Privacy Policy

Overview

At GMS, protecting your private information is our priority. This Statement of Privacy applies to the information gathering, usage and dissemination practices for the GMS website. It explains how we collect, use, share, and otherwise process the personal information of users in connection with our Service. Personal Data is any information that can be used to identify, locate, or contact you.

Some examples of Personal Data include your name, username, mailing address, telephone numbers, email address, geographic location, creditworthiness, customer account information, or other information about how you use our company websites. By using the GMS website, you consent to the data practices described in this statement. For specific state privacy legislation, please see further below.

Data privacy, and the privacy of the information provided, is important to us. We use reasonable care to protect data provided to us by or on behalf of our clients or prospective clients and their employees, or from visitors to our website from loss, misuse, unauthorized access, disclosure, alteration, and untimely destruction. This Policy governs personal information collected, processed, or disclosed by GMS for its own purposes, as well as information provided to us as a service provider for our Clients. It protects information collected online as well as offline. We may receive personal data from our Clients about their current and/or prospective workers, as well as workers’ dependents and/or family members as needed to provide services. We will collect and process such personal information as instructed or permitted by our Clients or in accordance with this Policy.

We do not grant access to personal information except as set forth herein. We do not share or sell personal information provided or transmitted to our website with any third parties for their own marketing purposes. At times, we may provide links to other websites not affiliated with us. We encourage you to be aware when you leave our website, and to read applicable privacy policies of third parties concerning how they might use or process your information.

As explained further below, in most cases we collect Personal Data directly from you, when you interact with us online or in other ways. The following provides more information on how we obtain and/or disclose such data.

Please note, we may also use and disclose information about you that is not personally identifiable. Such information might be in the form of aggregated or statistical data about our Clients. However, such information would not enable the recipient to contact, locate or identify you.

What Information is Collected

We limit the information that we collect, to the information that we need – to provide our services, to administer and improve the GMS website, and to fulfill any legal and regulatory requirements to which we might be subject.

The categories of personal information that we may collect include the following:

1) Contact information to allow us to communicate with you or to provide services; 2) Financial and bank account information as needed to provide services; 3) Social security number, date of birth, name, address, email address, phone number, including mobile phone number, and other details as needed to provide services; 4) Credit, debit, or payment card information (if used); 5) Credit or debt history regarding creditworthiness or credit history, with proper disclosures; 6) Health and benefits information, which may include health plan numbers, beneficiary or dependent identification and contact information, and other health information as needed to provide services; 7) Employment history and application information submitted through our recruiting portal; 8) location data, including your IP address, to provide services, or, if geolocation Services are enabled for time and attendance tracking; and finally 9) Other personal information as needed to provide specific services.

How Personal Information is Collected or Transmitted

To access or use certain information, features, or services, you may be required to provide personal information. Personal information is primarily collected, submitted, and/or transmitted:

1) When a Client provides it to us to facilitate the processing of services; 2) From visitors to our website; 3) From applications, forms, webinars, surveys, and other information visitors provide us; 4) When visitors to our site request information about our Services, or contact our customer service or support departments via phone, email, chat or other forms of communication; 5) From consumer and business reporting agencies regarding creditworthiness or credit history; and finally 6) Between GMS and third party vendors.

Use of Data

Whether you are an individual consumer or a professional seeking a relationship to GMS, or already have a relationship with us, GMS might use your Personal Data for any of the following Business Purposes:

(1) To initiate, assess, develop, maintain, or expand a business relationship, including negotiating, contracting, and fulfilling obligations under contracts; (2) For due diligence regarding qualifications and eligibility for the relationship; (3) To send transactional communications (such as requests for information, responses to requests for information, orders, confirmations, training, and service updates); (4) For account management, accounting, finance, dispute resolution purposes, or consolidated management and reporting; (5) for quality control and to ensure compliance with company standards and policies; (6) For risk management and risk mitigation, including for audit and insurance functions, and as needed to protect company property and assets, including intellectual property; (7) For cyber security management; (8) for Data Security Breach purposes; and (9) To anonymize or de-identify the Personal Data.

GMS may also use Personal information for reasons of business necessity, such as to protect the privacy and security of the data; (ii) for treasury operations and money movement activities; (ii) for compliance functions, including (should it be necessary) screening Individuals against sanction lists in connection with anti-money laundering programs; (iv) for business structuring activities (such as mergers and acquisitions) and general business activities, management reporting, and analysis.

GMS may use the data for marketing functions, when legally permissible, such as compliance alerts to applicable changes in the law, product updates, training opportunities and invitations to GMS events), customer satisfaction surveys, supplier communications (e.g., requests for proposals), corporate communications, and general GMS news. In addition, GMS may use personal data to develop and improve its own services, such as by research and development and analytics.

GMS does not sell, rent, or lease your personal data to third parties. However, we might provide such information to business partners with whom you have interacted or otherwise authorized providing such information. For example, if you are referred to GMS from a business partner website, we may provide that partner with your contact information and certain economic and financial information, such as bank account information, to validate the referral. We may also provide your contact information to companies that offer complementary products and services if you request information about these solutions.

Finally, GMS may also use your personal data, when and if needed, for 1) disaster recovery and business continuity; 2) Internal audits or investigations; 3) Implementation or verification of business controls; 4) Statistical or historical research; 5) litigation or dispute resolution; 6) legal or business counseling; 7) compliance reasons; 7) Insurance purposes; 8) to enforce our rights or the rights and safety or others, or 9) when required to do by law.

Cookies and Other Data Collection Technologies

When you visit our website or use our mobile applications, we collect certain information by automated means, using technologies such as cookies. For example, when you visit our website, we place cookies on your computer. Cookies are small text files that websites send to your computer or other Internet-connected device to uniquely identify your browser or to store information or settings in your browser. Cookies allow us to recognize you when you return. They also help us provide a customized experience and enable us to detect certain kinds of fraud. In many cases, you can manage cookie preferences and opt-out of having cookies and other data collection technologies used by adjusting the settings on your browser. All browsers are different, so visit the “help” section of your browser to learn about cookie preferences and other privacy settings that may be available.

GMS also uses cookies, pixel tags, (also known as local stored objects) web beacons, and similar technologies to personalize and enhance your online experience. These are tiny graphic images placed on website pages or in our emails that allow us to determine whether you have performed a specific action. When you access these pages or open or click an email, the pixel tags and web beacons generate a notice of that action. These tools allow us to measure response to our communications and improve our web pages and promotions. GMS does not use these devices or similar technologies for behavioral or interest-based advertising purposes.

We collect many different types of information from cookies and other technologies. For example, we collect information from the device you use to access our website, your operating system type, browser type, domain, and other system settings, as well as the language your system uses and the country and time zone where your device is located. Our server logs also record the Internet Protocol (IP) address assigned to the device you use to connect to the Internet. An IP address is a unique number that devices use to identify and communicate with each other on the Internet. We may also collect information about the website you were visiting before you came to GMS and the website you visit after you leave our site.

In many cases, the information we collect using cookies and other tools is only used in a non-identifiable way, without reference to Personal Data. For example, we use information we collect about website users to optimize our websites and to understand website traffic patterns. In some cases, we do associate the information we collect using cookies and other technology with your Personal Data. This Privacy Statement applies to the information when we associate it with your Personal Data.

Our website may include embedded YouTube, Vimeo, or other videos. When you click on an embedded video, that video is loaded from a domain operated by the video hosting platform. Although we have enabled the privacy controls where applicable for embedded videos, which may prevent the video hosting platform from placing tracking cookies on your device when viewing these videos on our site, the video hosting platform capacity still collect your IP address and other devices information for their own purposes.

GMS has or may establish relationships with Third-Party advertising companies to place advertisements on this website and other websites, and to perform tracking and reporting functions for this website and other websites. These Third-Party advertising companies may place cookies on your computer when you visit our website or other websites so they can display targeted advertisements to you. These Third-Party advertising companies do not collect Personal Data in this process, and we do not give Personal Data to them as part of this process. This Privacy Statement does not cover the collection methods or use of the information collected by these vendors. For more information about Third Party advertising, please visit the Network Advertising Initiative (NAI) at www.networkadvertising.org. You may opt out of being targeted by many Third-Party advertising companies by visiting http://bit.ly/2Ig9IgT.

Although our website currently does not have a mechanism to recognize the various web browser Do Not Track signals, we do offer Individuals choices to manage their preferences that are provided in the previous sections above, as mentioned in the first paragraph of this section. We do expect our Third Party advertising companies to use reasonable efforts to respect browser Do Not Track signals by not delivering targeted advertisements to website visitors whose browsers have a Do Not Track setting enabled. However, we understand that some companies do not have this capability today. To learn more about browser tracking signals and Do Not Track please visit http://www.allaboutdnt.org/.

Mobile Applications

GMS offers mobile applications that allow you to access your account, interact with us online, and receive other information via your mobile device. Personal Data collected by GMS via our mobile applications is protected by the terms of this Privacy Statement or our Privacy Statement for Client Employees, as applicable.

Communication Preferences

You may limit the information you provide to GMS. You may also limit the communications that GMS sends to you. To opt-out of commercial emails, simply click the link labeled “unsubscribe” at the bottom of any email we send you.

Please note that if you are currently receiving services from GMS and you have decided to opt-out of promotional emails, this will not impact the messages we send to you for purposes of delivering such services.

If you have questions about your choices or if you need assistance with opting-out, please contact us via email to privacy@groupmgmt.com. You may also write us at the address in the How to Contact Us section below. If you send us a letter, please provide your name, address, email address, and information about the communications that you do not want to receive.

Access, Correction, Erasure, and Other Individual Rights

GMS respects your right to access, correct, and delete your Personal Data, or object to the processing of your Personal Data, all when or where required by law. If you have an online account, you may log into your account to access update, or delete the information you have provided to us. Additionally, you may contact privacy@groupmgmt.com to request access to your data, and to exercise any of the individual rights afforded to you by GMS’s Privacy Code for Business Data, or by applicable data protection laws and regulations. You may also write to us at the address in the How to Contact Us section below. If you send us a letter, please provide your name, address, email address, and detailed information about the changes you would like to make. GMS will respond to requests as soon as possible and in accordance with applicable data protection laws and regulations.

Information Security

GMS is committed to maintaining the appropriate organizational, technical, and physical controls to protect Personal Data entrusted to GMS. These controls protect Personal Data from anticipated threats and hazards as well as unauthorized access and use. In each case, GMS will strive to provide security that is proportional to the sensitivity of the Personal Data being protected, with the greatest effort being focused on protecting Sensitive Personal Data and other Personal Data whose compromise could result in substantial harm or inconvenience to the Individual.

Data Retention

GMS will only retain your information for as long as necessary for the Purposes for which the Personal Data is processed. GMS has established records retention schedules for all types of Personal Data that GMS processes. Personal Data is retained in accordance with the records retention schedules to ensure that records containing Personal Data are retained as needed to fulfill the applicable Business Purposes, to comply with applicable laws, or as advisable in light of applicable statutes of limitations. When the retention period has expired, records containing Personal Data will be securely deleted or destroyed, de-identified, or transferred to archive, in accordance with GMS’s records retention Policy.

Job Applicants

If you have applied for employment with GMS, the Personal Data submitted with your job application will be added to our recruitment system and used for recruitment and other customary human resources purposes in accordance with our GMS Applicant Privacy Statement.

State Specific Privacy Laws

Various U.S. states have specific laws relative to Privacy. To view these specific state requirements, please scroll down.

How to Contact Us

Please contact us if you have questions, or comments, at privacy@groupmgmt.com. You may reach us via mail at address below. If you send us a letter, please provide your name, address, email address, and detailed information about your question, comment, or complaints.

GMS
P.O. Box 21933
Eagan, MN 55121

How to Lodge a Complaint

If you believe that GMS has not handled your Personal Data properly or that it has breached its privacy obligations, under any applicable data protection laws or the GMS Privacy Code for Business Data or of Applicable Law, you may file your complaint in writing to the address above, or via email, to the Chief Privacy Officer at privacy@groupmgmt.com.

California

Last updated December 18, 2025

This Privacy Notice for Group Management Services, Inc. (“we,” “us,” or “our“), describes how and why we might access, collect, store, use, and/or share (“process“) your personal information when you use our services (“Services“), including when you:

Visit our website at https://connect.gms.online/login.html or any website of ours that links to this Privacy Notice.
Download and use our mobile application (GMS Connect), or any other application of ours that links to this Privacy Notice.
Use Professional Employer Organization. A PEO acts as a co-employer that provides services for your business and its employees. It can allow you to outsource important HR functions, such as payroll, benefits and training while ensuring compliance with federal and state employment laws. By working with a PEO, you may free up your time and focus on improving your products or services and growing your business. There are many PEOs available and each one offers its own lineup of services. While some PEOs only cover basic HR tasks, others go the extra mile and provide other services, such as employee onboarding and handbooks, as well as data analytics and real-time insights. At Group Management Services (GMS), we’ve taken the extra steps to become a certified PEO recognized by the IRS. GMS meets all IRS CPEO requirements so our clients can operate with confidence. What does that mean for you? Reduced risks: We assume the primary liability for federal employment taxes for our clients’ worksite employees. Time and cost savings: From payroll administration to benefits management and HR compliance, we handle the details, allowing you to focus on growing your business. Ongoing compliance expertise: We stay on top of 2025 IRS regulations and beyond, ensuring your organization meets updated standards.
Engage with us in other related ways, including any marketing or events.

Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at connecthelp@groupmgmt.com.

SUMMARY OF KEY POINTS

This summary provides key points from our Privacy Notice, but you can find out more details about any of these topics by clicking the link following each key point or by using our table of contents below to find the section you are looking for.

What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use. Learn more about personal information you disclose to us.
Do we process any sensitive personal information? Some of the information may be considered “special” or “sensitive” in certain jurisdictions, for example your racial or ethnic origins, sexual orientation, and religious beliefs. We may process sensitive personal information, when necessary, with your consent or as otherwise permitted by applicable law. Learn more about sensitive information we process.
Do we collect any information from third parties? We do not collect any information from third parties.
How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so. Learn more about how we process your information.
In what situations and with which types of parties do we share personal information? We may share information in specific situations and with specific categories of third parties. Learn more about when and with whom we share your personal information.
How do we keep your information safe? We have adequate organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Learn more about how we keep your information safe.
What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. Learn more about your privacy rights.
How do you exercise your rights? The easiest way to exercise your rights is by visiting https://connect.gms.online/login.html, or by contacting us. We will consider and act upon any request in accordance with applicable data protection laws.

Want to learn more about what we do with any information we collect? Review the Privacy Notice in full.

TABLE OF CONTENTS

WHAT INFORMATION DO WE COLLECT?
HOW DO WE PROCESS YOUR INFORMATION?
WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
HOW LONG DO WE KEEP YOUR INFORMATION?
HOW DO WE KEEP YOUR INFORMATION SAFE?
DO WE COLLECT INFORMATION FROM MINORS?
WHAT ARE YOUR PRIVACY RIGHTS?
CONTROLS FOR DO-NOT-TRACK FEATURES
DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
DO WE MAKE UPDATES TO THIS NOTICE?
HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

(1) WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:

Names
Phone numbers
Email addresses
Mailing addresses
Job titles
Usernames
Passwords
Contact preferences
Contact or authentication data
Billing addresses
Bank account information
Health insurance related information

Sensitive Information. When necessary, with your consent or as otherwise permitted by applicable law, we process the following categories of sensitive information:

Health data
Financial data
Biometric data
Information revealing race or ethnic origin
Information revealing trade union membership
Social security numbers or other government identifiers

Application Data. If you use our application(s), we also may collect the following information if you choose to provide us with access or permission:

Geolocation Information. We may request access or permission to track location-based information from your mobile device, either continuously or while you are using our mobile application(s), to provide certain location-based services. If you wish to change our access or permissions, you may do so in your device’s settings.

This information is primarily needed to maintain the security and operation of our application(s), for troubleshooting, and for our internal analytics and reporting purposes.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

(2) HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.
To deliver and facilitate delivery of services to the user. We may process your information to provide you with the requested service.
To respond to user inquiries/offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.
To send administrative information to you. We may process your information to send you details about our products and services, changes to our terms and policies, and other similar information.
To comply with our legal obligations. We may process your information to comply with our legal obligations, respond to legal requests, and exercise, establish, or defend our legal rights.
Personal Information. Health Insurance Policy Enrollment

(3) WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: We may share information in specific situations described in this section and/or with the following categories of third parties.

Vendors, Consultants, and Other Third-Party Service Providers. We may share your data with third-party vendors, service providers, contractors, or agents (“third parties”) who perform services for us or on our behalf and require access to such information to do that work. We have contracts in place with our third parties, which are designed to help safeguard your personal information. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will also not share your personal information with any organization apart from us. They also commit to protect the data they hold on our behalf and to retain it for the period we instruct.

The categories of third parties we may share personal information with are as follows:

Data Storage Service Providers
Finance & Accounting Tools
Government Entities
Payment Processors
User Account Registration & Authentication Services
Order Fulfillment Service Providers
Performance Monitoring Tools

We also may need to share your personal information in the following situations:

Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
Affiliates. We may share your information with our affiliates, in which case we will require those affiliates to honor this Privacy Notice. Affiliates include our parent company and any subsidiaries, joint venture partners, or other companies that we control or that are under common control with us.
Business Partners. We may share your information with our business partners to offer you certain products, services, or promotions.

(4) HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Notice unless otherwise required by law.

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). No purpose in this notice will require us to keep your personal information for longer than thirty-six (36) months past the termination of the user’s account.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

(5) HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

(6) DO WE COLLECT INFORMATION FROM MINORS?

In Short: We do not knowingly collect data from or market to children under 18 years of age.

We do not knowingly collect, solicit data from, or market to children under 18 years of age, nor do we knowingly sell such personal information. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data, we may have collected from children under-age 18, please contact us at connecthelp@groupmgmt.com.

(7) WHAT ARE YOUR PRIVACY RIGHTS?

In Short: You may review, change, or terminate your account at any time, depending on your country, province, or state of residence.

Withdrawing your consent: If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us by using the contact details provided in the section “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?” below.

However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Account Information

If you would at any time like to review or change the information in your account or terminate your account, you can:

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.

If you have questions or comments about your privacy rights, you may email us at connecthelp@groupmgmt.com.

(8) CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Notice.

California law requires us to let you know how we respond to web browser DNT signals. Because there currently is not industry or legal standard for recognizing or honoring DNT signals, we do not respond to them at this time.

Global Privacy Control: We recognize and honor Global Privacy Control (GPC) signals. If you use a browser or extension that supports GPC, we will treat this as a valid request to opt out of the sale or sharing of your personal information for targeted advertising purposes under applicable state privacy laws, including the California Consumer Privacy Act (CCPA). When we detect a GPC signal from your browser, we will automatically apply your opt-out preference without requiring you to take any additional action. For more information about GPC and how to enable it, visit globalprivacycontrol.org.

(9) DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: If you are a resident of California, you may have the right to request access to and receive details about the personal information we maintain about you and how we have processed it, correct inaccuracies, get a copy of, or delete your personal information. You may also have the right to withdraw your consent from our processing of your personal information. These rights may be limited in some circumstances by applicable law. More Categories of Personal Information We Collect information is provided below.

The table below shows the categories of personal information we have collected in the past twelve (12) months. The table includes illustrative examples of each category and does not reflect the personal information we collect from you. For a comprehensive inventory of all personal information we process, please refer to the section “WHAT INFORMATION DO WE COLLECT?”

We only collect sensitive personal information, as defined by applicable privacy laws or the purposes allowed by law or with your consent. Sensitive personal information may be used, or disclosed to a service provider or contractor, for additional, specified purposes. You may have the right to limit the use or disclosure of your sensitive personal information. We do not collect or process sensitive personal information for the purpose of inferring characteristics about you.

We may also collect other personal information outside of these categories through instances where you interact with us in person, online, or by phone or mail in the context of:

Receiving help through our customer support channels; and
Participation in customer surveys or contests; and
Facilitation in the delivery of our Services and to respond to your inquiries.

We will use and retain the collected personal information as needed to provide the Services or for:

Category A – 36 Months
Category B – 36 Months
Category C – 36 Months
Category G – 36 Months
Category I – 36 Months
Category L – 36 Months

Sources of Personal Information

Learn more about the sources of personal information we collect in “WHAT INFORMATION DO WE COLLECT?”

How We Use and Share Personal Information

Learn more about how we use your personal information in the section, “HOW DO WE PROCESS YOUR INFORMATION?”

We collect and share your personal information through:

Getting Health Insurance Quotes
Providing statistical employee data to reporting agencies

Will your information be shared with anyone else?

We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. Learn more about how we disclose personal information in the section, “WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?”

We may use your personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be “selling” your personal information.

We have disclosed the following categories of personal information to third parties for a business or commercial purpose in the preceding twelve (12) months:

Category A. Identifiers
Category B. Personal information as defined in the California Customer Records law
Category C. Characteristics of protected classifications under state or federal law
Category G. Geolocation data
Category l. Professional or employment-related information
Category L. Sensitive personal information

The categories of third parties to whom we disclosed personal information for a business or commercial purpose can be found under “WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?”

We have sold or shared the following categories of personal information to third parties in the preceding twelve (12) months:

The categories of third parties to whom we sold personal information are:
The categories of third parties to whom we shared personal information with are:
- User Account Registration & Authentication Services
- Health Insurance Providers
- Financial Institutions
- Retirement Planning Institutions
- Government Reporting Agencies

Your Rights

You have rights under certain US state data protection laws. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law. These rights include:

Right to know whether or not we are processing your personal data
Right to access your personal data
Right to correct inaccuracies in your personal data
Right to request the deletion of your personal data
Right to obtain a copy of the personal data you previously shared with us
Right to non-discrimination for exercising your rights
Right to opt out of the processing of your personal data if it is used for targeted advertising (or sharing as defined under California’s privacy law), the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects (“profiling”)

Depending upon the state where you live, you may also have the following rights:

Right to obtain a list of the categories of third parties to which we have disclosed personal data (as permitted by applicable law, including the privacy law in California)
Right to limit use and disclosure of sensitive personal data (as permitted by applicable law, including the privacy law in California)

How to Exercise Your Rights

To exercise these rights, you can contact us by visiting https://connect.gms.online/login.html, by emailing us at connecthelp@groupmgmt.com, or by referring to the contact details at the bottom of this document.

You can opt out from the selling of your personal information, targeted advertising, or profiling by disabling cookies in Cookie Preference Settings.

We will honor your opt-out preferences if you enact the Global Privacy Control (GPC) opt-out signal on your browser.

Under certain US state data protection laws, you can designate an authorized agent to make a request on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with applicable laws.

Request Verification

Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. We will only use personal information provided in your request to verify your identity or authority to make the request. However, if we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purpose of verifying your identity and for security or fraud-prevention purposes.

If you submit the request through an authorized agent, we may need to collect additional information to verify your identity before processing your request and the agent will need to provide a written and signed permission from you to submit such request on your behalf.

(10) DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated “Revised” date at the top of this Privacy Notice. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.

(11) HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may email us at connecthelp@groupmgmt.com or contact us by post at:

Group Management Services, Inc.
3750 Timberlake Dr.
Richfield, OH 44286
United States

(12) HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

You have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law. To request to review, update, or delete your personal information, please visit: https://connect.gms.online/login.html.

Colorado, Connecticut, Utah & Virginia Consumer Privacy Statement

This section of our Privacy policy supplements and incorporates our general privacy policy, available on our website.

Collection and Disclosure of Personal Data

The following details which categories of Personal Data we collect and process, as well as which categories of third parties may have access to your data for operational business purposes.

Categories of Personal Data

Identifiers
Such as name, contact information, unique personal identifiers, email address, IP address, online identifiers, government-issued identifiers.

Personal Data
Such as name, contact information, financial, education, employment information.

Characteristics of Protected Classifications
Such as race, religion, sex, creed, color, national origin, disability, military status, etc.

Commercial Information
Such as transaction information and purchase history, including purchases considered, consuming histories or tendencies.

Biometric Information
GMS does not collect biometric data from visitors to its website. Certain GMS clients may obtain biometric date by the use of time clocks or finger scans or similar technology. Information relating to the use of such data for GMS clients can be obtained in the Biometric Information section of our Customer Service Agreement, available here.

Internet or Network Activity Information
Such as IP address, mobile device ids, MAC address, browsing history, search history.

Geolocation Data
Such as precise location/tracking data and coarse location/tracking data.

Audio/Video Data
Such as photographs.

Education Information
Such as education and training history, education degrees, qualifications/certifications.

Employment Information
Such as professional or employment related information such as work history and prior employer, background checks, performance rating or feedback, employer, occupation title/job role.

Inferences
Such as any assumptions drawn from any of the Personal Data listed above to create a profile about, for example, an individual’s preferences or characteristics. This is only applicable to consumers that purchase our TMBC product due to the nature of the product.

Sensitive Personal Data
Such as racial or ethnic origin, religious beliefs, mental or physical health diagnoses, condition, history or treatment, sexual orientation and sex life, citizenship or immigration status, genetic data, biometric data, precise geolocation data, Personal Data collected from a known child.

Disclosure of Personal Data to Third Parties

GMS may disclose all of the above categories of Personal Data to the following categories of Third Parties, or n the following situations: 1) Service Providers/Subcontractors; GMS-Related Entities; 3) When Required by Law; 4) In a Corporate Transaction (such as a sale or merger, etc.); 5) If you consent.

We do not sell Personal Data.

Purposes for the Collection, Use and Sharing of Personal Data

Whether you are a consumer or a professional seeking a relationship to GMS or already with a relationship, GMS might use your Personal Data for any of the following Business Purposes:

(1) To initiate, assess, develop, maintain, or expand a business relationship, including negotiating, contracting, and fulfilling obligations under contracts; (2) For due diligence regarding the Individual’s qualifications and eligibility for the relationship; (3) To send transactional communications (such as requests for information, responses to requests for information, orders, confirmations, training, and service updates); (4) For account management, accounting, finance, dispute resolution purposes, or consolidated management and reporting; (5) for quality control and to ensure compliance with company standards and policies; (6) For risk management and risk mitigation, including for audit and insurance functions, and as needed to protect company property and assets, including intellectual property; (7) For cyber security management; (8) for Data Security Breach purposes; and (9) To anonymize or de-identify the Personal Data.

GMS may also use Personal information for reasons of business necessity, such as to protect the privacy and security of the data; (ii) for treasury operations and money movement activities; (ii) for compliance functions, including screening Individuals against sanction lists in connection with anti-money laundering programs; (iv) for business structuring activities (such as mergers and acquisitions) and general business activities, management reporting, and analysis.

GMS does not sell, rent or lease its customer lists to third parties. However, we might provide such information to business partners with whom you have interacted or otherwise authorized providing such information. For example, if you are referred to GMS from a business partner website, we may provide that partner with your contact information and certain economic and financial information, such as bank account information, to validate the referral. We may also provide your contact information to companies that offer complementary products and services if you request information about these solutions.

Consumer Rights

Subject to applicable law, you may make the following requests:

(a) Right to Know — You may request to know whether we process your Personal Data and request to access such Personal Data, including, where applicable, a request to obtain a copy of the Personal Data you provided to us in a portable format;

(b) Right to Request Correction of your Personal Data — You may request to correct inaccuracies in your Personal Data;

(d) Right to Opt-out of Targeted Advertising — You may request to opt out of targeted advertising, via our web site.

We will not unlawfully discriminate against you for exercising your rights under applicable privacy law.

How to Submit a Rights Request

To make a privacy request, please contact us by emailing us at privacy@groupmgmt.com or by mailing us at:

GMS
P.O. Box 21933
Eagan, MN 55121

We will verify and respond to your request consistent with applicable law, taking into account the type and sensitivity of the Personal Data subject to the request. We may need to request additional Personal Data from you, such as your name and email address, in order to verify your identity and protect against fraudulent requests. If you maintain a password-protected account with us, we may verify your identity through our existing authentication practices for your account and require you to re-authenticate yourself before disclosing or deleting your Personal Data. If you make a request to delete, we may ask you to confirm your request before we delete your Personal Data.

To request to opt out of any future sharing of your Personal Data for purposes of targeted advertising, please click the applicable Cookie Preferences to toggle off advertising cookies.

Appeal Process

If you are a Colorado, Virginia, or Connecticut consumer, and we refuse to take action on your request, you may appeal our refusal within a reasonable period after you have received notice of the refusal. You may file an appeal by contacting us via email at privacy@groupmgmt.com.

Changes to this Consumer Privacy Statement

We may change or update this Privacy Statement from time to time. When we do, we will communicate updates to this Privacy Statement by posting the updated Statement on this page with a new “Last Updated” date.

Contact Us

If you have any questions regarding this Consumer Privacy Statement, please contact us at privacy@groupmgmt.com. You may also reach us at:

GMS
P.O. Box 21933
Eagan, MN 55121

Nevada Privacy Rights

GMS collects personal information from you in the course of providing requested services. Unless otherwise stated, GMS does not sell any Covered Information, as defined under Nevada law (S.B. 220). Further information may be found in the GMS general Privacy statement, incorporated by reference herein. If you would like to make a further inquiry regarding the selling of your Covered Information, as defined under Nevada law, please contact privacy@groupmgmt.com.