Privacy Policy

GovLoop Privacy Policy (Last updated: Sep 08, 2020)

1.   Overview

Your information will be held by Granicus, LLC (“Granicus”). GovLoop, (“GovLoop”, “Company”, or “We”), which is a division of Granicus, operates within its own value streams and markets and is committed to maintaining your trust by protecting your personal data. This statement explains how we collect, use, share and protect your personal data. Personal data is any information relating to an identified or identifiable person. Your name, address, phone number, bank account number, email address and your IP address are examples of personal data. Unless otherwise specified, this notice applies to GovLoop’s marketing efforts.

GovLoop will process your personal data in a transparent and lawful way. Any personal data you provide when using this website or our products and services will be used only in accordance with this privacy statement.

We may change this statement from time to time to reflect privacy or security updates. If we make material changes, we will notify you via the email address listed in your account or by means of a notice on this website prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

This privacy statement is provided in a layered format so you can click through to the specific sections set out below. Alternatively, you can download a pdf version of the statement here.

    1. Overview
    2. Contact Us
    3. What Personal Data Does GovLoop Collect, and for What Purpose?
    4. Legal Basis of Collecting and Processing Data
    5. Change of Legal Basis
    6. Failure to Provide Personal Data
    7. Profiling
    8. With Whom Do We Share or Sell Your Personal Data?
    9. International Data Transfers
    10. Security
    11. Data Retention
    12. Data Subject Rights
      1. 12.1      Right to Request Access
      2. 12.2      Right to Rectification
      3. 12.3      Right to Object
      4. 12.4      Right to Erasure
      5. 12.5      Right to Restriction of Processing
      6. 12.6      Right to Portability
      7. 12.7      Right to Revoke Consent
      8. 12.8      Right to Make a Complaint
      9. 12.9      Right to Opt-Out of Data Sale
  1. Non-Discrimination
  2. Do Not Track Signals
  3. Cookie and Tracking Technologies

2.   Contact Us

If you have any questions about this statement or if you would like to exercise any rights you may have in relation to your personal data, please contact us at [email protected]. If you have additional questions or need to escalate an issue, use the below details for our Data Protection Officer (DPO).

Full name of legal entity: Granicus, LLC, as described above
Name of DPO: Gerry Hansen
Email address: [email protected]
Postal address: 408 St. Peter Street, Suite 600, St. Paul, MN 55102, USA
Telephone number: 651-400-8730

3.   What Personal Data Does GovLoop Collect, and for What Purpose?

We may collect your personal data such as your name, place of employment and address, job position, e-mail address, and phone number. This data is collected directly from you through forms on our website or over the phone and is used to communicate and personalize such communications with you, including offering products and services that we believe may be of interest to you.

Information about your chosen subscriptions is used to better provide you with relevant e-mail content. We may also gather data about you from referrals from existing community members. In certain situations, such as when you authorize a social network to prefill a form on our website or if you interact with social media buttons on our website, we may receive publicly available information from your social media profile (such as first name, last name, e-mail address, date of birth, gender, job title, and company).

In order to provide you with free resources, online trainings, and events, GovLoop may share your data with online training, event or resource underwriters. When you register for an online training/event or download a resource, your information may be shared with the sponsors of that document or training. You have the option to unsubscribe or opt-out from sponsor communications with said sponsor at any time.

We also gather certain data automatically upon your visit to our website, including Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on our site and e-mails (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site. Your IP address may also be utilized to infer your location, which we may use to send you more relevant content.

We will not collect additional categories of personal information or use the personal information we collect for materially different, unrelated, or incompatible purposes without providing you notice.

In the preceding twelve (12) months, we have collected, disclosed or sold the following categories of personal information:

Category Examples Collected (YES/NO) Shared

(YES/NO)

Sold

(YES/NO)

A. Identifiers. First Name
Last Name
Email Address
Job Title
Organization
Business Phone Number
Address
State
City
Zip
Country
Job Function
Type of Government
Mobile Phone Number (this is not shared or sold)
IP address (this is not shared or sold)
YES YES YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). Name, address, telephone number, credit card number, debit card number, username or email address in combination with a password. Some personal information included in this category may overlap with other categories. YES NO NO
C. Internet or other similar network activity. Browser type, Internet service provider (ISP), operating system, date/time stamp YES NO NO
D. Digital Behavior Referring/exit pages, the files viewed on our site and e-mails (e.g., HTML pages, graphics, etc.), clickstream YES YES YES
E. Protected classification characteristics under California or federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). NO NO NO
F. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. NO NO NO
G. Biometric information. Genetic, physiological, behavioral, and biological characteristics or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. NO NO NO
H. Geolocation data. Physical location or movements. NO NO NO
I. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information. NO NO NO
J. Professional or employment-related information. Current or past job history or performance evaluations. NO NO NO
K. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. NO NO NO
L. Inferences drawn from other personal information. Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. NO NO NO

 

4.   Legal Basis of Collecting and Processing Data

We will use your personal data when the law allows us to. Most commonly, for marketing purposes, we will process your personal data in the following circumstances:

  • Where you consent; or
  • Where it is necessary for our legitimate interests (i.e. we have a business or commercial reason for using your information) and your interests and your fundamental rights do not override those interests.

When applicable, our legitimate interests may include:

  • Providing high-quality customer service.
  • Complying with laws or regulations that apply to us.
  • Developing our products and services, and what we charge for them.
  • Defining customers for our products and services.
  • Seeking your consent when we need it to contact you.
  • Providing our customers with relevant marketing, and other high-quality product and service features.
  • Keeping our marketing updated and relevant.

5.   Change of Legal Basis

We will only use your personal data for the uses and purposes set out above unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original uses and purposes. If we need to use your personal data for an unrelated purpose, we will notify you and will explain the legal basis which allows us to do so.

6.   Failure to Provide Personal Data

Where we need to collect personal data by law or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with resources or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.

7.   Profiling

We will not use your personal data for decisions based solely on automated processing if the decision has legal effects concerning you or if it significantly affects you unless you gave your explicit consent for this processing.

8. With Whom Do We Share or Sell Your Personal Data?

We share your personal data with the following categories of recipient:

  • Agents and subcontractors. We may disclose your personal data with our agents or subcontractors for the purposes identified above. In these cases, the agent or subcontractor will be obligated to use that personal data in accordance with the terms of this privacy statement. Your data may be shared with these types of agents and subcontractors.
    • Marketing automation and analytics service provider
    • Transactional email service provider
    • Opt-in tool provider
    • Webinar hosting platform
    • Advertising platform
  • Government authorities as permitted or required by law. This may include disclosing your personal data to regulators, or law enforcement authorities. We may transfer and disclose the data we collect about you for the following reasons:
    • To comply with a legal obligation, including, but not limited to responding to a court order;
    • To prevent fraud;
    • To comply with an inquiry by a government agency or other regulator;
    • To address security or technical issues; or
    • To assist government entities in responding to an emergency.
  • As part of a business transaction. In relation to an ongoing or proposed business transaction such as a transfer of the ownership or operation of Granicus, LLC or any companies in its group to another organization, if we merge with or are acquired by another organization, or if we liquidate our assets, your personal data may be transferred to a successor organization. If such a transfer occurs, the successor organization’s use of your data will still be subject to this statement and the privacy preferences you have expressed to us.

We share your personal data with the following categories of the recipient and such sharing constitutes a “sale” under the California Consumer Privacy Act.

  • Sponsors. We may disclose your personal data with our sponsors. Our sponsors generally underwrite resources and online training so that we may provide these resources at no cost to you. Sponsors are typically solution providers or consulting services who operate independently of GovLoop. They are disclosed by including their logos on their respective underwritten/sponsored content or on the landing page where you submit your information to register or download said resource. We may not share your data in all cases when downloading or registering for a sponsored resource.

    The NextGen Summit is the only event or resource that requires a registrant to pay. The payment information is available on the website. Your contact data may be shared with the sponsors of this event.You can opt-out of communications with these sponsors at any time through that sponsor’s unsubscribe mechanisms.

9.   International Data Transfers

In light of the July 16, 2020 “Schrems II” decisions, the European Court of Justice has decided that the EU-US Privacy Shield is no longer a valid international data transfer option. We plan to maintain our Privacy Shield certification as good practice; however, we will no longer rely upon it as a basis for data transfer. We will discuss with any partner relying on it for EU-US transfers their proposed alternative solutions.  We are monitoring the situation and hope for a new political and practical solution to be reached between the EU and the US regarding Mass Surveillance vs. Individual Privacy.

The remaining option open to us for data transfers from EU to the US are Standard Contract Clauses (SCCs), however we appreciate that these do not stop US government surveillance powers and laws, and we are therefore engaging with our partners to:

1) Review all our data transfers globally to identify areas that require change,
2) Switch Privacy Shield transfers to EU approved Standard Contract Clauses as a default, and
3) Where such data transfers under SCC’s enter countries where we have reason to believe the laws could place our customer data at risk of mass surveillance or capture by authorities without appropriate redress, we will aim to introduce additional contractual, organizational and technical safeguards to further protect your information.

Likewise, we are aware of the UK’s exit from the European Union and the end of the current transition period on December 31st, 2020.  We are aware that the UK hopes for a positive adequacy decision from the EU by then to allow data transfers to continue, but we will continue to monitor the situation in case alternative transfer mechanisms from EU to UK or UK to US become available or necessary.

We will continue to rely on legal derogations for case-by-case transfers where appropriate and will identify where this is the case.

10. Security

We are committed to ensuring that your personal data is secure. To prevent unauthorized access or disclosure, we have put appropriate technical and organizational measures in place to safeguard and secure your personal data.

If a data breach does occur, we will do everything in our power to limit the damage. In case of a high-risk data breach, and depending on the circumstances, we will inform you about remedial actions to prevent any further damage. We will also inform the relevant supervisory authority or authorities of the breach.

Unfortunately, no security measures are completely secure. We, therefore, cannot guarantee that your personal data will not be disclosed, misused or lost by accident or by the unauthorized acts of others. Further, we cannot control the dissemination of personal data you post in the public domain and you should have no expectation of privacy in respect of such data.

The procedures and related standards include limiting access to data and regularly testing and auditing our security practices and technologies.

Employees and temporary workers are required to follow policies and procedures and complete confidentiality training to understand the requirement of maintaining the confidentiality of customer information. If they fail to do so, they are subject to disciplinary action. All employees are required to complete privacy, security, ethics and compliance training. We also offer a wide variety of other training to all employees and temporary workers to help us achieve our goal of protecting your personal data.

11.Data Retention

We retain your personal data for as long as your account is still open. We retain the personal data you provide while your account is in existence or as needed to provide you services. Even if you only use our services every few years, we will retain your information and keep your profile open until you decide to close your account. However, it may not always be possible to completely remove or delete all your personal data from our databases without some residual data because of backups and other reasons.

To determine the appropriate retention period for the information we collect from you, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of the data, the purposes for which we process the data, whether we can achieve those purposes through other means, and the applicable legal requirements.

12.Data Subject Rights

To exercise any of the following rights, please contact [email protected]. If you need to escalate a matter or feel that your issue is unresolved, please contact our DPO. You may also exercise some of these rights (such as access and edit your information, or delete your profile) by visiting GovLoop’s website: https://www.govloop.com/members/{your username}/

Removing your profile/account from GovLoop.com does not delete your data from our marketing database. If you wish to remove this data, send a request to [email protected].

You have the option to unsubscribe or opt-out from any sponsor communications with said sponsor at any time. You can also update your email subscription preferences with GovLoop at any time: https://go.govloop.com/EmailPreferences.html

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month for particularly complex requests or if you have made several requests. In this case, we will notify you and keep you updated.

12.1 Right to Request Access

You have the right to request details of your personal data that we hold, including the categories of personal data collected, the sources from which it was collected, the purpose for such collection, the categories of third parties with whom such data is shared, and the specific data collected. Upon request, we will provide a copy of such personal data within a reasonable timeframe.

12.2 Right to Rectification

If you believe that any personal data we are holding on you is incorrect or incomplete, please contact us as soon as possible, at the address above. We will promptly correct any personal data found to be incorrect, though we may need to verify the accuracy of the new data you provide to us.

12.3 Right to Object

You may choose to object to the processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your data which override your rights and freedoms. You also have the right to object in cases where we are processing your personal data for direct marketing purposes. We will provide you with appropriate choices to opt-in or opt-out as set out above in this statement.

Please note that your objection may be overridden by the legitimate interests of GovLoop to process and collect your personal data.

12.4 Right to Erasure

To the extent legally permissible, you may be entitled to have certain personal data erased in the following circumstances:

  1. The personal data is no longer necessary in relation to the purposes for which it was collected or processed.
  2. You object to the collection or use of your personal data and there are no overriding legitimate grounds for the processing.
  3. The personal data has been unlawfully processed.
  4. The personal data has reached the defined retention period or for compliance with a legal obligation to which GovLoop is subject.

Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

12.5 Right to Restriction of Processing

You may have the right to restrict further processing of your personal data in the following situations:

  1. You contest the accuracy of the personal data.
  2. The processing of the data is unlawful.
  3. The personal data has reached the defined retention period, but you require the personal data to establish, exercise or defend legal claims.
  4. You object to the processing of data pursuant to the right to object as described above. The processing may be restricted pending the verification of whether GovLoop’s legitimate grounds override your rights as a data subject.

12.6  Right to Portability

You have the right to receive your personal data in a structured, commonly used and machine-readable format. GovLoop will assist in the transmission of such data to another entity, upon request, to the extent technically feasible. Note that this right only applies to automated information which you initially provided consent for us to use, or where we need the info to perform a contract with you.

12.7 Right to Revoke Consent

If you have consented to the processing of your personal data via the explicit checkbox located on forms on landing pages, you have the right to revoke such consent by emailing [email protected] at any time. The checkbox will only appear for individuals who reside in countries within the EU. Individuals from any country can request to delete their data the same way – by emailing [email protected]. However, if you withdraw your consent, this will not affect the lawfulness of any processing carried out before you withdraw your consent.

12.8 Right to Make a Complaint

You have the right to make a complaint at any time to the relevant local, national or industry privacy regulator. We would, however, appreciate the chance to deal with your concerns before you approach your supervisory authority so please contact us in the first instance.

12.9 Right to Opt-Out of Data Sale

For residents of California, you have the right to direct us to not sell your personal information.  You may do so by accessing our CCPA portal.

13. Non-Discrimination

We will not discriminate against you for exercising any of your rights under applicable law (such as GDPR, CCPA etc.). Unless permitted by applicable law, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

14. Do Not Track Signals

Currently, various browsers offer a “do not track” or “DNT” option which sends a signal to websites visited by the user about the user’s browser DNT preference setting. GovLoop does not currently commit to responding to browsers’ DNT signals with respect to our websites, in part, because no common industry standard for DNT has been adopted, including no consistent standard of interpreting user intent.

15. Cookie and Tracking Technologies

Granicus and its partners use cookies or similar technologies to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our user base. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on our website or service.

We also partner with third parties to display advertising on our website or to manage our advertising on other sites. Our third-party partner may use cookies or similar technologies in order to provide you advertising based upon your browsing activities and interests. If you are in the UK, European Union or California you will be provided with a cookie notice when you visit the site. The cookie notice will provide you an option to update your preference.  In the alternative, you may click here [or if located in the European Union click here] to opt-out of interest-based advertising.  Please note you will continue to receive generic ads.