TMBC Online Privacy Statement

Effective Date: February 1, 2019

This Privacy Statement explains how the Marcus Buckingham Company, an ADP Company (“TMBC” or “our” or “we”) uses and discloses personal data that (i) we collect from individuals who visit our websites and associated sub-domains located at https://www.tmbc.com (the “Site”) and mobile application (the “Application”) and otherwise engage with us in business activities, or (ii) we receive from our Client (your employer) as a data processor.

This Privacy Statement incorporates ADP’s Binding Corporate Rules (“BCR”) Privacy Code for Business Data (the “Business Code”), which includes information about how ADP processes and protects data of our business contacts/professionals and consumers. For our Client employees located in the European Economic Area (EEA), this Privacy Statement also incorporates ADP’s Binding Corporate Rules (“BCR”) Privacy Code for Client Data Processing Services (the “Processor Code”). For more information on Business Code, Processor Code, or our Privacy Program, please click any of the overviews located here: https://www.adp.com/privacy.aspx. If you have additional questions about privacy or this Privacy Statement, please contact our Privacy Team at Privacy@ADP.com.

  1. Types of Personal Data

    Personal data is any information that can be used to identify, locate, or contact you. Some examples of personal data include your name, username, mailing address, telephone numbers, email address, customer account information, or other information about how you use the Site and Application. Personal data also includes other information that may be associated with your personal data.

  2. How TMBC Collects Personal Data & Categories of Personal Data Collected

    In the ordinary course of business, ADP collects and processes personal data on behalf of your employer when we act as a data processor.

    If you are using the Site as a consumer and not as a Client employee, we collect Personal Data directly from you as a data controller. We will ask you for Personal Data when you interact with us, such as registering on our Site, signing up to receive a newsletter or marketing communications, making a purchase, entering comments related to job priorities and other work-related activities, as well as commenting with team members and leaders through the software, engaging with the Engagement Pulse or Performance Pulse tools, or providing services, goods, or products. We may also collect additional information from other ADP products.

    TMBC, when acting as a data controller, collects the following categories of Personal Data directly from you: first name, last name, email address, professional information, billing information, address, and phone number.

    If you interact with us through the Site or Application, we use cookies or other technological tools to collect information about your device and your use of our Site or Application. We treat this information as personal data when it is associated with your contact information. For more information about cookies and other technologies, please see the section Cookies and Other Data Collection Technologies below.

  3. How TMBC uses Personal Data

    When TMBC is acting as a data processor to your employer, TMBC processes your personal data only as instructed or permitted by your employer, in which case only your employer can inform you on the different purposes for which it will process your data through our products.

    Otherwise, TMBC uses your personal data for the following business purposes:

    1. Business purposes for processing personal data pertaining to business contacts/professionals. Personal data pertaining to business contacts/professionals with whom TMBC has a business relationship may be processed as needed:
      1. To send communications related to providing services (such as emails from the production about events such as doing your weekly check-in, being invited to a team, or being part of an Engagement Pulse, requests for information, responses to requests for information, orders, confirmations, training, and service updates);
      2. For account management, accounting, finance, and dispute resolution purposes (such as accounts receivable, accounts payable, account reconciliation, cash management, or money movement) and for consolidated management and reporting;
      3. To assure quality control and to enforce our standards and policies;
      4. For security management, including monitoring individuals with access to the Site, Application, systems, or facilities, investigation of threats, and as needed for any data security breach notification;
      5. To anonymize or de-identify the personal data; and
      6. For purposes of providing coaching, professional development, performance reviews, and employee insights, and tracking.
    2. Business Purposes for processing personal data pertaining to consumers and other individuals. Personal data pertaining to consumers and other individuals may be processed as needed:
      1. To provide the information, product, or service requested by the individual, and as would be reasonably expected by the individual given the context in which the personal data was collected, and the information provided in the applicable privacy statement given to the individual (such as for personalization, remembering preferences, or respecting individual rights);
      2. For due diligence, including verifying the identity of the individual, as well as the eligibility of the individual to receive information, products, or services (such as verifying age, employment, or account status);
      3. To send transactional communications (such as requests for information, responses to requests for information, orders, confirmations, training materials, and service updates);
      4. To manage an individual’s account, such as for customer service, finance, and dispute resolution purposes;
      5. For risk management and mitigation, including for audit and insurance functions, and as needed to license and protect intellectual property and other assets;
      6. For security management, including monitoring individuals with access to the Site, Application, systems, or facilities, investigation of threats, and as needed for any data security breach notification;
      7. To anonymize or de-identify the personal data; and
      8. For purposes of providing coaching, professional development, performance reviews, and employee insights, and tracking.
    3. Business-necessary processing activities.TMBC may also process personal data as needed (i) to protect the privacy and security of the personal data it maintains, such as in connection with advanced security initiatives and threat detection; (ii) for treasury operations and money movement activities; (ii) for compliance functions, including screening individuals against sanction lists in connection with anti-money laundering programs; (iv) for business structuring activities, including mergers, acquisitions, and divestitures; and (v) business activities, management reporting, and analysis.
    4. Development and improvement of products and/or services.TMBC may process personal data to develop and improve TMBC’s products and/or services, and for research, development, analytics, and business intelligence.
    5. Relationship management and marketing.TMBC may also process personal data for relationship management and marketing. This purpose includes sending marketing and promotional communications to individuals who have not objected to receiving such messages as may be appropriate given the nature of the relationship, such as product and service marketing, investor communications, Client communications (e.g., HR compliance alerts, product updates, and training opportunities and invitations to ADP events), customer satisfaction surveys, supplier communications (e.g., requests for proposals), corporate communications, and TMBC news.TMBC uses your personal data for secondary purposes such as:
      • Disaster recovery and business continuity, including transferring the information to an archive
      • Internal audits or investigations
      • Implementation or verification of business controls
      • Statistical, historical, or scientific research
      • Dispute resolution
      • Legal or business counseling
      • Compliance with laws and company policies
      • Insurance purposes
  4. Why and How Personal Data is disclosed by TMBC

    TMBC does not provide your personal data to third parties outside of ADP Group Companies for their own marketing purposes. We share your personal data:

    • To ADP Group Companies, which use your personal data for the purposes listed in this Privacy Statement.
    • To our service providers, who are bound by law or contract to protect your personal data and only use your personal data in accordance with our instructions.
    • To enforce our rights, protect our property, or protect the rights, property, or safety of others; in connection with the sale, assignment, or other transfer of TMBC’s business or assets, or as needed to support external auditing, compliance and corporate governance functions. We will also disclose personal data when required to do so by law, such as in response to a subpoena, including to law enforcement agencies and courts in the United States and other countries where we operate.
    • As instructed or permitted by your employer (when we are acting as a data processor) or you.
    • As needed to provide the services that you and/or your employer have requested.

    Please note that we may also use and disclose information about you that is not personally identifiable. For example, we may publish reports that contain aggregated, anonymized, and/or statistical data about our Clients. These reports do not contain information that would enable the recipient to contact, locate, or identify you. These reports also do not contain identifiable company information.

  5. Cookies and Other Data Collection Technologies

    When you visit our Site, use our Application, or receive digital communications from us, we collect certain information by automated means, using technologies such as cookies, pixel tags, browser analysis tools, server logs, and web beacons. For example, when you visit our Site, we place cookies on your device. Cookies are small text files that websites send to your computer or other internet-connected device to uniquely identify your browser or to store information or settings in your browser. Cookies allow us to recognize you when you return. They also help us provide a customized experience and enable us to detect certain kinds of fraud. In many cases, you can manage cookie preferences and opt-out of having cookies and other data collection technologies used by adjusting the settings on your browser. All browsers are different, so visit the “help” section of your browser to learn about cookie preferences and other privacy settings that may be available. Pixel tags and web beacons are tiny graphic images placed on website pages or in our emails that allow us to determine whether you have performed a specific action. When you access these pages or open or click an email, the pixel tags and/or web beacons generate a notice of that action. These tools allow us to measure response to our communications and improve our web pages and promotions.

    We collect many different types of information from cookies and other technologies. For example, we collect information from the device you use to access our Site, your operating system type, browser type, domain, and other system settings, as well as the language your system uses and the country and time zone where your device is located. Our server logs also record the Internet Protocol (“IP”) address assigned to the device you use to connect to the Internet. An IP address is a unique number that devices use to identify and communicate with each other on the internet. We may also collect information about the website you were visiting before you came to the Site and the website you visit after you leave our Site.

    In many cases, the information we collect using cookies and other tools is only used in a non-identifiable way, without reference to personal data. For example, we use information we collect about website users to optimize our Site and to understand website traffic patterns. In some cases, we do associate the information we collect using cookies and other technology with your personal data. This Privacy Statement applies to the information when we associate it with your personal data.

    Although our Site currently does not have a mechanism to recognize the various web browser Do Not Track signals, we do offer Individuals choices to manage their preferences that are provided in the previous sections above. The Site does not collect Personal Information about an individual consumer’s online activities over time and across different websites when a consumer uses the Site. To learn more about browser tracking signals and Do Not Track please visit http://www.allaboutdnt.org/. TMBC uses Google Analytics as a third party vendor. For information on how Google Analytics uses data, please visit “How Google uses data when you use our partners sites or apps”, located at http://bit.ly/2jXZ13Y.

  6. Mobile Applications

    TMBC offers the Application, which allows you to access your account, interact with us online, and receive other information via your mobile device. Personal data collected by TMBC via our Application is protected by the terms of this Privacy Statement or our Privacy Statement for Client Employees, as applicable.

  7. Communication Preferences

    When TMBC acts as a data controller, you may limit the information you provide to TMBC. You may also limit the communications that TMBC sends to you. To opt-out of commercial emails, simply click the link labeled “unsubscribe” at the bottom of the commercial email we send you. Please note that if you are currently receiving services from TMBC and you have decided to opt-out of emails, this will not impact the messages we send to you for purposes of delivering such services or as permitted by applicable law. If you have questions about your choices or if you need assistance with opting-out, please contact us via email to Privacy@ADP.com. You may also write us at the address in the How to Contact Ussection below. If you send us a letter, please provide your name, address, email address, and information about the communications that you do not want to receive.

  8. Access, Correction, Erasure, and Other Individual Rights

    TMBC respects your right to access, correct, and delete your personal data, or object to the processing of your personal data. If you have an online account, you may log into your account to access update, or delete the information you have provided to us. Additionally, you may contact Privacy@ADP.com to request access to your data, or to exercise any of the individual rights afforded to you by ADP’s Business Code, or by applicable data protection laws and regulations. You may also write to us at the address in the How to Contact Us section below. If you send us a letter, please provide your name, address, email address, and detailed information about the changes you would like to make. TMBC will respond to requests as soon as possible and in accordance with applicable data protection laws.

    This section is not applicable if TMBC processes your data according to a contract with your employer. Your contact will be your employer who can inform you about any rights you may have.

  9. Information Security

    TMBC is committed to maintaining appropriate organizational, technical, and physical controls to protect personal data entrusted to TMBC. These controls protect personal data from anticipated threats and hazards and unauthorized access and use. Additional information about ADP’s Global Security Organization may be found at http://www.adp.com/trust. You should also take steps to protect yourself, especially online. When you register at the Site, choose a strong password, and do not use the same password that you use on other websites. Do not share your password with anyone else. TMBC will not ask you for your password in an unsolicited phone call or in an unsolicited email. Also remember to sign out of the Site and close your browser window when you have finished your work. This is to ensure that others cannot access your personal data and correspondence if they have access to your device.

  10. Data Retention

    TMBC will retain your personal data for as long as necessary for the purposes for which the personal data is processed. TMBC follows a Global Records Information Management (“RIM”) Policy and has established records retention schedules for all types of personal data that TMBC processes. Personal data is retained in accordance with the records retention schedules to ensure that records containing personal data are retained as needed to fulfill the applicable business purposes, to comply with applicable laws, or as advisable in light of applicable statutes of limitations. When the retention period has expired, records containing personal data will be securely deleted or destroyed, de-identified, or transferred to archive, in accordance with ADP’s RIM Policy.

    This section doesn’t apply to processing carried out through a contract between your employer and TMBC.

  11. International Data Transfers

    TMBC is headquartered in the United States of America. Your personal data may be accessed by or transferred to the United States or elsewhere in the world in accordance with the ADP Privacy Code for Business Data.

    Where authorized by your employer, ADP will transfer personal data pertaining to individuals located outside of the United States to our affiliates and suppliers in the United States and elsewhere in the world, pursuant to applicable data protection laws. We will only transfer personal data pertaining to individuals located in the European Economic Area as permitted by the ADP Privacy Code for Client Data Processing. Please click here for the list of our affiliates bound by the ADP Privacy Code for Client Data Processing Services.

  12. Job Applicants

    If you have applied for employment with TMBC, the personal data submitted with your job application will be added to our recruitment system and used for recruitment and other customary human resources purposes in accordance with ADP privacy policies.

  13. Individuals Located in the European Economic Area

    In addition to the rights already listed in this Privacy Statement, you also have the right to data portability, as well as the right to be notified of automated decision making or profiling related to your personal data. A data protection officer for the European Economic Area (“EEA”) has been appointed and can be reached at DataProtectionOfficer.ADPEMEA@adp.com. You may reach the data protection officer via mail at the address below.

    Data Protection Officer – EMEA
    ADP Europe SAS
    31 Avenue Jules Quentin
    92000 Nanterre
    France

    This section doesn’t apply to processing carried out through a contract between your employer and TMBC. As an employee of an ADP Client, please reach out to your employer for more information regarding the collection and processing of your personal data.

  14. Changes to this Privacy Statement

    We may update this Privacy Statement to reflect new or different privacy practices. We will place a notice online when we make material changes to this Privacy Statement.

  15. Group Companies bound by this Privacy Statement

    For a listing of Group Companies bound by this Privacy Statement and the Privacy Code for Business Data, please click www.adp.com/privacy/pdf/A2CoBDC.pdf.

  16. How to Contact Us

    Please contact us if you have questions, or comments. You may reach us via email at Privacy@ADP.com, or via mail at address below. If you send us a letter, please provide your name, address, email address, and detailed information about your question, comment, or complaints.

    TMBC
    Global Data Privacy and Governance Team
    MS 325
    One ADP Boulevard
    Roseland, NJ 07068-1728 USA
  17. How to Lodge a Complaint

    If you believe that TMBC has not handled your personal data properly or that it has breached its privacy obligations, under any applicable data protection laws or the Business Code or of applicable law, you may file your complaint in writing to the address above, or via email, to the Global Data Privacy and Governance Team at Privacy@ADP.com. The Global Data Privacy and Governance Team will investigate each complaint and notify you within a reasonable timeframe of the outcome of the investigation. If you are not satisfied by the resolution TMBC proposes, you may lodge a complaint in accordance with the provisions of the Business Code.

    This section doesn’t apply to processing carried out through a contract between your employer and TMBC. However, if you are a Client employee located in the EEA and Switzerland, you may file a complaint as a third party beneficiary in respect of a claim you may have for violation of the ADP Privacy Code for Client Data Processing Services or applicable law, by contacting the Global Data Privacy and Governance Team at Privacy@ADP.com. If ADP’s response to your complaint is unsatisfactory, you may file a complaint or claim with the relevant regulatory authorities or the courts, in accordance with the provisions of the ADP Privacy Code for Client Data Processing Services.

  18. U.S. State Specific Privacy Rights

    If you are a Nevada or California resident click here for additional information regarding your privacy rights.

Last Updated: December 30, 2019