
management, and compliance analytics.
Our business customers determine why (the purpose) and what (the nature)
personal information is collected, used, stored, or deleted within the
Applications purchased. NAVEX acts as a service provider, or data processor, of
this information under the terms of our contract with that customer, the data
controller. Questions about how business customers use, share, or process that
information should be sent to them directly. Unless prohibited by law, NAVEX
will honor and support our business customer’s instructions with respect to your
personal information.
Legal Basis for Collection
When we collect personal information through our Applications, we do so as a
processor, or service provider, as instructed by our business customer, the
controller. Certain data protection laws require that controllers have a lawful
or legal basis for collecting personal information. The lawfulness of our
collection of personal information is determined by the controller, our business
customer. If you have questions about the legal basis or lawfulness of our
collection of personal information, please contact that business customer
directly.
We collect personal information when you provide it
You may provide certain kinds of personal information directly by interacting
with the Applications (whether you’re an employer or employee or other
stakeholder) or offline (by phone, email, or in person–for example through
discussions with your manager–or through postal mail). Depending on the
software service, users may provide different types of personal information, as
outlined in the table below. The type of personal information we collect is
determined by our business customer.
ApplicationTypes of personal information that may be collectedPurpose(s)Policy
TechName (first and last), email address, job site, job title, department,
supervisor, log-in credentials, completion status, time and date of
policies.Improve accessibility, version control, and delivery of company
policies, tracks compliance and gauges employee comprehension.NAVEX EngageName
(first and last), email address, job site, job title, department, supervisor,
log-in credentials, completion status, time and date of training media.Deliver
risk-based training, tracks completion, and supports behavior change with
scenario-based learning.Risk RateName, job site, department, log-in credentials,
and date of birth.Perform around-the-clock automated third-party risk monitoring
and due diligence.NetclaimName (first and last), email address, job site, job
title, department, supervisor, log-in credentials, details about the claim,
address, date of birth, social security number.Provide comprehensive and
customizable claims intake and dissemination solution.EthicsPoint/ Data Subject
RightsName, job location, department, details about the reported incident or
request, personal PIN for report follow-ups and updates.Allow companies to
receive, investigate, and resolve ethics and compliance reports, concerns, data
subject right requests, and questions.COI DisclosuresName (first and last),
email address, job site, job title, department, supervisor, log-in credentials,
completion status, details about the reported conflicts, time and date of
disclosure.Allow companies to gather, track and analyze disclosures, manage
conflicts of interest, gifts and entertainment, board memberships, family
business relationships and more.IRMName (first and last), email address, log-in
credentials, and other categories such as job title.Provide businesses a
comprehensive view of how they identify, assess, and prioritize risk.NAVEX
WhistleBName, job location, department, details about the reported incident or
request, personal PIN for report follow-ups and updates.Allow companies to
receive, investigate, and resolve ethics and compliance reports, concerns, data
subject right requests, and questions.
We collect personal information using automated technologies
Personal information may be collected by automated technologies – such as
cookies, beacons, tags, and scripts – within the Application being used. In
most cases these Application cookies are required but, in some cases, they are
optional and only set where you request that we store information. More
information about our use of cookies associated with the Application is
available here.
Other personal information, such as IP addresses, may be automatically collected
from users of the Applications. Doing so helps us protect and secure the
integrity of our systems and the data we host. They may be shared with law
enforcement to enforce our rights, ensure the security and integrity of our
systems, or as otherwise required by law.
We collect personal information from third-party sources
When we provide our business customers with tools to improve their risk and
compliance practices, this may require them to share personal information about
their employees and other stakeholders with us. The kinds of personal
information typically collected are names, business contact details (such as
email addresses), and job titles. When your employer or business partner gives
us your information, we use it only for the specific purpose for which it was
provided. Collecting this personal information helps us deliver our services
and comply with customer contracts. Please see the table above for more
information on what personal information we collect and the purpose for why we
collect it.
HOW WE USE PERSONAL INFORMATION
As mentioned above, NAVEX’s business customers determine what personal
information is collected by us and how it is used. We use the personal
information collected, as a processor, in accordance with our business
customer’s instructions. We may use it in these ways:
* To provide the Applications for both customers and their end users.
* To maintain the security and integrity of the Applications.
* To communicate with customers and their end users about the Applications.
* To respond to support requests.
* To develop and improve the Applications.
* To comply with legal and regulatory requirements applicable to our business
and internal policies for maintaining records.
* To protect all parties in the event of disputes.
* To comply with court orders and legal processes, and to enforce our Terms of
Use and this Privacy Statement.
* For any other legal or business purposes that comply with the practices
described in this Statement.
WHEN WE SHARE PERSONAL INFORMATION
Once your personal information is collected in the Application, as detailed
above, we may share it with third parties, including your employer or business
partners for various reasons.
We may share your personal information with third parties to help deliver our
services to customers. We do not authorize such third parties to retain, use or
disclose the information, except as necessary to provide and deliver those
services.
As noted previously, we may share your personal information with the relevant
business customer in accordance with our contract with that customer.
We also may disclose personal information about you (1) if we are required to do
so by law or legal process (such as a court order or subpoena); (2) to
establish, exercise or defend our legal rights; (3) when we believe disclosure
is necessary or appropriate to prevent physical or other harm or financial loss;
(4) in connection with an investigation of suspected or actual illegal activity;
(5) when we believe disclosure is reasonably necessary to protect against fraud,
or to protect our property or other rights or those of other individuals, third
parties, or the public at large; or (6) otherwise with your consent.
We reserve the right to transfer any personal information we have about you in
the event of a potential or actual sale or transfer of all or a portion of our
business or assets (including in the event of a merger, acquisition, joint
venture, reorganization, divestiture, dissolution or liquidation).
HOW WE SECURE PERSONAL INFORMATION
We have implemented and maintain administrative, physical, and technology-based
security measures to protect against loss, misuse, unauthorized access or
disclosure, destruction and alteration of personal information in our systems.
DATA RETENTION
Personal information collected by NAVEX through our Applications will be
retained as directed by our business customer. Should you have any questions
about how long personal information is retained, please contact the applicable
business customer directly.
DATA STORAGE AND INTERNATIONAL TRANSFERS
NAVEX is headquartered in the United States. Your personal information may be
transferred to, processed, and maintained in places other than where you live.
NAVEX collects, transfers, and processes personal information in accordance
with its legal obligations under contracts with its business customers who, as
we have noted previously in this Privacy Statement, determine the legal basis
and applicable transfer mechanisms for our collection and processing of personal
information, in particular from the European Economic Area (“EEA”), the United
Kingdom, Switzerland, Japan, or another country that requires legal protections
for international data transfer. If you want more information on what legal
basis or transfer mechanism is relied upon for NAVEX to receive and processes
personal information, you will need to contact the relevant business customer
directly. NAVEX supports its business customers with appropriate safeguards and
terms required by applicable law.
Data Privacy Framework
NAVEX complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK
Extension to the EU-U.S. DPF (“UK Extension”), and the Swiss-U.S. Data Privacy
Framework (“Swiss-U.S. DPF”), including the onward transfer liability
provisions, as set forth by the U.S. Department of Commerce (the “Frameworks”).
NAVEX Global, Inc. has certified to the U.S. Department of Commerce that it
adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF
Principles”) with regard to the processing of personal data received from the
European Union, United Kingdom (and Gibraltar) and Switzerland in reliance on
the Frameworks. If there is any conflict between the terms in this Privacy
Statement and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles
(the “DPF Principles”), the DPF Principles shall govern. To learn more about
the Data Privacy Framework (“DPF”) program, and to view our certification,
please visit https://www.dataprivacyframework.gov/.
As required by the Frameworks, any personal information we receive under the
Frameworks will be maintained in accordance with the DPF Principles. NAVEX is
responsible for the processing of personal information it receives, under each
of the Frameworks, and subsequently transfers to a third party acting as an
agent on its behalf. In certain situations, we may be required to disclose
personal information in response to lawful requests by public authorities,
including to meet national security or law enforcement requirements.
The Federal Trade Commission has jurisdiction over NAVEX’s compliance with the
EU-U.S. DPF, the UK Extension, and the Swiss-U.S. DPF.
Data Privacy Framework Inquiries & Complaints (data from the EEA, Switzerland,
or the United Kingdom (and Gibraltar)
In compliance with the Frameworks, NAVEX commits to resolve DPF
Principles-related complaints about our collection and use of your personal
information. EU, UK, and Swiss individuals with inquiries or complaints
regarding our handling of personal data received in reliance on the EU-U.S. DPF,
the UK Extension, and the Swiss-U.S. DPF should first contact NAVEX
at: privacy@navex.com.
In compliance with the EU-U.S. DPF, the UK Extension, and the Swiss-U.S. DPF,
NAVEX commits to refer unresolved complaints concerning our handling of personal
data received in reliance on the EU-U.S. DPF, the UK Extension, and the
Swiss-U.S. DPF to the TRUSTe Privacy Dispute Resolution program, an alternative
dispute resolution provider based in the United States. If you do not receive
timely acknowledgment of your DPF Principles-related complaint from us, or if we
have not addressed your DPF Principles-related complaint to your satisfaction,
please visit https://feedback-form.truste.com/watchdog/request for more
information or to file a complaint. The services of the TRUSTe Privacy Dispute
Resolution program are provided at no cost to you.
Under certain conditions, described more fully on the Data Privacy Framework
website, you may invoke binding arbitration when other dispute resolution
procedures have been exhausted.
YOUR RIGHTS
As mentioned above, we receive personal information through our Applications as
processors for our business customers, who determine the lawfulness of our
collection and the purpose for the processing. The data in our Applications is
managed by the business customer according to their own internal policies and
procedures.
Accordingly, anyone seeking to exercise data protection rights granted by
applicable law should direct their request to the relevant company or
organization (typically their employer). Inquiries made to NAVEX requesting
access, alteration, or deletion of personal information will be forwarded to our
business customer for resolution. NAVEX is not permitted to independently alter
that information but will support a business customer’s request to do so, unless
otherwise required by law.
For Data Subjects from the European Union, United Kingdom and Switzerland
Certain data protection laws of the European Union (General Data Protection
Regulation), United Kingdom (Data Protection Act 2018) and Switzerland (Swiss
Federal Data Protection Act) provide that controllers of personal data honor
certain rights granted to data subjects who reside in the applicable country.
As noted previously, NAVEX is a data processor to its business customers who
are data controllers under these laws. NAVEX is fully committed to supporting
its business customers in their compliance with applicable law. If you are a
data subject located in the European Union, United Kingdom or Switzerland, and
wish to exercise your rights in relation to personal data NAVEX may have
collected on behalf of its business customer, please contact that business
customer directly to exercise your rights. If we receive a request from a data
subject for one of our business customers, we will direct the request to the
business customer for review and response.
Notwithstanding the foregoing, if you have questions or complaints about the way
we handle personal information, please contact us via the below contact
details. We will promptly manage any complaints received from an individual.
Alternatively, and at your choice, if you have an unresolved privacy or data use
concern that we have not addressed satisfactorily, please contact our U.S.-based
third party dispute resolution provider (free of charge) at
https://feedback-form.truste.com/watchdog/request.
NAVEX
Attention: Data Protection Officer
5500 Meadows Road, Suite 500
Lake Oswego, OR 97035
(866) 297-0224
privacy@navex.com
For California Consumers
The California Consumer Privacy Act of 2018 as amended by the California Privacy
Rights Act of 2020 (collectively “CCPA/CPRA”) provides specific rights to those
who live in California and requires that businesses subject to CCPA/CPRA ensure
those rights are honored. Certain NAVEX business customers may be subject to
the CCPA/CPRA. As a service provider to those business customers, Navex will
support them in their compliance with the law. If you are a California Consumer
and wish to exercise your rights in relation to personal information NAVEX may
have collected on behalf of its business customer, please contact that business
customer directly to exercise your rights. If we receive a request under
CCPA/CPRA from a California consumer in relation to a business customer, we will
direct the request to that business customer for review and response.
UPDATES
We reserve the right to amend this Statement at any time, for any reason,
without additional notice to you, other than through posting the updated Privacy
Statement within our Application. We invite you to return to this page to
ensure you are informed of any updates we make about how we collect, use, and
protect personal information on behalf of our business customers. You can see
when this Privacy Statement was last updated by checking the “last updated” date
displayed at the beginning of this Statement.
CONTACT US
If you have questions or complaints about the way we handle personal
information, please contact us via the below contact details. Alternatively,
and at your choice, if you have an unresolved privacy or data use concern that
we have not addressed satisfactorily, please contact our U.S.-based third party
dispute resolution provider (free of charge) at
https://feedback-form.truste.com/watchdog/request.
NAVEX
Attention: Data Protection Officer
5500 Meadows Road, Suite 500
Lake Oswego, OR 97035
(866) 297-0224
privacy@navex.com
CONTACT
* YouTube
* Facebook
* Twitter
* LinkedIn
Subscribe for GRC insights
EXPLORE
LANGUAGE & REGION
* English (US)
* English (UK)
* Deutsch
* Italiano
* Français
* Español
* 日本
* Svenska
* Suomi
ABOUT NAVEX
* Company
* Leadership Team
* Careers
* Events
* In the News
* Press Releases
* Transparency in Coverage
POPULAR LINKS
* Resources
* Course Library
* NAVEX Community
* NAVEX One
* NAVEX E&C
* IRM
G2 Users Love Us
* Cookie Preferences
* Cookie Statement
* Do not sell or share my personal information
* Modern Slavery Act Statement
* Privacy Statement
* Terms of Use
* Sitemap
© 2012-2024 NAVEX Global, Inc. All Rights Reserved