Français - Europe (French - Europe)
Data Privacy at Objective Management Group
LAST UPDATED: October 5, 2023
Objective Management Group (OMG) has established a comprehensive privacy program designed to help us respect and protect your data privacy rights. This statement includes OMG’s EU-U.S. Data Privacy Framework Statement, OMG's UK Extension to the EU-U.S. Data Privacy Framework Statement, OMG's Swiss - U.S. Data Privacy Framework Statement, and the Website Privacy Statement.
What information do we collect?
Objective Management Group (OMG) collects information from you when you subscribe to our newsletter, fill out a form, or complete an online assessment.
When using the services on our site, as appropriate, you may be asked to enter your: name, e-mail address, mailing address, phone number, and/or responses to assessment questions. You may, however, visit the informational areas of our site anonymously. Assessment services may not be used anonymously.
What do we use your information for?
Any of the information we collect from you may be used in one of the following ways:
- To personalize your experience
(your information helps us to better respond to your individual needs)
- To improve our website
(we continually strive to improve our website offerings based on the information and feedback we receive from you)
- To improve customer service
(your information helps us to more effectively respond to your customer service requests and support needs)
- To process transactions
Your information, whether public or private, will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivering the purchased product or service requested.
- To administer a contest, promotion, survey, assessment or other site feature
- To send periodic emails
The email address you provide may be used to send you information, respond to inquiries, and/or other requests or questions. Email addresses provided while using our assessment tools are never used for promotional reasons.
Data subjects have the right to opt out of (a) disclosures of their Personal Data to third parties not identified at the time of collection or subsequently authorized, and (b) uses of Personal Data for purposes materially different from those disclosed at the time of collection or subsequently authorized.
When OMG is contracted by its customers to provide assessment services, OMG's customers are responsible for informing Data Subjects of the when they have the right to opt out of such uses or disclosures. Data Subjects who wish to limit the use or disclosure of their Personal Data should submit that request to OMG's customers that control the use and disclosure of their Personal Data. OMG will cooperate with its customers' instructions regarding Data Subjects' choices.
How do we protect your information?
We implement a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information.
We offer the use of a secure server. All supplied sensitive information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our Database to be only accessed by those authorized with special access rights to our systems, and are required to keep the information confidential.
How long do we keep your information?
Yes (Cookies are small files that a site or its service provider transfers to your computer's hard drive through your Web browser (if you allow) that enables the sites or service providers systems to recognize your browser and capture and remember certain information.
Do we disclose any information to outside parties?
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
Third party links
Occasionally, at our discretion, we may include or offer third party products or services on our website. These third party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
Childrens Online Privacy Protection Act Compliance
We are in compliance with the requirements of COPPA (Childrens Online Privacy Protection Act), we do not collect any information from anyone under 13 years of age. Our website, products and services are all directed to people who are at least 13 years old or older.
All data submitted via our online assessments will be shared with the organization who purchased our services (Client) and the organization through whom those services were purchased (Reseller). The Client and Reseller may have separate and independent privacy policies. We therefore have no responsibility or liability for the activities of Clients and Resellers. Nonetheless, we seek to protect the integrity of your personal information and welcome any feedback about the use of your information.
During the course of providing assessment services via our website, we collect information including:
- Contact information, including name. This is used by our Clients to identify your responses.
- Information about your experience in a specific company, type of job, or industry.
- Device data, including your IP address, operating system, device type, and web browser type. This is used for technical support and traceability
- Your email address. This is used to contact you about the status of your assessment, and shared with Clients to identify your responses or contact you.
Your personally-identifiable information will not be shared with any 3rd parties except for the Client and Reseller, and where required by law.
The data from your assessment, stripped of personally-identifiable data and aggregated with other such information, may be used by Objective Management Group for research purposes.
The questions and options that make up our online assessment questionnaires are intellectual property owned by Objective Management Group, and cannot be copied, saved, or reproduced without our express written permission.
Your assessment questionnaire responses are owned by the Client who has contracted OMG's services to provide assessment services. Please contact the Client directly for any concerns about your assessment results.
If you have completed an assessment with Objective Management Group within the past year, we reserve the right, at our discretion, to reuse your previously-provided answers as a substitute for asking you the same questions again. Doing this saves you the time and frustration of answering questions you have already answered, and also preserves the integrity of our assessment by minimizing opportunities for a respondant to provide conflicting answers. Note that only multiple-choice answers, and never your personally-identifiable information (such as your name and email address), will ever be copied from a previous assessment to a current assessment.
Please contact the Client who has contracted OMG's services to access or correct any of the personal information you provide while using our assessment services.
When you request information from our website by downloading a white paper / report, using one of our online tools, or completing an information request form, we will share the contact information you provide with one of our Certified Partners so they can contact you to discuss your request. While we cannot control the use of your contact information with these 3rd-parties, we kindly request that you report to us any misuse of your contact information by our Certified Partners. We take the integrity of your contact information extremely seriously, and it is our intent that it only be used to contact you about our services.
Please contact OMG to access or correct the marketing data you provide to use, or to request the removal of this data from our systems.
All data is stored on servers located in the United States, and processing of data occurs within the United States.
Over 2,000,000 individuals have trusted Objective Management Group to provide assessment services. OMG strives to maintain the highest security measures to insure the integrity and privacy of your personal information.
Physical Security - Our information systems and infrastructure are housed in world-class data centers carrying ISO/IEC, CSA/CCM, ITAR, CJIS, HIPAA, and IRS 1075 certifications.
Access Control - Access to assessment data is restricted to key personnel only for the purpose of providing our services, and revoked immediately upon employee termination. Remote access is only permitted through secure channels, and our password policies require strong passwords, expiration, and prevent reuse, along with multi-factor authentication where possible.
Personnel - All employees receive extensive data privacy and security training. Our employees must pass a criminal background check and are bound by a non-disclosure agreement.
Penetration Testing - Our systems are scanned weekly for known exploits using Microsoft's recommended penetration testing solution.
Threat Detection - We utilize Microsoft's proactive threat detection services to analyze both web and database transactions to detect potential breaches or vulnerabilities.
Encryption - All data is encrypted in transit using secure TLS cryptographic protocols. In addition, data at rest is encrypted where possible.
Development - All software development is performed in-house by Objective Management Group employees. We follow a security-by-design approach to software development, and implement peer code review with an emphasis on security.
Logging and Monitoring - We utilize a variety of logging and monitoring services to ensure the proper functionality of our systems, and also to provide detailed forensic information about any malicious or anomalous transactions.
Please be aware that our assessment services have been contracted in order to protect the legitimate interests of the data controller -- an employer who has determined that it is necessary to understand and/or confirm the sales and/or leadership capabilities of its employees or candidates for employment.
We invite you to contact us with any questions or concerns regarding the use or disclosure of personal information.
18 Lyman St STE 100A #1051
Westborough, Massachusetts 01581
Identifying Your Data Controller
For the purposes of data privacy law, including GDPR, the data controller is the party that controls how your data is being used. As a contracted assessment provider, Objective Management Group is acting as a data processor, not a data controller. Since some rights may need to be exercised with the data controller, you have a right to know the identity of the data controller. To obtain the identity of the data controller, please email us at firstname.lastname@example.org and include the alphanumeric PIN you were provided when starting your assessment (this was also emailed to you in the form of a link).
While OMG does not do have a business location within the European Union or market / sell to European Union individuals or businesses, in some cases we serve as a processor or sub-processor of personal information for data controllers located in the European Union. Therefore, we are committed to respecting your rights as they pertain to personal information.
Please note that your rights must also be balanced with the rights of other parties, including the organizations which contract our assessment services. This includes, for example, those parties protecting their legitimate interests as they pertain to understanding your strengths and weaknesses which are measured by our assessments.
Your rights may include the following:
- Right of Access - Upon request, we will confirm the personal information we hold about you. Please note that our questionnaires are copyrighted intellectual property, and are not considered part of your personal information.
- Right to Rectification - Upon request, we will rectify any incorrect "demographics" we hold about you. This would include, for example, your name and email address. In most cases, your information is processed immediately upon its submission, and passed on to the organization which contracted our assessment services. Therefore, in addition to correct our own records, we will forward the correction to the data controller. Note that your right to rectification does not give you the right to change how you answered questions, as doing so would infringe upon the rights of the orginization which contracted our services to have trustworthy, unaltered answers.
- Right to Erasure - You may contact us to request the removal of your personally-identifiable information from our databases. Please note that, in most cases, your information has already been shared with the organization which has contracted our services, so your request will be forwarded to the data controller as well, and subject to their data erasure policies.
- Right to Restriction of Processing - If you have submitted personal information to us but it has not yet been processed and sent to the data controller, you may request that we not process your information. We encourage users to instead request that your information be erased, to ensure that no processing can occur.
- Right to Data Portability - As there is no industry standard for transmitting assessment data, it is challenging for us to provide you with a copy of your information that can be reused elsewhere. However, we respect your right to obtain a copy of your information, and will send you an XML-formatted copy of the personal information -- information that personally identifies you -- which you provided to us upon request.
All requests to exercise your rights will be addressed without undue delay, and within 30 days. To exercise any of your rights, please contact of customer service team at email@example.com. Please note that we will need to confirm you identity via a 2-way email exchange.
EU-U.S. Data Privacy Framework (EU-U.S. DPF), UK Extension to the EU-U.S. DPF, and Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF)
In compliance with the Data Privacy Framework Principles, OMG commits to resolve complaints about our collection or use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our Data Privacy Framework policy should first contact Objective Management Group at:
Chief Operating Officer
18 Lyman St STE 100A #1051
Westborough, MA 01581
When OMG receives personal information under the Data Privacy Framework and then transfers it to a third-party service provider acting as an agent on OMG's behalf, OMG has certain liability under the Data Privacy Framework if both (i) the agent processes the information in a manner inconsistent with the Data Privacy Framework and (ii) OMG is responsible for the event giving rise to the damage. With respect to personal data received or transferred pursuant to the Data Privacy Framework Framework, OMG is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. In certain situations, OMG may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
OMG has further committed to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Data Privacy Framework complaints. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU DPAs, UK ICO, or FDPIC for more information or to file a complaint. The services of EU DPAs, UK ICO, and FDPIC are provided at no cost to you.
Under certain conditions, more fully described on the Data Privacy Framework website https://www.dataprivacyframework.gov/s/article/How-to-Submit-a-Complaint-Relating-to-a-Participating-Organization-s-Compliance-with-the-DPF-Principles-dpf, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.