Privacy - Performance Review Institute

PRIVACY STATEMENT

24 May 2018

Summary
Performance Review Institute (“PRI”) knows that you care about how your personal information is collected and used, and we appreciate your trust in our commitment to do so carefully and thoughtfully. This document describes what personally identifiable information (“PII”) we collect, how we collect and use it, and the procedures we have in place to protect that information.

This Statement applies to the eAuditNet.com, p-r-i.org, and priregistrar.org websites (“PRI websites”), and directly related activities through which PRI processes PII. It does not apply to websites operated by organizations or groups who associate themselves with PRI. It does not apply to any other Internet websites, including those that have hypertext links to or from the PRI websites listed above; please read carefully the terms, conditions, and policies of any other third party’s website.

PRI may revise this Statement at any time and will post the Statement on this web page, including the date, above, of the most recent update.  PRI may do so to continue to be compliant with relevant regulations, to implement best practices, and/or to stay aligned with changes in its business practices.

This Statement covers:

  • What Information We Collect, and How We Collect It
  • Why We Collect Your PII, and How We Use It
  • Data Protection, Security, and Retention Practices
  • HTTP Cookies
  • Children
  • Third Party Relationships
  • Your Rights and Responsibilities
  • Contacting PRI about Your PII

What Information We Collect, and How We Collect It
When you visit PRI websites, we collect information about you and your visit.  This primarily takes three forms:

  • Information you voluntarily provide when registering at PRI websites or when communicating with PRI: When you complete any type of registration form, or complete various other online forms, for purposes such as logging in to the website, participating in industry-managed programs, and more, we receive and store that information. Typically, these voluntary forms include information such as your name, website user ID and password, work address information, and work phone number and email addresses. Other information may be gathered, depending on the form you are completing.

You may also share your name, email address, and work contact information when you communicate with PRI via email or through attendance at physical events hosted by PRI as part of the programs in which you participate.

  • Information you involuntarily provide: As you interact with our websites, our server logs information about your visit. This information includes things like the website address you came from, the browser you are using, your numeric internet address, the date and time of your visit, and what pages you are viewing. Collection of these types of information is a common practice by websites.
  • Information provided by you or your business associates, needed to execute business: In addition to collecting the information noted above, the PRI websites provide means to share information, including PII, required to comply with industry-managed program procedures.

PRI does not collect personal information from, or share information with, organizations that aggregate PII for purposes unrelated to PRI business.

Why We Collect Your PII, and How We Use It
We use the information you voluntarily provide to customize your website experience, respond to your requests and needs, register you for events, and deliver you products and services that you have requested.  We also use this information to control access to various restricted areas of the websites or to restrict the display of data to only appropriate parties.

PRI uses this information in your legitimate interest, to execute the programs and provide the services which you have requested.  In many cases, PRI and your company have a contractual obligation to one another to use your information to follow program procedures.  PRI may use your PII to contact you about programs, such as training, that support or improve your ability to participate in industry-managed programs and to follow program procedures.

When you send us an email and request a response, we use the email address and other information you provide to respond to your inquiry. We may also log the nature and content of email requests we receive, which helps us identify areas for improvement on the site.

We use the information you involuntarily provide to learn about our visitors as a group, not about you as an individual. This information helps us identify overall usage patterns and trends on the websites, and can specifically help us, among other things:

  • Identify how much traffic various areas of the websites receive.
  • Determine when we should schedule site maintenance.
  • Determine demographic profiles of our visitors.
  • Optimize the site for common browsers used at the site.

It is possible to browse websites, including PRI websites, anonymously; you have the option of doing so, but doing so may also make it more difficult for the PRI websites to best meet your needs.

PRI websites also provide a means of communication and collaboration among PRI’s customers. Postings you make to an online discussion, including any PII, are visible to other program participants, depending on each participant’s role in the program and associated access rights.  Your PII may be shared by other program participants to fulfill procedural requirements.  All program participants are bound by program procedures and terms and conditions of use on PRI websites, to only use information for the purposes of executing program activities.

Data Protection, Security, and Retention Practices
PRI protects the security of your sensitive personal information when you exchange that information with PRI websites. PRI uses industry-standard TLS (Transport Layer Security) and Secure Sockets Layer (SSL) technology when exchanging this information, which encrypts the information during transit. PRI also maintains firewall and other managed software, as well as physical and procedural safeguards, to protect systematically stored data.

PRI abides by the principles of privacy by design and default, and PRI retains data in accordance with the policies outlined in its company policies and program procedures.  PRI employees are bound by its Data Protection Policy, a copy of which can be obtained by emailing gdpr@p-r-i.org.  PRI conducts regular training for its staff on data protection practices and policies, and PRI engages in annual cybersecurity and controls audits.

It is important that you protect your eAuditNet.com user ID and password. If you are logged in to the eAuditNet.com site from a shared computer, be sure to log out when you are finished with a visit; a logout button can be found on nearly every page of our site.

HTTP Cookies
PRI websites use HTTP cookies, which are small text files stored on your computer and used to identify your web browser and store text information that can be used to customize your website experience. Cookies are used on PRI websites to provide a more personalized experience, process transactions, maintain customer records, and obtain statistics and other analytics regarding website usage. Some PRI cookies are used to save you time by remembering your login and maintaining your session. Other PRI cookies are used for personalizing your visit and allowing you access to customized website features. Cookies help the PRI servers identify who you are and your relationship with PRI, enabling us to provide you with appropriate access to various areas of the site.

Most Internet browsers allow you to accept, block, or delete cookies as you see fit. You can consult the “Help” and other menu items of your particular browser to learn different ways to manage your cookies. Because certain PRI website functions rely on cookies, the way you manage your cookies may impact your browsing experience or, in some cases, limit what the PRI websites can do for you. Depending on how you manage cookies, you may not be able to take advantage of personalization of the site or other site features and services.

PRI websites use both session and persistent cookies. Session cookies are stored in your browser’s memory and disappear when you shut down your browser or have no activity at a site for a defined period of time. Persistent cookies get written to your computer’s long-term memory and thus can stay on your computer to identify you for an extended period of time.

Children
PRI does not knowingly collect information about children under age 13 through its websites. PRI will not contact children under age 13 for marketing purposes, nor will PRI knowingly exchange with any third party information it stores about children under age 13.

Third Party Relationships
We share aggregate demographic information with our business partners. This data is not linked to any PII.

PRI does not sell your email address to any parties that systematically collect email addresses for marketing purposes unrelated to PRI business.

We partner with third parties to provide specific services, such as online meeting registration. For you to successfully participate in associated activities, we share with the third party only that information which is necessary for the purpose of providing said services.  PRI communicates an expectation to all its partners and third parties providing such services that those partners maintain appropriate safeguards around your PII and comply with all applicable regulations.

The PRI websites may contain links to third-party websites and/or content providers. This Statement does not extend to those parties, nor is PRI responsible for the content linked to or provided.

PRI may be required to provide information about its customers or prospective customers to law enforcement or government agencies if requested or necessary.

Your Rights and Responsibilities
You maintain control of the personally identifiable information that PRI websites collect and maintain about you. eAuditNet.com provides means, through the “Edit Profile” pages and/or its eAuditNet Support Helpdesk staff, for you to correct, update, and delete/deactivate your personally identifiable information and preferences.

PRI has appointed a Data Protection Officer to ensure that PRI follows its Data Protection Policy and its practices are consistent with those described in this Statement.  Please contact gdpr@p-r-i.org if you have any questions about your PII and PRI’s stewardship of it.

Comments and Questions
If you have comments or questions about this Statement, please contact us at:

privacy@p-r-i.org
Phone: +1 724 772 8679