SSSC Office of Ethics & Professional Standards Security & Privacy Statement
At the SSSC Office of Ethics & Professional Standards (EPS), we understand that your privacy is important to you. We are committed to protecting the security and confidentiality of your personal information. This Security and Privacy Statement explains how we collect, use, and share your personal information.
This Statement has been compiled to better serve those who are concerned with how their ‘Personally Identifiable Information’ (PII) is being used online. PII, as described in US privacy law, GDPR (General Data Protection Regulation) in Europe and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our Security and Privacy Statement carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information as it applies to our website data collection processes in accordance with our website.
We collect your personal information when you:
- File a Complaint through Ethico aka ComplianceLine, our complaint management system, except when reported anonymously
- Are a Reporter, Respondent, or Witness of a Complaint
- Enroll in a course
- Sign EPS Confidentiality Agreement (Oath of Confidentiality Agreement)
- Fill out EPS Forms via Wufoo (Job application, GEC Membership application, and any forms related to a Complaint Procedure).
- Fill out the Contact Us form on our website
The File a Complaint process on the EPS website is handled by a 3rd party, Ethico. Ethico complies with all US privacy requirements and is also GDPR compliant. All information provided relative to a complaint is stored indefinitely within the ComplianceLine system.
Data you enter on the EPS complaint Webform (or that you may provide via the EPS Hotline) is saved to an external server owned and operated by Ethico. No personally identifiable information is automatically collected from reporters submitting a case. Personally identifying information, such as your name, e-mail address, or phone number, is collected and stored only when a reporter voluntarily gives this information. Information supplied on the webform for any other individuals you name in relation to a case, is used only for the purpose of a case.
No contact information from the Ethico case management system is used by EPS for a mailing list, solicitations, or marketing purposes. No information is sold to or shared with other parties, other than the minimum necessary information shared with an affiliate organization (such as KRI or Sikh Dharma International) or other party for the investigation of a case.
What personal information do we collect?
The types of personal information we collect may include your name, email address, phone number, mailing address, and public information available on the internet.
How do we use your personal information?
We use your personal information to:
- Respond to inquiries, and/or other requests or questions.
- Communicate with you when conducting a preliminary investigation and/or a Complaint Procedure.
- To determine if you have completed the EPS Ethics & Anti-Harassment Course.
- Comply with legal and regulatory requirements
How do we share your personal information?
We may share your personal information with:
- Courts and other government agencies, as required by law
- Third-party service providers who help us provide our services, such as IT, software supporting the platform of the EPS Ethics & Anti-Harassment Course.
- ComplianceLine aka Ethico, the EPS case management system.
Note: We do not share or use your personal information for marketing purposes.
How do we protect your personal information?
We have implemented security measures to protect your personal information from unauthorized access, use, or disclosure. These measures include:
- Electronic security measures, such as firewalls and encryption
- Administrative security measures, such as training our employees on privacy and security best practices.
What are your privacy rights?
In some regions (like the European Economic Area), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; and (iv) if applicable, to data portability. In certain circumstances, you may also have the right to object to the processing of your personal information. To make such a request, please use the contact details provided below. We will consider and act upon any request in accordance with applicable data protection laws.
If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. Please note however that this will not affect the lawfulness of the processing before its withdrawal.
If you are resident in the European Economic Area and you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority. You can find their contact details here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm
Fair Information Practices:
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information practices we will take the following responsive action, should a data breach occur:
We will notify you via email within 14 business days.
We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.
What are your choices?
You have rights related to how we choose to use and share your personal information. If you would like to discuss, please contact us using contact information below.
If you would at any time like to review or change the information in your Ethics course account or terminate your account, you can:
- Contact us or your organization administrator to process this request, using the contact information provided.
Changes to this Security and Privacy Statement:
We may update this Security and Privacy Statement from time to time. If we make any significant changes, we will post a notice on our website or contact you directly.
If you have any questions about this Security and Privacy Statement, you may contact us here.