Introduction

This privacy policy sets out how NVC Consulting, with trading address PO BOX 40110, Santa Barbara, CA, 93140, trading as the National Values Center/Spiral Dynamics (“we”, “us”, “our”) uses and protects any information that a user of its website or services (“you”, “your”) provides or which it collects when its website is used or services are requested.

NVCC takes your privacy very seriously and we respect, and are committed to protecting, the privacy of every individual who interacts with us. Please read the policy carefully.

Information we collect effective May 25th, 2018

NVCC is the data controller for the information you provide to us through our websites (www.spiraldynamics.org, www.spiraldynamics.com, www.spiral-dynamics.com, www.clarewgraves.com, www.clarewegaves.org, www.claregraves.com, www.claregraves.org, www.2018strategy.com, )  .We collect and process the following information about you:

  1. Information that you voluntarily provide to us through an online or offline interaction with us;
  2. Information with regard to your visits to our website or your calls to us, including technical data regarding the internet protocol (IP) address used to connect your computer or device to the internet, your login information to our site, browser details, operating system and platform, the Uniform Resource Locator (URL) details of pages you viewed or services you searched for, page response times, download errors, lengths of visits to certain pages, page interaction information, browsing methods and any phone number used to call us;
  3. Information we may receive from other sources if you use our other websites, social media platforms or other services we provide. In this case we will have informed you when we collected that data that it may be shared internally and combined with the sources of data mentioned above. We work closely with business partners (including, for example sub-contractors providing technical and delivery services, analytics providers, and referencing agencies) and we may receive information about you from them;
  4. Information we may have been provided by a vendor or employee about you as a third party when we asked for details of a next of kin or referee.
  5. Some information we collect is statistical data about our users’ browsing actions and patterns, and does not identify you personally.
  6. We do not request any sensitive data from you. Sensitive data means data that includes details about your race or ethnicity, information about your health, genetic and biometric data, sex life, sexual orientation, political opinions, religious or philosophical beliefs, and trade union membership.

In addition to the above personal information, we may collect and process the following information, depending on our relationship with you:

  • Customers and Potential Customers
  • Vendors and Suppliers
  • Current, Former and Potential Employees
  • Third Parties

Why we collect and process your information

We use information held or received about you in a number of ways, as detailed below. At no stage do we use your personal data for automated profiling or decision-making. Primarily we use your information to send you materials, information, books, or promotional information and information about SPIRAL DYNAMICS® products and services you requested.

How long we keep your data

We retain personal information for varying periods, depending on the nature of the data. In some cases, we are required by law to keep information on transactions for up to 7 years. In these cases, we seek to minimize the amount of personal data we retain.

Where we have received your consent to contact you for marketing purposes, we will continue to process your data until your consent is withdrawn or we have reason to believe the information has become outdated (through bounced e-mails, for example).Otherwise, we keep personal data according to the following criteria:

  • Customers and Potential Customers
  • Vendors and Suppliers
  • Current, Former and Potential Employees
  • Third Parties
  • Cookies

We may obtain information about your general internet usage of our website by using a cookie file which is stored by your browser. Cookies contain information that is transferred to your computer’s hard drive, which helps us to improve our website and to deliver a better and more personalised service. Some of the cookies we use are essential for our website to operate.

Storing and processing your personal information

Any information you give us will be stored on our systems and may be processed and used by us. It may be transferred to, and stored at, a destination within the USA where our servers are located. It may also be processed by staff, operating in the USA, who work for us or for one of our business partners or suppliers located in your specific country or region. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all reasonable steps, including appropriate technical and organizational measures to ensure that your personal data is treated securely and in accordance with this privacy policy and the applicable laws. Our websites provide an encrypted connection, but please note that sending data by e-mail will not necessarily be secure.

Sharing your personal information (our data processors)

Your personal data will not be disclosed to any third parties except to our business partners who assist us in providing our products and services to you, or as required by law. These third parties include:

  1. Infusionsoft, Inc. (“Infusionsoft”), to help us manage our mailing lists and to ensure that we only send marketing e-mails to those who have opted in or to whom we have a right to send information. Your name, company and e-mail address may be shared with Infusionsoft, and aggregated with any IP address from which you open a message sent via their service. Their privacy policy can be viewed online here: https://www.infusionsoft.com/legal/privacy-policy
  2. Google Inc. (“Google Analytics”), to allow us to track and analyse visits to and usage of our website. The only personal data we share with Google Analytics by us is your IP address, which is never aggregated with any other personal data. Google’s Privacy Policy can be viewed online here: https://policies.google.com/privacy
  3. Endurance International Group. (“Hostgator”), our web hosts. Hostgator provides the servers which power our main websites (www.spiraldynamics.org and www.clarewgraves.com). Any data you share via this website (including your IP address) may be cached or stored on Hostgator servers within the US. We do not otherwise share any personal data with Hostgator. Their privacy policy can be viewed online here: https://www.endurance.com/privacy/privacy
  4. PayPal, (“Payment partners”), to enable us to make and receive payments from clients and to providers. We share account details as well as names and e-mail addresses with these partners. PayPal’s privacy policy can be viewed online here:https://www.paypal.com/webapps/mpp/ua/privacy-full,.

However, we may disclose your personal data to other third parties if:

  1. We sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
  2. NVC Consulting or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
  3. We are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to enforce or apply our terms and conditions, or to protect our rights and property, or our safety and that of our customers and third parties. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

If we are involved in a merger, acquisition or sale of assets, we’ll continue to ensure the confidentiality of your personal information and give affected users notice before personal information is transferred or becomes subject to a different privacy policy.

Security

We are committed to ensuring that your personal data is secure. In order to prevent unauthorised access, use or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information that we collect online. Our security technologies and procedures are regularly reviewed to ensure that they are up to date and effective.

We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this privacy policy. This includes training for all staff members on data protection and governance.

Information you provide to us is stored on our internal servers, which are secured by firewalls and various means of authentication. Unfortunately, the transmission of information via the internet is not completely secure. While we will take reasonable steps to protect your personal information, we cannot guarantee the security of any information transmitted through our website; any transmission is at your own risk. We offer an SSL connection to our website and portal, and would recommend that any files are transferred through an encrypted connection where possible, rather than via e-mail.

Your rights and control of your information

Under the General Data Protection Regulation (GDPR) you have a number of rights with regard to your personal data.

Should you believe that any personal data we hold on you is incorrect or incomplete, you have the right and the ability to:

  1. Access the information we hold about you in accordance with the GDPR.
  2. Ask for your information to be corrected or updated;
  3. Ask us to remove your information from our records;

You also have the right to control the use your information for our own direct marketing purposes. Please select the options and levels of communication you want to receive. We expressly do not pass your personal data on to third parties for direct marketing purposes.

Where we receive notice to restrict the processing of or to erase your information, we will do so where we are not under a legal obligation to retain it. At the end of any legal retention period, we will erase your data as requested.

There are several other rights that you have under European law; please see the ICO website or your national data protection body for further details.

Contacting us about your data:

The supply of information under a subject access request is generally free of charge. However, NVCC reserves the right to charge a reasonable fee when a request is manifestly unfounded or excessive, particularly where it is a repeat request. The Data Protection Administrator will always verify the identity of anyone making a subject access request before handing over any information. An initial response to a subject access request, containing all the requested data, must be provided within thirty days.

In the event that you wish to submit a data subject access request, or to complain about how we have handled your personal data, please contact our data protection and governance team at info@spiraldynamics.org or in writing to the following address:

NVCC | The Spiral Dynamics People | PO BOX 40110 | Santa Barbara | California | 93140 | United States of America

Our data protection and governance team will then investigate your request/complaint and work with you. We aim to comply with data protection requests within 30 days.

NVC Consulting

May 2018