LAST UPDATED: DECEMBER 20, 2019
Objective Management Group, Inc. (OMG) has established a comprehensive privacy program designed to help us respect and protect your data privacy rights. This statement includes OMG’s EU-U.S. Privacy Shield Framework Statement, OMG's Swiss - U.S. Privacy Shield Framework Statement, and the Website Privacy Statement.
Objective Management Group, Inc. (OMG) collects information from you when you subscribe to our newsletter, fill out a form, or complete an online assessment.
When using the services on our site, as appropriate, you may be asked to enter your: name, e-mail address, mailing address, phone number, and/or responses to assessment questions. You may, however, visit the informational areas of our site anonymously. Assessment services may not be used anonymously.
Any of the information we collect from you may be used in one of the following ways:
We implement a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information.
We offer the use of a secure server. All supplied sensitive information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our Database to be only accessed by those authorized with special access rights to our systems, and are required to keep the information confidential.
Yes (Cookies are small files that a site or its service provider transfers to your computer's hard drive through your Web browser (if you allow) that enables the sites or service providers systems to recognize your browser and capture and remember certain information.
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
Occasionally, at our discretion, we may include or offer third party products or services on our website. These third party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
We are in compliance with the requirements of COPPA (Childrens Online Privacy Protection Act), we do not collect any information from anyone under 13 years of age. Our website, products and services are all directed to people who are at least 13 years old or older.
All data submitted via our online assessments will be shared with the organization who purchased our services (Client) and the organization through whom those services were purchased (Reseller). The Client and Reseller may have separate and independent privacy policies. We therefore have no responsibility or liability for the activities of Clients and Resellers. Nonetheless, we seek to protect the integrity of your personal information and welcome any feedback about the use of your information.
During the course of providing assessment services via our website, we collect information including:
Your personally-identifiable information will not be shared with any 3rd parties except for the Client and Reseller, and where required by law.
The data from your assessment, stripped of personally-identifiable data and aggregated with other such information, may be used by Objective Management Group for research purposes.
The questions and options that make up our online assessment questionnaires are intellectual property owned by Objective Management Group, and cannot be copied, saved, or reproduced without our express written permission.
Your assessment questionnaire responses are owned by the Client who has contracted OMG's services to provide assessment services. Please contact the Client directly for any concerns about your assessment results.
If you have completed an assessment with Objective Management Group within the past year, we reserve the right, at our discretion, to reuse your previously-provided answers as a substitute for asking you the same questions again. Doing this saves you the time and frustration of answering questions you have already answered, and also preserves the integrity of our assessment by minimizing opportunities for a respondant to provide conflicting answers. Note that only multiple-choice answers, and never your personally-identifiable information (such as your name and email address), will ever be copied from a previous assessment to a current assessment.
Please contact the Client who has contracted OMG's services to access or correct any of the personal information you provide while using our assessment services.
When you request information from our website by downloading a white paper / report, using one of our online tools, or completing an information request form, we will share the contact information you provide with one of our Certified Partners so they can contact you to discuss your request. While we cannot control the use of your contact information with these 3rd-parties, we kindly request that you report to us any misuse of your contact information by our Certified Partners. We take the integrity of your contact information extremely seriously, and it is our intent that it only be used to contact you about our services.
Please contact OMG to access or correct the marketing data you provide to use, or to request the removal of this data from our systems.
All data is stored on servers located in the United States, and processing of data occurs within the United States.
Over 1,750,000 individuals have trusted Objective Management Group to provide assessment services. OMG strives to maintain the highest security measures to insure the integrity and privacy of your personal information.
Physical Security - Our information systems and infrastructure are housed in world-class data centers carrying ISO/IEC, CSA/CCM, ITAR, CJIS, HIPAA, and IRS 1075 certifications.
Access Control - Access to assessment data is restricted to key personnel only for the purpose of providing our services, and revoked immediately upon employee termination. Remote access is only permitted through secure channels, and our password policies require strong passwords, expiration, and prevent reuse, along with multi-factor authentication where possible.
Personnel - All employees receive extensive data privacy and security training. Our employees must pass a criminal background check and are bound by a non-disclosure agreement.
Penetration Testing - Our systems are scanned weekly for known exploits using Microsoft's recommended penetration testing solution.
Threat Detection - We utilize Microsoft's proactive threat detection services to analyze both web and database transactions to detect potential breaches or vulnerabilities.
Encryption - All data is encrypted in transit using secure TLS cryptographic protocols. In addition, data at rest is encrypted where possible.
Development - All software development is performed in-house by Objective Management Group employees. We follow a security-by-design approach to software development, and implement peer code review with an emphasis on security.
Logging and Monitoring - We utilize a variety of logging and monitoring services to ensure the proper functionality of our systems, and also to provide detailed forensic information about any malicious or anomalous transactions.
Please be aware that our assessment services have been contracted in order to protect the legitimate interests of the data controller -- an employer who has determined that it is necessary to understand and/or confirm the sales and/or leadership capabilities of its employees or candidates for employment.
We invite you to contact us with any questions or concerns regarding the use or disclosure of personal information.
http://www.objectivemanagement.com114 Turnpike Road, Suite 102Westborough, Massachusetts 01581USA508-366-6200
For the purposes of data privacy law, including GDPR, the data controller is the party that controls how your data is being used. As a contracted assessment provider, Objective Management Group is acting as a data processor, not a data controller. Since some rights may need to be exercised with the data controller, you have a right to know the identity of the data controller. To obtain the identity of the data controller, please email us at firstname.lastname@example.org and include the alphanumeric PIN you were provided when starting your assessment (this was also emailed to you in the form of a link).
While OMG does not do have a business location within the European Union or market / sell to European Union individuals or businesses, in some cases we serve as a processor or sub-processor of personal information for data controllers located in the European Union. Therefore, we are committed to respecting your rights as they pertain to personal information.
Please note that your rights must also be balanced with the rights of other parties, including the organizations which contract our assessment services. This includes, for example, those parties protecting their legitimate interests as they pertain to understanding your strengths and weaknesses which are measured by our assessments.
Your rights may include the following:
All requests to exercise your rights will be addressed without undue delay, and within 30 days. To exercise any of your rights, please contact of customer service team at email@example.com. Please note that we will need to confirm you identity via a 2-way email exchange.
In compliance with the Privacy Shield Principles, OMG commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Private Shield policy should first contact Objective Management Group at:Chief Operating Officer114 Turnpike Road, Suite 102, Westborough, Massachusetts 01581 USA508-366-6200
When OMG receives personal information under the Privacy Shield and then transfers it to a third-party service provider acting as an agent on OMG's behalf, OMG has certain liability under the Privacy Shield if both (i) the agent processes the information in a manner inconsistent with the Privacy Shield and (ii) OMG is responsible for the event giving rise to the damage. With respect to personal data received or transferred pursuant to the Privacy Shield Framework, OMG is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. In certain situations, OMG may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
OMG has further committed to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU DPAs or FDPIC for more information or to file a complaint. The services of EU DPAs and FDPIC are provided at no cost to you.
Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.