GDPR Compliance for Birkman International

General Data Protection Regulation

Birkman International’s Privacy Policy for EU, UK, and EEA Residents
Effective Date of Agreement: August 23, 2022

Introduction

Birkman International, Inc., its subsidiaries, and its affiliated entities throughout the world (collectively, “Birkman,” “we,” “us,” or “our”) is committed to protecting the privacy of your personal information. This European Privacy Policy (the “European Policy”) sets forth the additional rights available to European Union (“EU”), United Kingdom (“UK”), and European Economic Area residents (“EEA”) and supplements the information contained in our Privacy Policy and applies solely to persons located in the EU, UK, and EEA. The purpose of this European Policy is to comply with the EU General Data Protection Regulation 2016/679 (“GDPR”) and the UK GDPR (which is the UK law version of the EU General Data Protection Regulation by virtue of section 3 of the European Union (Withdrawal) Act 2018 and as amended by Schedule 1 to the Data Protection, Privacy, and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019). Any applicable terms defined in the GDPR or UK GDPR have the same meaning when used in this European Policy. Similarly, any terms defined in our Privacy Policy have the same meaning when used in this European Policy.

This European Policy does not apply to workforce-related personal information such as a company registration number, a company email, or anonymized data.

This European Policy describes the types of information we may collect from you or that you may provide when you visit the website https://birkman.com, https://direct.birkman.com, https://q.birkman.com, and https://workspaces.mybirkman.com and use our other tools, technology, social media accounts, mobile applications and/or participate in our SMS Program and other programs (collectively, the “Platform”).  It also describes our practices for collecting, using, maintaining, and protecting that information.

In conjunction with the Terms of Use on our Platform (the “Terms of Use”), this European Policy sets out the basis on which any personal information you provide will be collected, used, stored, and disclosed by us. Please read it carefully. If you do not agree with our policies and practices, your choice is not to use our Platform. By accessing or using our Platform in accordance with our Terms of Use, you agree to this European Policy. This European Policy may change from time to time, as discussed below. Your continued use of our Platform after we make changes is deemed acceptance of those changes, so please check this European Policy periodically for updates.

Personal Information We Collect About You

We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual (collectively, “Personally Identifying Information” or “personal information”). You are not required to provide the personal information described herein. However, the consequence for not providing the requested personal information is that you are not able to use parts of our Platform. By accessing or using our Platform, you agree to this European Policy and to provide the requested personal information.

We collect Personally Identifying Information from our customers and respondents. Our customers can be individuals or companies, which may provide Personally Identifying Information on its employees.  A respondent is anyone who completes The Birkman Method questionnaire.  The Personally Identifying Information we collect from our customers may include: full name, referral name, company name, mailing addresses (city, state, zip, country), email addresses, phone numbers, invoicing history, spoken language, education level and area of study, age, gender, ethnicity, employment status, detailed employment information (position title, dates hired, etc.), learning management system (LMS) training history, Birkman account ID numbers, last four digits of credit card, and food allergy information.

The Personally Identifying Information we collect on respondents of The Birkman Method questionnaire is much more limited and may include email address, country, language, first and last name, zip/postal code, education information, gender, the purpose for taking the assessment, year born, ethnicity, employment status and employment details (job title, years worked, organization size, employer name, full- or part-time, seeking, not seeking, not able to work, retired). When someone completes a Birkman questionnaire, this constitutes an express agreement to provide Personally Identifying Information to Birkman.

How We Collect Personal Information About You

We collect personal information about you:

• Directly from you when you voluntarily provide it to us;
• Automatically as you navigate through the Platform. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies.

Information You Provide to Us
The information that you provide to us through our Platform may include:

• Information that you provide by filling in forms on our Platform. This includes information provided at the time of using our service, posting material, or requesting further services. We may also ask you for information when you request an assessment, purchase our products or services, talk with our employees, or when you report a problem with our Platform.
• Records and copies of your correspondence (including email addresses) if you contact us.
• Details of transactions and reservations you carry out through our Platform. You may be required to provide personal and financial information (last four digits of credit card number and expiration date (“Financial Information”)) before using our Platform.
• Through creation of accounts through our Platform.

Information We Collect About You Automatically
As you navigate through and interact with our Platform, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

• Details of your visits to our Platform, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Platform.
• Information about your computer and internet connection, including your IP address, operating system, and browser type.

We also may use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking).

The information we collect automatically includes statistical and analytical data and, in some instances, personal information.  We collect such data automatically because it helps us to improve our Platform and to deliver a better and more personalized service, including by enabling us to:

• Estimate our audience size and usage patterns.
• Store information about your preferences, allowing us to customize our Platform according to your individual interests.
• Speed up your searches.
• Recognize you when you return to our Platform.
• The technologies we use for this automatic data collection may include cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting, you may be unable to access certain parts of our Platform. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you access our Platform through your browser.

Third-Party Use of Cookies and Other Tracking Technologies
We do not use third parties to collect personal information.

Third Party Disclosure
We do not barter, trade, or sell access to your Personally Identifying Information, other than with your written permission. Financial Information may be shared with third parties for verification, processing, and fraud detection purposes only.

How We Use Your Information

The basis for our collection of and use of your Personally Identifying Information will vary dependent on your relationship with us. However, we operate in compliance with applicable data protection laws and process personal information where we have a legal basis for doing so.

Our Platform is the principal means by which individuals access THE BIRKMAN METHOD^® assessment. The assessment is comprised of a questionnaire of approximately 300 questions and a series of reports derived from the responses to these questions. Individuals take THE BIRKMAN METHOD assessment on their own initiative or at the request of an employer, a prospective employer, educational, religious, or not-for-profit organization, or other groups (a “Sponsoring Organization”). Consultants and consulting firms that help administer THE BIRKMAN METHOD assessment are considered Sponsoring Organizations. We use your Personally Identifying Information to complete THE BIRKMAN METHOD assessment. Of the Personally Identifying Information collected from you, only the assessment results (“Assessment Results”), specifically your name and email address, and the reports about you generated in connection with THE BIRKMAN METHOD assessment, are accessible by the Sponsoring Organization.

For research purposes, we may aggregate your responses with the responses of other individuals to develop group norms, conduct validation studies, perform statistical analysis, develop new products and services, and otherwise improve our assessments. In these cases, your age, gender, and other personal information may be used to create only aggregated results which may be included in reports that are published or otherwise disseminated, and which can in no way be linked to your Personally Identifying Information. You may at your option elect to provide personal information in connection with participation in future research initiatives (for example, providing an email address to participate in follow-up research).

We post customer testimonials and comments on our Platform, which may contain Personally Identifiable Information. We obtain each customer’s consent prior to posting the customer’s name and testimonial.

We may also use or disclose the Personally Identifying Information we collect for one or more of the following legitimate purposes:

• To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns.
• To provide, support, personalize, and develop our Platform, products, and services.
• To create, maintain, customize, and secure your account with us.
• To process your requests, purchases, transactions, and payments and prevent transactional fraud.
• To confirm your identity and protect against unauthorized use of our services.
• To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
• To personalize your experience on our Platform and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Platform, third-party sites, and via email or text message (with your consent, where required by law).
• To help maintain the safety, security, and integrity of our Platform, products and services, databases and other technology assets, and business.
• For testing, research, analysis, and product development, including to develop and improve our Platform, products, and services.
• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
• As described to you when collecting your personal information.
• To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our Platform users/consumers is among the assets transferred.
• If you are applying for one of our employment vacancies, we need to process your information to assess your suitability for the role you have applied for, and the legal basis we would be relying on is that the processing is necessary to perform a contract or take steps at your request, before entering into a contract.

We also collect and process personal information based on consent according to the GDPR, which you are free to give or refuse. You will see consent options when you visit our website for the first time. You can change your decisions at any time by emailing privacy@birkman.com. If you change your decision, it will not affect the lawfulness of processing based on consent before its withdrawal. Where we are relying on your consent to process personal information, you are entitled to withdraw your consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. If you are based in the EEA, you may only use the Platform if you can provide consent to data processing under the laws of your country.

Legal Basis for Processing Your Information

Performance of a Contract
This applies when you have provided your Personally Identifying Information so we can provide a product or service to you (e.g., creating a customer account when purchasing one of our products or completing a THE BIRKMAN METHOD application).

In order to use your personal data, we are required to have a lawful basis to do so.

When you buy a product from our website or use one of our services, you have given us your consent, we are fulfilling a contract to provide a product to you, or we have a legitimate interest in using your Personally Identifying Information.

Legal Obligation
We are legally required to keep certain pieces of your Personally Identifying Information for various legal or regulation reasons (records of your transaction information must be kept for tax and financial reporting purposes)

Consent
This applies where you ask us to provide a specific service to you and subsequently provide your consent as a result of that request:

• Cookies: We may place cookies that target you with personalized advertisements, this way we can tailor how you interact with us on our website. Advertising cookies are different from analytical/performance cookies which measure and record your interaction with our website for site improvements. When you visit our website, we give you the option to set what your preferences are so we can respect it.
• Marketing Communications from Us: If you opt in and later opt out of these communications and ask us to stop sending you communications, we will do that, although we would need to keep some of your Personally Identifying Information in our database so that we know not to contact you again.

Legitimate Interests
We may use your Personally Identifying Information that you have provided to us in the following scenarios legitimately:

• Fraud Prevention: Carry out fraud checks on transactions involving your personal data to ensure that your payment is free from any fraudulent or suspicious activities.
• Securing our Systems: Making sure our (websites/internal systems) are safe and secure, working properly and that your personal data is secure.
• Products and Services Improvement: How you interact with our products and services can also help us understand and meet your expectations, we can run market research or surveys using aggregated information to see which of our products or services you like and to get better insights into your needs.

You may withdraw from our communications by emailing privacy@birkman.com, which will not impact the lawfulness of processing based on consent before its withdrawal.

Disclosure of Your Information

In certain instances, we may share your personal information with other companies both in the United States and in other countries around the world. We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.  When taking THE BIRKMAN METHOD assessment at the request of a Sponsoring Organization, your participation indicates your consent to the disclosure of the Assessment Results only to that Sponsoring Organization. In addition, access to your Personally Identifying Information may be used by our employees in connection with the administration of THE BIRKMAN METHOD assessment. In providing your Assessment Results to Sponsoring Organizations, we will not disclose your answers to particular questions but will provide computer-generated reports derived from your responses by means of our proprietary process.

Except as provided below for purposes of corporate restructuring, compliance with applicable law, legal process, or enforcement, your Personally Identifying Information will not be transferred or disclosed by Birkman to a third party (other than a Sponsoring Organization, if applicable) without your express written consent. Where we share your personal information with third parties, we will put contractual measures in place to require the third parties to take reasonable precautions to safeguard your personal information, as required by applicable laws.

We may disclose personal information that we collect or you provide as described in this European Policy:

• To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Birkman’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Birkman about our Platform users is among the assets transferred.
• To third parties to market their products or services to you if you have consented to these disclosures.
• To fulfill the purpose for which you provided it.
• For any other purpose disclosed by us when you provide the information.
• With your consent.

We may also disclose your personal information:

• To comply with an appropriate UK or EU court order, law, or legal process, including to respond to any appropriate government or regulatory request.
• To enforce or apply our Terms of Use and other agreements including for billing and collection purposes.
• If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Birkman, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

Children’s Information

Our websites, online services, and products are not directed at children. We do not knowingly solicit or knowingly collect personal information from children under the age of 16. If you are under 16, you may not use our Platform.

If we become aware that you are under this age and are attempting to or have submitted personal information via our Platform, we will not accept such information and we will take steps to remove such information from our records. This may involve us accessing and verifying your age and other relevant details.

Storing Your Personal Information

We implement appropriate technical and organizational measures to protect your personal information against accidental or unlawful destruction, loss, change, or damage.

International Data Transfer

Your personal information may be transferred to and from the United States and other countries. When taking THE BIRKMAN METHOD assessment, whether at the request of a Sponsoring Organization or otherwise, your personal information is provided to us, and we are located in the United States. A Sponsoring Organization may also provide additional information about you to us. Your participation in the assessment indicates your consent to the transfer of your data to the United States and the disclosure of the Assessment Results only to that Sponsoring Organization. The Sponsoring Organization may be located in the United States or in another country around the world.

For any transfer of personal information to or from other countries, we will ensure the necessary steps are taken to give adequate protection to such information as required by the relevant data privacy laws. Unless notified otherwise or exempt, transfers of your personal information from within the EEA to us or a Sponsoring Organization outside the EEA or from outside the EEA to the EEA will be based on express consent, an adequacy decision, or standard contractual clauses as required by applicable law.

Retention of Personal Information

We retain your personal information according to our retention policy and only if it is required for the purposes we have stated in this European Policy. There are instances where we are required by law to hold on to this data for longer periods if required in connection with a legal claim or proceeding, or to comply with other legal obligations. In the case that you wish to cancel your registration as a member of the Platform once an account is deleted, we will not use the personal information about you other than for administrative purposes. Where you contribute to the Platform, we will generally only keep your content for as long as is reasonably required for the purpose(s) for which it was submitted. Where we no longer have a lawful basis to process your data, we will dispose it using the required standards such as deletion or anonymization.

How to Exercise Your Rights  

Automated Decision Making and Profiling
By completing The Birkman Method questionnaire, we generate an assessment or profile of your personality based on an automated analysis of your answers to the questionnaire. The details of how we use your personal data is described in Section 4.  We do not engage in any automated decision making based on your personal data.  Analyzing your responses to the questionnaire is necessary to perform our services and provide an assessment to you and/or the Sponsoring Organization.

Rights under the GDPR and UK GDPR
The GDPR and the UK GDPR provides persons within the EU, UK, and EEA with specific rights regarding their personal information. This section describes these rights and explains how to exercise those rights.

(a) Right of access. You have the right to obtain: (i) confirmation of whether, and where, we are processing your personal information; (ii) information about the categories of personal information we are processing, the purposes for which we process your personal information and information as to how we determine applicable retention periods; (iii) information about the categories of recipients with whom we may share your personal information; and (iv) a copy of the personal information we hold about you.

(b) Right of portability. You have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal information to another person.

(c) Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal information we hold about you without undue delay. You may request that we complete and/or correct any personal information we have collected on you.

(d) Right to erasure. You have the right, in some circumstances, to require us to erase your personal information without undue delay if the continued processing of that personal information is not justified. This means that Birkman’s consultants, clients, customers, and questionnaire respondents can request that Birkman delete any/all personal information of themselves, and it will be permanently deleted.

(e) Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal information if the continued processing of the personal information in this way is not justified, such as where the accuracy of the personal information is contested by you.

(f) Right to object. You have a right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal information, and we will assess and inform you if that is the case. You can object to marketing activities for any reason. Depending on the data being objected to, it may prohibit you from doing business with Birkman because of the legal standpoint from which Birkman operates. Some clients and customers may refuse to complete the Birkman Questionnaire because of the personal information collected during the process. They are within their rights to object to provide any of the data required in order to complete the Questionnaire.

If you are resident in France, you also have the right to set guidelines for the retention and communication of your personal information after your death.

If you wish to exercise one of these rights, please contact us at privacy@birkman.com, and we will comply with any request to the extent required under applicable law.

We will seek to deal with your request without undue delay and in any event in accordance with the requirements of the applicable law. Be sure to include your Birkman-related contact information so that we can accurately process your request in a timely manner. Please note we may keep a record of your communications to help us resolve any issues.

You also have the right to lodge a complaint to your local data protection authority. Further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

Changes to This Policy

We reserve the right to amend this European Policy at our discretion and at any time. When we make changes to this European Policy, we will post the updated policy on the Platform and update the policy’s effective date. Your continued use of our Platform following the posting of changes constitutes your acceptance of such changes.

Data Protection Officer Contact Information

If you have any questions or comments about this European Policy, the ways in which we collect and use your information described here, your choices and rights regarding such use, please do not hesitate to contact our Data Protection Officer:

Birkman Data Protection Officer, Emma Rogers

Birkman Corporate Headquarters
9090 Katy Fwy., Bldg. 450
Houston, TX 77024
privacy@birkman.com
(713) 623-2760

GDPR Representative Contact Information

Pursuant to the GDPR and the UK GDPR, Birkman International Inc. has appointed Borlux Ltd. (Postal address: First Floor, Penrose 1, Penrose Dock, Cork, Ireland) as its representative in the EU and UK. If you usually reside in an EU Member State or the UK, you can contact Borlux Ltd. regarding matters pertaining to the GDPR or UK GDPR by using the online request form at https://services.nathantrust.com/privacycontact.