Data Privacy at Objective Management Group

LAST UPDATED: MAY 22, 2018

Objective Management Group, Inc. (OMG) has established a comprehensive privacy program designed to help us respect and protect your data privacy rights. This statement includes OMG’s EU-U.S. Privacy Shield Framework Statement, OMG's Siwss - U.S. Safe Harbor Privacy Statement, and the Website Privacy Statement.

What information do we collect?

Objective Management Group, Inc. (OMG) collects information from you when you subscribe to our newsletter, fill out a form, or complete an online assessment.

When using the services on our site, as appropriate, you may be asked to enter your: name, e-mail address, mailing address, phone number, and/or responses to assessment questions. You may, however, visit the informational areas of our site anonymously. Assessment services may not be used anonymously.

What do we use your information for?

Any of the information we collect from you may be used in one of the following ways:

  • To personalize your experience
    (your information helps us to better respond to your individual needs)
  • To improve our website
    (we continually strive to improve our website offerings based on the information and feedback we receive from you)
  • To improve customer service
    (your information helps us to more effectively respond to your customer service requests and support needs)
  • To process transactions
    Your information, whether public or private, will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivering the purchased product or service requested.
  • To administer a contest, promotion, survey, assessment or other site feature
  • To send periodic emails
    The email address you provide may be used to send you information, respond to inquiries, and/or other requests or questions. Email addresses provided while using our assessment tools are never used for promotional reasons.

How do we protect your information?

We implement a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information.

We offer the use of a secure server. All supplied sensitive information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our Database to be only accessed by those authorized with special access rights to our systems, and are required to keep the information confidential.

How long do we keep your information?

The organizations who contract our assessment services determine the length of time that data will be retained, and OMG will respect and enforce any retention guidelines specified by these organizations. In many cases, in the case of current employees, it is important for theses organizations to have access to your assessment data for a period of many years, in order to view or demonstrate how your abilities have changed over a period of time. In the case of candidates for employment, a long period of time may pass between an individual completing an assessment and actually being hired, and again that information may need to be compared to establish skill progression over a period of many years. Please note that you can exercise your rights to remove your personal information from our systems, as described in this Privacy Policy, at any time.

Do we use cookies?

Yes (Cookies are small files that a site or its service provider transfers to your computer's hard drive through your Web browser (if you allow) that enables the sites or service providers systems to recognize your browser and capture and remember certain information.

We use cookies to understand and save your preferences for future visits and compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future. We may contract with third-party service providers to assist us in better understanding our site visitors. These service providers are not permitted to use the information collected on our behalf except to help us conduct and improve our business.

When completing one of our online assessments, we use cookies to track your identity from one page to the next. We also use cookies to combine information about the resources you have viewed on our sites with your assessment, in order to offer insights to the organization which as contracted our services about what other resources on our site you may have viewed before completing our assessment.

Do we disclose any information to outside parties?

We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

Third party links

Occasionally, at our discretion, we may include or offer third party products or services on our website. These third party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.

Childrens Online Privacy Protection Act Compliance

We are in compliance with the requirements of COPPA (Childrens Online Privacy Protection Act), we do not collect any information from anyone under 13 years of age. Our website, products and services are all directed to people who are at least 13 years old or older.

Assessment Data

All data submitted via our online assessments will be shared with the organization who purchased our services (Client) and the organization through whom those services were purchased (Reseller). The Client and Reseller may have separate and independent privacy policies. We therefore have no responsibility or liability for the activities of Clients and Resellers. Nonetheless, we seek to protect the integrity of your personal information and welcome any feedback about the use of your information.

During the course of providing assessment services via our website, we collect information including:

  • Contact information, including name. This is used by our Clients to identify your responses.
  • Information about your experience in a specific company, type of job, or industry.
  • Device data, including your IP address, operating system, device type, and web browser type. This is used for technical support and traceability
  • Your email address. This is used to contact you about the status of your assessment, and shared with Clients to identify your responses or contact you.

Your personally-identifiable information will not be shared with any 3rd parties except for the Client and Reseller, and where required by law.

The data from your assessment, stripped of personally-identifiable data and aggregated with other such information, may be used by Objective Management Group for research purposes.

The questions and options that make up our online assessment questionnaires are intellectual property owned by Objective Management Group, and cannot be copied, saved, or reproduced without our express written permission.

Your assessment questionnaire responses are owned by the Client who has contracted OMG's services to provide assessment services. Please contact the Client directly for any concerns about your assessment results.

If you have completed an assessment with Objective Management Group within the past year, we reserve the right, at our discretion, to reuse your previously-provided answers as a substitute for asking you the same questions again. Doing this saves you the time and frustration of answering questions you have already answered, and also preserves the integrity of our assessment by minimizing opportunities for a respondant to provide conflicting answers. Note that only multiple-choice answers, and never your personally-identifiable information (such as your name and email address), will ever be copied from a previous assessment to a current assessment.

Please contact the Client who has contracted OMG's services to access or correct any of the personal information you provide while using our assessment services.

Marketing Data

When you request information from our website by downloading a white paper / report, using one of our online tools, or completing an information request form, we will share the contact information you provide with one of our Certified Partners so they can contact you to discuss your request. While we cannot control the use of your contact information with these 3rd-parties, we kindly request that you report to us any misuse of your contact information by our Certified Partners. We take the integrity of your contact information extremely seriously, and it is our intent that it only be used to contact you about our services.

Please contact OMG to access or correct the marketing data you provide to use, or to request the removal of this data from our systems.

Data Storage

All data is stored on servers located in the United States, and processing of data occurs within the United States.

Security Statement

Over 1,750,000 individuals have trusted Objective Management Group to provide assessment services. OMG strives to maintain the highest security measures to insure the integrity and privacy of your personal information.

Physical Security - Our information systems and infrastructure are housed in world-class data centers carrying ISO/IEC, CSA/CCM, ITAR, CJIS, HIPAA, and IRS 1075 certifications.

Access Control - Access to assessment data is restricted to key personnel only for the purpose of providing our services, and revoked immediately upon employee termination. Remote access is only permitted through secure channels, and our password policies require strong passwords, expiration, and prevent reuse, along with multi-factor authentication where possible.

Personnel - All employees receive extensive data privacy and security training. Our employees must pass a criminal background check and are bound by a non-disclosure agreement.

Penetration Testing - Our systems are scanned weekly for known exploits using Microsoft's recommended penetration testing solution.

Threat Detection - We utilize Microsoft's proactive threat detection services to analyze both web and database transactions to detect potential breaches or vulnerabilities.

Encryption - All data is encrypted in transit using secure TLS cryptographic protocols. In addition, data at rest is encrypted where possible.

Development - All software development is performed in-house by Objective Management Group employees. We follow a security-by-design approach to software development, and implement peer code review with an emphasis on security.

Logging and Monitoring - We utilize a variety of logging and monitoring services to ensure the proper functionality of our systems, and also to provide detailed forensic information about any malicious or anomalous transactions.

Online Privacy Policy Only

This online privacy policy applies only to information collected through our website and not to information collected offline.

Your Consent

By using our site, you consent to our website's privacy policy.

Legitimate Interests

Please be aware that our assessment services have been contracted in order to protect the legitimate interests of the data controller -- an employer who has determined that it is necessary to understand and/or confirm the sales and/or leadership capabilities of its employees or candidates for employment.

Changes to our Privacy Policy

If we decide to change our privacy policy, we will post those changes on this page, and/or update the Privacy Policy at the top of this page.

Dispute Resolution

We invite you to contact us with any questions or concerns regarding the use or disclosure of personal information.

Contacting Us

If there are any questions regarding this privacy policy you may contact us using the information below.

http://www.objectivemanagement.com
114 Turnpike Road, Suite 102
Westborough, Massachusetts 01581
USA
508-366-6200

Identifying Your Data Controller

For the purposes of data privacy law, including GDPR, the data controller is the party that controls how your data is being used. As a contracted assessment provider, Objective Management Group is acting as a data processor, not a data controller. Since some rights may need to be exercised with the data controller, you have a right to know the identity of the data controller. To obtain the identity of the data controller, please email us at support@objectivemanagement.com and include the alphanumeric PIN you were provided when starting your assessment (this was also emailed to you in the form of a link).

Your Rights

While OMG does not do have a business location within the European Union or market / sell to European Union individuals or businesses, in some cases we serve as a processor or sub-processor of personal information for data controllers located in the European Union. Therefore, we are committed to respecting your rights as they pertain to personal information.

Please note that your rights must also be balanced with the rights of other parties, including the organizations which contract our assessment services. This includes, for example, those parties protecting their legitimate interests as they pertain to understanding your strengths and weaknesses which are measured by our assessments.

Your rights may include the following:

  • Right of Access - Upon request, we will confirm the personal information we hold about you. Please note that our questionnaires are copyrighted intellectual property, and are not considered part of your personal information.
  • Right to Rectification - Upon request, we will rectify any incorrect "demographics" we hold about you. This would include, for example, your name and email address. In most cases, your information is processed immediately upon its submission, and passed on to the organization which contracted our assessment services. Therefore, in addition to correct our own records, we will forward the correction to the data controller. Note that your right to rectification does not give you the right to change how you answered questions, as doing so would infringe upon the rights of the orginization which contracted our services to have trustworthy, unaltered answers.
  • Right to Erasure - You may contact us to request the removal of your personally-identifiable information from our databases. Please note that, in most cases, your information has already been shared with the organization which has contracted our services, so your request will be forwarded to the data controller as well, and subject to their data erasure policies.
  • Right to Restriction of Processing - If you have submitted personal information to us but it has not yet been processed and sent to the data controller, you may request that we not process your information. We encourage users to instead request that your information be erased, to ensure that no processing can occur.
  • Right to Data Portability - As there is no industry standard for transmitting assessment data, it is challenging for us to provide you with a copy of your information that can be reused elsewhere. However, we respect your right to obtain a copy of your information, and will send you an XML-formatted copy of the personal information -- information that personally identifies you -- which you provided to us upon request.

All requests to exercise your rights will be addressed without undue delay, and within 30 days. To exercise any of your rights, please contact of customer service team at support@objectivemanagement.com. Please note that we will need to confirm you identity via a 2-way email exchange.

EU-U.S. Privacy Shield Framework and Swiss - U.S. Privacy Shield Framework

Objective Management Group, Inc. (OMG) complies with the EU-U.S. Privacy Shield Framework and the Swiss - U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. OMG has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

In compliance with the Privacy Shield Principles, OMG commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Private Shield policy should first contact (your organization name) at:
Chief Operating Officer
114 Turnpike Road, Suite 102, Westborough, Massachusetts 01581 USA
508-366-6200

When OMG receives personal information under the Privacy Shield and then transfers it to a third-party service provider acting as an agent on OMG's behalf, OMG has certain liability under the Privacy Shield if both (i) the agent processes the information in a manner inconsistent with the Privacy Shield and (ii) OMG is responsible for the event giving rise to the damage. With respect to personal data received or transferred pursuant to the Privacy Shield Framework, OMG is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. In certain situations, OMG may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

OMG has further committed to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU DPAs or FDPIC for more information or to file a complaint. The services of EU DPAs and FDPIC are provided at no cost to you.

Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

Ask One of Our Sales Experts A Question Today - Get Actionable Results!