Our Practice
Last modified: February 23, 2023
PDP Global (a DBA of PDP, Inc.) understands that your privacy is important and that you care about how your information is collected, processed, transmitted, stored, used, or shared. We respect and value the privacy of everyone who visits Our Sites and extend the same rights and protections to all visitors and Data Subjects. We will only collect and use information in ways that are useful to you and in a manner consistent with your rights and our obligations under the law.
This Policy applies to our use of any and all data collected by us in relation to your use of Our Sites or other means of collection. Please read this Privacy Policy carefully and ensure that you understand it. Your acceptance of Our Privacy Policy is deemed to occur upon your first use of Our Sites AND/OR you will be required to read and accept this Privacy Policy when signing up for an Account or responding to a survey invitation. If you do not accept and agree with this Privacy Policy, you must stop using Our Sites immediately.
This Privacy Policy applies only to your use of Our Websites. It does not extend to any websites that we do not own that are linked to from Our Sites (whether we provide those links or whether they are shared by other users). We have no control over how your data is collected, stored, processed, used, transmitted, or shared by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.
In this policy, the following terms shall have the following meanings:
“Respondent” | The individual taking one of our surveys or completing one of our forms or acting as a student of our PDP eCampus educational material. |
“Client” | The licensed organization with a my.PDPworks account and certified PDP users. |
“PDP Representative” | The contracted organization and its users that market, sell and service client accounts. Representatives have access to client accounts and are trained annually on the importance of data confidentiality. |
“Survey” |
The questionnaire instruments for measuring the dynamics of behaviors. There are three types of surveys:
|
“Cookie” | A small text file placed on your computer or device by certain parts of Our Sites and/or when you use certain features of Our Sites. See Our Cookie Policy. |
“Our Websites” |
Include but not limited to: PDPglobal.com—Our corporate website my.PDPworks.com—Our web application where users login to process invitations and surveys and to retrieve resulting reports. eCampus.PDPglobal.com—Our Learning Management System (LMS) |
“User” | You, when you log in to any of our websites. |
“We/Us/Our” | PDP Global, a DBA of PDP, Inc., a C corporation registered in the State of Colorado, USA. |
“Data Subject” | Survey respondents, account users—anyone providing personally identifiable information (PII). |
“Data Controller” | A data controller determines the purposes and means of processing personal data. |
“Data Processor” | A data processor is responsible for processing personal data on behalf of a controller. |
Yes. For any question or request relating to your data and privacy, please email us at privacy@pdpglobal.com or call our office at +1 719-785-7300 and we will be happy to assist you in your concerns.
Under certain conditions, more fully described on the Privacy Shield website at How to Submit a Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our EU/UK Representative:
Ensurety
Attn: PDP Privacy
Enterprise House
Ocean Way
Ocean Village
Southampton, Hampshire SO14 3XB
pdp.privacy@ensurety.co.uk
We will act in most cases as a Data Processor for our clients. In a small number of cases, we will act as the Data Controller. The following is a straightforward way to understand it:
The Data Controller decides what personal data is collected, how it is collected, and its purpose. The Data Processor acts on the explicit instructions of the Data Controller to complete a defined process involving the personal data that was provided.
In the vast majority of cases, we act as a Data Processor or a sub-processor for clients and we have agreements in place to ensure data security. We act in accordance with our customers’ requests and relevant data protection legislation and best practices.
We will occasionally act as Data Controller with data having to do with our own employees and Representatives, along with those situations involving technical support and testing.
When requesting information on Our Websites about our services, you may use a form where you are asked to provide your name, email address, mailing address, and phone number or other details to help your experience be as beneficial as possible or to provide you with documentation you require.
On the LMS, we may ask for the same information and you may answer test and quiz questions to help you and us to determine your level of knowledge acquisition.
Some data will be collected automatically by Our Websites. Please review our Cookie information. We may collect information about how you use Our Websites to aid us in continually improving their functionality.
This may include information about your originating IP addresses (which may infer your geographic location but not your identity), Internet service providers, the files viewed, and timestamps of activity on Our Websites.
We may also record which operating system, device, and browser version you use to help ensure that you have a positive online experience.
Below are flow charts summarizing the collection and processing of marketing, eLearning, and survey data:
Cookie policy—Website visitors are given notice that cookies are used to improve the online experience.
|
Entrance from web forms—Consent check boxes are on all forms for communicating and processing.
|
Internal notifications— Contacts are assigned to PDP Sales Representatives and PDP Staff who are notified of the assignment.
|
Prospective client/PDP sales receives an auto-response email—The contact receives an auto-response email to schedule a meeting via a calendar app.
|
Contact information and contextual data is stored—Information such as email, phone, nature of interest, website interactions, and communications (i.e., email, calls, etc.) are stored in the CRM. |
Cookie policy—Website visitors are given notice that cookies are used to improve the online experience.
|
Forms on eCampus—Learners use our forms either to: 1. register on eCampus or 2. identify knowledge obtained and/or views on what you are learning as part of a PDP course.
|
Registering—If you complete a form to gain access to the eCampus and specific content, PDP processes your data, gives you unique credentials, and stores your data in our hubspot database and in our eCampus. You are then emailed your credentials to provide access to the eCampus and the appropriate contact. Only authorized users may access your data. |
New user begins—You, the learner, may begin accessing the eCampus and appropriate content.
|
|
Personal Information—Personal information we may collect from you the Learner (Data Subject) may include:
|
Existing users processing & emailing—PDP processes your quiz scores and stores your data in our secured eCampus website. Only authorized users may access your scores and responses. Inn some cases, we may send you, your trainer/PDP Representative, and/or employer your answers to follow up, depending on the situation.
|
Existing users continues—You, the learner, may retake quizzes or move on toward course completion.
|
The organization (typically Certified Client organizations—generally employers, or Licensed Representatives of PDP Global acting as HR consultants) that has requested you to complete a survey on my.PDPworks is the Data Controller and we are acting as the Data Processor. The Data Controller decides what data is to be collected and how it will be used. We provide Client organizations with their own unique login to my.PDPworks to manage the data they collect from you. See the flow chart below, which explains the process:
PDP Surveys—Organizations use our system to administer surveys (ProScan or JDA). Personal information—Personal information an organization may collect from you the respondent (data subject) may include:
|
Email processing—PDP processes and stores your data in our secure cloud data center in the U.S., and on behalf of our client organizations, sends an email invitation to you the respondent with a link to a survey. Alternatively, our client organization may provide a paper form or a web page with a link to a survey.
|
Confirm information—You, the respondent (employee, applicant, or team member), verifies or corrects your personal information and completes the survey.
|
Survey processing—Your survey is processed and report(s) are generated, stored, and distributed to appropriate users in support of the organization's processes.
|
No. All Surveys provided by us should never be used in isolation in recruitment or human resource processes. Each user from organizations using my.PDPworks.com is trained and instructed in this principle. Our Surveys are provided to Data Controllers as part of a larger decision-making process and structure, which include other information the Data Controller collects.
As part of continual improvement and validation, we undertake research and analysis, which requires us to process personal data for this clearly defined purpose. When we process such personal data for research purposes, we do so as Data Controller under the lawful basis of Legitimate Interest.
When we process personal data for research, results are presented in group form (e.g., averages). We ensure appropriate safeguards, including anonymization of the data, secure transmittal and storage, and adherence to the principal of least privilege.
Based upon the different services we offer and how we provide those services, we rely on the most appropriate lawful basis when processing your data. When the most appropriate lawful basis for processing is Legitimate Interests, we will always ensure that our interests are carefully balanced with and do not adversely impact your rights.
There may also be specific instances where we require your consent for the processing of your personal data. We will ensure the consent obtained is aligned with current applicable legislation and that it is specific, informed, and freely given.
Our employees, associates, and sub-contractors take the security of your personal data seriously.
If you would like to learn more about our security practices, please see Security, and Our Trusted Sub-Processors.
Yes. See Our Trusted Sub-Processors and Security document.
Your data is stored in cloud-based services in highly secured data centers in the U.S. (see Our Trusted Sub-Processors). Your data is encrypted while it is in transit from your web browser to our data center and when at rest. Access to your data is restricted by strong and tightly held authentication and physical security.
As prescribed in applicable law, we only keep personal data as long as necessary. When deciding the length of personal data retention, we take into account any minimum retention requirements set out in applicable legislation.
When we act as Data Processor, the client organization acts as the Data Controller. As such, the client organization will decide how long data should be retained and will manage the retention and anonymizing process accordingly.
When using aggregated data for research purposes, we function as Data Controller and follow what is described in the research question above.
Your rights as a data subject under GDPR are detailed in Chapter 3 – Articles 12 to 23. You have eight fundamental (though not absolute) rights under GDPR.
Please contact us at privacy@pdpglobal.com. Or you may write to us at:
PDP Global
Attn: Privacy
13710 Struthers Road, Suite 215
Colorado Springs, CO 80921 USA
We will respond to your request within 30 days. Complex or excessive requests may require a longer period for resolution. In situations where we function as the Data Processor, the first step will be to put you in contact with the client organization that functions as your Data Controller. Together, we will work to address your request or concern. See overview of how requests work:
We reserve the right to charge an administrative fee or refuse a request where requests for data are clearly unreasonable or excessive, particularly if they are repetitive.
We have chosen to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC), respectively, and comply with information and advice the DPAs and the FDPIC may provide in relation to such unresolved complaints (as further described in the Privacy Shield Principles). Please contact us to be directed to the relevant DPA or FDPIC contacts.
You also have the right to refer data privacy issues or concerns to the ICO at any time. You will find details of how to contact the ICO at https://ico.org.uk/.
Data subject request—Data subjects can request a copy of their personal data in a CSV file by emailing privacy@pdpglobal.com. They also may request modification or deletion (anonymization) of any personal data. Requests will be acted on within 30 days. The data subject will receive notification once their request is complete. |
Communications throughout the deletion or correction process—Contacts will be given instructions to delete the data in the privacy policy. PDP will respond to requests for deletion which will be emailed to privacy@pdpglobal.com
|
Documenting the deletion process—Once a deletion or correction request is received, PDP will reply to confirm what action will taken, then notify the data subject once the request is complete. PDP will log the request and resulting actions with our EU Agent.
|
If you believe that a loss of personal data we use or manage has occurred, or an unlawful use or disclosure of the data has occurred contact us at privacy@pdpglobal.com, or you may write to us at:
PDP Global
Attn: Privacy
13710 Struthers Road, Suite 215
Colorado Springs, CO 80921 USA
Alternatively, you may contact our EU or UK Representative:
UK Representative / UK and EU DPO
Ametros Group Ltd
Lakeside Offices, Thorn Business Park
Rotherwas Industrial Estate
Hereford
Herefordshire
England
HR2 6JT
0330 223 2246
dpo@ametrosgroup.com
www.ametrosgroup.com
EU Representative
Ametros Ltd
Unit 3D
North Point House
North Point Business Park
New Mallow Road
Cork
Ireland
gdpr@ametrosgroup.com
www.ametrosgroup.com