information (such as your login credentials) that allows us to verify your identity before accessing certain data we

host. This identity verification information is kept secure on our servers and is only used to assist you in accessing

your account or report; this information is not released outside of the relevant Employee Confidential system

unless specifically authorized.

We only collect and process sensitive personal data where it is critical for the delivery of our service and without which,

our services cannot be provided. We will therefore not seek your explicit consent to process this information, as it is

required by us to provide the service you have requested and is legitimized by its criticality to the service delivery. If you

such as your IP address, browser type and language, and the site you came from as well as pages you visit and

links you click on within our site

Employee Confidential uses the information we collect to operate and improve our products and services, to communicate

with you and to undertake statistical analysis. We may also take the opportunity to contact you about products that are

closely related to those you already hold with us, provide additional assistance or tips about these products or services and

notify you of important functionality changes to our platforms and website.

When Employee Confidential collects personally identifiable information from visitors to our sites, the information

received. For participants of our web seminars, the only personally identifiable information we share is webinar registration

information and it is only shared with our web seminar presenters to provide this service. They are not permitted to use this

information for their own marketing purposes.

Personally identifiable information such as name, contact information, username and password is stored in our database for

access to and use of certain software applications. This information is kept secure on our private servers and is only used to

assist you in accessing your account. No information is released outside of the Employee Confidential system unless

specifically authorized.

Employee Confidential utilizes Cookie technology on our sites for purposes of Website traffic analysis such as the

time/date of the visit, the time/date of last visit, the page viewed, the referring site, and other data. Employee Confidential

also tracks click behavior in the e-mails it sends out. This data is used to update specific user-profile information, ascertain

the areas of most interest to opt-in e-mail recipients, and to personalize e-mail messages to them.

We also use session ID cookies for access to products and services by our licensed users and reporters. These session

Cookies are used to make it easier to navigate our site, products and services. A session ID Cookie expires when your

browser is closed.

If you reject Cookies, you may still use portions of our site, but your ability to use some areas of our site, products or

services, may be limited.

In limited circumstances, and with appropriate notice to licensed users, we will use persistent Cookies (Cookies that do not

expire when your browser is closed). In these situations, licensed users are required to consent to the placement of a Cookie

prior to it being activated and consent may be withdrawn at any time by simply accessing the form and un-ticking the box

giving Employee Confidential permission to store the information. Any persistent Cookie that is unused for 30 days will

As is true of most Web sites, we gather certain information automatically and store it in log files. This information includes

automatically collected data through the use of Cookies and log files to personally identifiable information.

include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, operating

system, date/time stamp, and/or clickstream data. We do not link this automatically collected log information with other

information we collect about you.

Employee Confidential will take reasonable precautions to protect personal information in its possession from loss, misuse

and unauthorized access, disclosure, alteration and destruction.

For licensed users and reporters, communications between the Employee Confidential site and a user's web browser are

accomplished using, at a minimum, 128 bit SSL encryption and various third party security certificates to protect

confidential data. Employee Confidential does not allow users to transfer or receive confidential information unless they are

using a validated 128 bit (or greater) encrypted session.

We follow generally accepted industry standards to protect the personal information submitted to us, both during

transmission and once we receive it. However, no method of transmission over the Internet, or method of electronic storage,

is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we

cannot guarantee its absolute security.

Our Site includes links to other Web sites whose privacy practices may differ from those of Employee Confidential. If you

submit personal information to any of those sites your information is governed by their privacy statements. We encourage

you to carefully read the privacy statement of any Web site you visit.

No company other than Employee Confidential is allowed to access information stored on our servers, unless expressly

authorized by Employee Confidential. Unauthorized access to this information is a violation of the law. Employee

Confidential has placed security measures and firewalls on all network servers in an attempt to prevent outside parties from

accessing private information. In the event of a breach of security, Employee Confidential will press charges to the fullest

Employee Confidential complies with the General Data Protection Regulation (GDPR), the U.S.-EU and U.S.-Swiss Safe

Harbor Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of

personal information from EU countries and Switzerland. Employee Confidential adheres to the Safe Harbor Privacy Principles

of notice, transfer, security, integrity, access, and enforcement. Microsoft Azure is Employee Confidential's Data Subprocessor.

Upon request by mail or e-mail (to the addresses noted below in the Contact Information section) and after verifying their

identity, Employee Confidential will grant individuals reasonable access to personal information that it holds about them,

unless otherwise legally unable to do so. In addition, Employee Confidential will take reasonable steps to permit

individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete. Employee

disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, or legal process served

on us.

In the event Employee Confidential goes through a business transition, such as a merger, acquisition by another company,

or sale of all or a portion of its assets, your personally identifiable information will likely be among the assets transferred.

You will be notified via prominent notice on our Web site for 30 days of any such change in ownership or control of your

personal information

If you have received unwanted, unsolicited e-mail sent by Employee Confidential or from any Employee Confidential

system or purporting to be sent via Employee Confidential, please forward a copy of that e-mail with your comments to

privacybreach@employeeconfidential.com for review.