Group Management Services Privacy Policy

Overview

At GMS, protecting your private information is our priority. This Statement of Privacy applies to the information gathering, usage and dissemination practices for the GMS website. It explains how we collect, use, share, and otherwise process the personal information of users in connection with our Service. Personal Data is any information that can be used to identify, locate, or contact you.

Some examples of Personal Data include your name, username, mailing address, telephone numbers, email address, geographic location, creditworthiness, customer account information, or other information about how you use our company websites. By using the GMS website, you consent to the data practices described in this statement. For specific state privacy legislation, please see further below.

Data privacy, and the privacy of the information provided, is important to us. We use reasonable care to protect data provided to us by or on behalf of our clients or prospective clients and their employees, or from visitors to our website from loss, misuse, unauthorized access, disclosure, alteration, and untimely destruction. This Policy governs personal information collected, processed, or disclosed by GMS for its own purposes, as well as information provided to us as a service provider for our Clients. It protects information collected online as well as offline. We may receive personal data from our Clients about their current and/or prospective workers, as well as workers’ dependents and/or family members as needed to provide services. We will collect and process such personal information as instructed or permitted by our Clients or in accordance with this Policy.

We do not grant access to personal information except as set forth herein. We do not share or sell personal information provided or transmitted to our website with any third parties for their own marketing purposes. At times, we may provide links to other websites not affiliated with us. We encourage you to be aware when you leave our website, and to read applicable privacy policies of third parties concerning how they might use or process your information.

As explained further below, in most cases we collect Personal Data directly from you, when you interact with us online or in other ways. The following provides more information on how we obtain and/or disclose such data.

Please note, we may also use and disclose information about you that is not personally identifiable. Such information might be in the form of aggregated or statistical data about our Clients. However, such information would not enable the recipient to contact, locate or identify you.

What Information is Collected

We limit the information that we collect, to the information that we need - to provide our services, to administer and improve the GMS website, and to fulfill any legal and regulatory requirements to which we might be subject.

The categories of personal information that we may collect include the following:

1) Contact information to allow us to communicate with you or to provide services; 2) Financial and bank account information as needed to provide services; 3) Social security number, date of birth, name, address, email address, phone number, including mobile phone number, and other details as needed to provide services; 4) Credit, debit, or payment card information (if used); 5) Credit or debt history regarding creditworthiness or credit history, with proper disclosures; 6) Health and benefits information, which may include health plan numbers, beneficiary or dependent identification and contact information, and other health information as needed to provide services; 7) Employment history and application information submitted through our recruiting portal; 8) location data, including your IP address, to provide services, or, if geolocation Services are enabled for time and attendance tracking; and finally 9) Other personal information as needed to provide specific services.

How Personal Information is Collected or Transmitted

To access or use certain information, features, or services, you may be required to provide personal information. Personal information is primarily collected, submitted, and/or transmitted:

1) When a Client provides it to us to facilitate the processing of services; 2) From visitors to our website; 3) From applications, forms, webinars, surveys, and other information visitors provide us; 4) When visitors to our site request information about our Services, or contact our customer service or support departments via phone, email, chat or other forms of communication; 5) From consumer and business reporting agencies regarding creditworthiness or credit history; and finally 6) Between GMS and third party vendors.

Use of Data

Whether you are an individual consumer or a professional seeking a relationship to GMS, or already have a relationship with us, GMS might use your Personal Data for any of the following Business Purposes:

(1) To initiate, assess, develop, maintain, or expand a business relationship, including negotiating, contracting, and fulfilling obligations under contracts; (2) For due diligence regarding qualifications and eligibility for the relationship; (3) To send transactional communications (such as requests for information, responses to requests for information, orders, confirmations, training, and service updates); (4) For account management, accounting, finance, dispute resolution purposes, or consolidated management and reporting; (5) for quality control and to ensure compliance with company standards and policies; (6) For risk management and risk mitigation, including for audit and insurance functions, and as needed to protect company property and assets, including intellectual property; (7) For cyber security management; (8) for Data Security Breach purposes; and (9) To anonymize or de-identify the Personal Data.

GMS may also use Personal information for reasons of business necessity, such as to protect the privacy and security of the data; (ii) for treasury operations and money movement activities; (ii) for compliance functions, including (should it be necessary) screening Individuals against sanction lists in connection with anti-money laundering programs; (iv) for business structuring activities (such as mergers and acquisitions) and general business activities, management reporting, and analysis.

GMS may use the data for marketing functions, when legally permissible, such as compliance alerts to applicable changes in the law, product updates, training opportunities and invitations to GMS events), customer satisfaction surveys, supplier communications (e.g., requests for proposals), corporate communications, and general GMS news. In addition, GMS may use personal data to develop and improve its own services, such as by research and development and analytics.

GMS does not sell, rent, or lease your personal data to third parties. However, we might provide such information to business partners with whom you have interacted or otherwise authorized providing such information. For example, if you are referred to GMS from a business partner website, we may provide that partner with your contact information and certain economic and financial information, such as bank account information, to validate the referral. We may also provide your contact information to companies that offer complementary products and services if you request information about these solutions.

Finally, GMS may also use your personal data, when and if needed, for 1) disaster recovery and business continuity; 2) Internal audits or investigations; 3) Implementation or verification of business controls; 4) Statistical or historical research; 5) litigation or dispute resolution; 6) legal or business counseling; 7) compliance reasons; 7) Insurance purposes; 8) to enforce our rights or the rights and safety or others, or 9) when required to do by law.

Cookies and Other Data Collection Technologies

When you visit our website or use our mobile applications, we collect certain information by automated means, using technologies such as cookies. For example, when you visit our website, we place cookies on your computer. Cookies are small text files that websites send to your computer or other Internet-connected device to uniquely identify your browser or to store information or settings in your browser. Cookies allow us to recognize you when you return. They also help us provide a customized experience and enable us to detect certain kinds of fraud. In many cases, you can manage cookie preferences and opt-out of having cookies and other data collection technologies used by adjusting the settings on your browser. All browsers are different, so visit the “help” section of your browser to learn about cookie preferences and other privacy settings that may be available.

GMS also uses cookies, pixel tags, (also known as local stored objects) web beacons, and similar technologies to personalize and enhance your online experience. These are tiny graphic images placed on website pages or in our emails that allow us to determine whether you have performed a specific action. When you access these pages or open or click an email, the pixel tags and web beacons generate a notice of that action. These tools allow us to measure response to our communications and improve our web pages and promotions. GMS does not use these devices or similar technologies for behavioral or interest-based advertising purposes.

We collect many different types of information from cookies and other technologies. For example, we collect information from the device you use to access our website, your operating system type, browser type, domain, and other system settings, as well as the language your system uses and the country and time zone where your device is located. Our server logs also record the Internet Protocol (IP) address assigned to the device you use to connect to the Internet. An IP address is a unique number that devices use to identify and communicate with each other on the Internet. We may also collect information about the website you were visiting before you came to GMS and the website you visit after you leave our site.

In many cases, the information we collect using cookies and other tools is only used in a non-identifiable way, without reference to Personal Data. For example, we use information we collect about website users to optimize our websites and to understand website traffic patterns. In some cases, we do associate the information we collect using cookies and other technology with your Personal Data. This Privacy Statement applies to the information when we associate it with your Personal Data.

Our website may include embedded YouTube, Vimeo, or other videos. When you click on an embedded video, that video is loaded from a domain operated by the video hosting platform. Although we have enabled the privacy controls where applicable for embedded videos, which may prevent the video hosting platform from placing tracking cookies on your device when viewing these videos on our site, the video hosting platform capacity still collect your IP address and other devices information for their own purposes.

GMS has or may establish relationships with Third-Party advertising companies to place advertisements on this website and other websites, and to perform tracking and reporting functions for this website and other websites. These Third-Party advertising companies may place cookies on your computer when you visit our website or other websites so they can display targeted advertisements to you. These Third-Party advertising companies do not collect Personal Data in this process, and we do not give Personal Data to them as part of this process. This Privacy Statement does not cover the collection methods or use of the information collected by these vendors. For more information about Third Party advertising, please visit the Network Advertising Initiative (NAI) at www.networkadvertising.org. You may opt out of being targeted by many Third-Party advertising companies by visiting http://bit.ly/2Ig9IgT.

Although our website currently does not have a mechanism to recognize the various web browser Do Not Track signals, we do offer Individuals choices to manage their preferences that are provided in the previous sections above, as mentioned in the first paragraph of this section. We do expect our Third Party advertising companies to use reasonable efforts to respect browser Do Not Track signals by not delivering targeted advertisements to website visitors whose browsers have a Do Not Track setting enabled. However, we understand that some companies do not have this capability today. To learn more about browser tracking signals and Do Not Track please visit http://www.allaboutdnt.org/.

Mobile Applications

GMS offers mobile applications that allow you to access your account, interact with us online, and receive other information via your mobile device. Personal Data collected by GMS via our mobile applications is protected by the terms of this Privacy Statement or our Privacy Statement for Client Employees, as applicable.

Communication Preferences

You may limit the information you provide to GMS. You may also limit the communications that GMS sends to you. To opt-out of commercial emails, simply click the link labeled “unsubscribe” at the bottom of any email we send you.

Please note that if you are currently receiving services from GMS and you have decided to opt-out of promotional emails, this will not impact the messages we send to you for purposes of delivering such services.

If you have questions about your choices or if you need assistance with opting-out, please contact us via email to privacy@groupmgmt.com. You may also write us at the address in the How to Contact Us section below. If you send us a letter, please provide your name, address, email address, and information about the communications that you do not want to receive.

Access, Correction, Erasure, and Other Individual Rights

GMS respects your right to access, correct, and delete your Personal Data, or object to the processing of your Personal Data, all when or where required by law. If you have an online account, you may log into your account to access update, or delete the information you have provided to us. Additionally, you may contact privacy@groupmgmt.com to request access to your data, and to exercise any of the individual rights afforded to you by GMS’s Privacy Code for Business Data, or by applicable data protection laws and regulations. You may also write to us at the address in the How to Contact Us section below. If you send us a letter, please provide your name, address, email address, and detailed information about the changes you would like to make. GMS will respond to requests as soon as possible and in accordance with applicable data protection laws and regulations.

Information Security

GMS is committed to maintaining the appropriate organizational, technical, and physical controls to protect Personal Data entrusted to GMS. These controls protect Personal Data from anticipated threats and hazards as well as unauthorized access and use. In each case, GMS will strive to provide security that is proportional to the sensitivity of the Personal Data being protected, with the greatest effort being focused on protecting Sensitive Personal Data and other Personal Data whose compromise could result in substantial harm or inconvenience to the Individual.

Data Retention

GMS will only retain your information for as long as necessary for the Purposes for which the Personal Data is processed. GMS has established records retention schedules for all types of Personal Data that GMS processes. Personal Data is retained in accordance with the records retention schedules to ensure that records containing Personal Data are retained as needed to fulfill the applicable Business Purposes, to comply with applicable laws, or as advisable in light of applicable statutes of limitations. When the retention period has expired, records containing Personal Data will be securely deleted or destroyed, de-identified, or transferred to archive, in accordance with GMS’s records retention Policy.

Job Applicants

If you have applied for employment with GMS, the Personal Data submitted with your job application will be added to our recruitment system and used for recruitment and other customary human resources purposes in accordance with our GMS Applicant Privacy Statement.

State Specific Privacy Laws

Various U.S. states have specific laws relative to Privacy. To view these specific state requirements, please scroll down.

How to Contact Us

Please contact us if you have questions, or comments, at privacy@groupmgmt.com. You may reach us via mail at address below. If you send us a letter, please provide your name, address, email address, and detailed information about your question, comment, or complaints.

GMS
P.O. Box 21933
Eagan, MN 55121

How to Lodge a Complaint

If you believe that GMS has not handled your Personal Data properly or that it has breached its privacy obligations, under any applicable data protection laws or the GMS Privacy Code for Business Data or of Applicable Law, you may file your complaint in writing to the address above, or via email, to the Chief Privacy Officer at privacy@groupmgmt.com.

California

Pursuant to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (collectively, the “CCPA”), GMS hereby provides the following Privacy Statement to explain how we might collect, use or disclose Personal Data from residents of California, including but not limited to users who visit our websites or consumers who receive services directly from us.

For purposes of this Privacy Statement, Personal Data is information that identifies, relates to, or could reasonably be linked with a particular California resident or household.

This California section of our Privacy policy supplements and incorporates our general privacy policy, available on our website.

Collection, Disclosure, and Sharing of Personal Data

The following details which categories of Personal Data we collect and process, which categories of third parties may have access to your Personal Data for operational business purposes, as well as which categories of Personal Data we “share” for purposes of cross-context behavioral advertising, including within the 12 months preceding the date this Privacy Statement was last updated.

Sources of Personal Data

We collect this Personal Data actively (e.g. direct input from individual) or passively (e.g. website cookies) from you. Additionally, we may also collect Personal Data from third-party sources, such as our affiliates, business partners, and service providers, listed above where applicable.

Categories of Personal Information Sold or Shared to Third Parties

GMS does not sell or share Personal Information with Third Parties. We only make business purpose disclosures as detailed above and pursuant to written contracts that describe the purposes of use, require the recipient to keep Personal Information confidential, and prohibit using the disclosed information for any purpose except performing the contract.

Consumer Rights under CCPA

The CCPA provides consumers with specific rights regarding their Personal Information. This section explains how those rights may be exercised. As a Service Provider to our Clients, we may not be able to execute all requests. Consumers may wish to reach out to their employer or former employer when making such requests.

Consumers have the right to request to certain information about our collection and use of Personal Information (the "Right to Know") or access to specific pieces of personal information (“Specific Request to Know”). Consumers may only submit two requests per a twelve-month period.

Consumers have the right to request correction of Personal Information (“Right to Correct”). We have processes in place to allow consumers to correct Personal Information. Please see this information in our Privacy Policy (See, Access, Correction, Erasure, and Other Individual Rights.)

Consumers have the right to request deletion of Personal Information, subject to certain exceptions (the "Right to Delete"). Once we receive a request and confirm the consumer’s identity we will review the request to determine if an exception allowing us to retain the information applies. We may deny a deletion request if retaining the Personal Information is necessary for us to:

Complete the transaction(s) for which we collected the Personal Information including to provide Services to our Clients, provide a good or service that was requested, take actions reasonably anticipated within the context of our ongoing business relationship with our Clients, or otherwise to fulfill our contractual obligations; and/or as otherwise allowed by the CCPA.

We will not discriminate against consumers for exercising CCPA rights, including refusing Services or offering different pricing models.

How To Exercise Rights Under CCPA

California consumers or authorized agents may submit a request by emailing us at privacy@groupmgmt.com or by writing to us at:

GMS
P.O. Box 21933
Eagan, MN 55121

We will verify and respond to your request consistent with applicable law, taking into account the type and sensitivity of the Personal Data subject to the request. We may need to request additional Personal Data from you, such as your name and email address, in order to verify your identity and protect against fraudulent requests. If you maintain a password-protected account with us, we may verify your identity through our existing authentication practices for your account and require you to re-authenticate yourself before disclosing or deleting your Personal Data. If you make a request to delete, we may ask you to confirm your request before we delete your Personal Data.

Authorized Agents Submitting a Request on Behalf of a Consumer

You may choose to designate an authorized agent to make a request under the CCPA on your behalf. No information will be disclosed until the authorized agent’s authority has been reviewed and verified. Agents may be asked to provide proof of their status as an authorized agent. Once a request has been submitted by an authorized agent, we may require additional information from you to verify your identity as described in the section entitled “How to Submit a California Rights Request” or confirm that you provided the agent permission to submit the request. Authorized agents click here to submit a request.

Updates to this CCPA Policy

Please refer to this CCPA Policy regularly as it may be revised due to legislative changes, changes in technology or our privacy practices or new uses of customer information not previously disclosed in this CCPA Policy. Revisions are effective upon posting. If you have any comments, concerns or questions about this CCPA Policy, please contact the Chief Privacy Officer at privacy@groupmgmt.com.

Colorado, Connecticut, Utah & Virginia Consumer Privacy Statement

This section of our Privacy policy supplements and incorporates our general privacy policy, available on our website.

Collection and Disclosure of Personal Data

The following details which categories of Personal Data we collect and process, as well as which categories of third parties may have access to your data for operational business purposes.

Categories of Personal Data

Identifiers
Such as name, contact information, unique personal identifiers, email address, IP address, online identifiers, government-issued identifiers.

Personal Data
Such as name, contact information, financial, education, employment information.

Characteristics of Protected Classifications
Such as race, religion, sex, creed, color, national origin, disability, military status, etc.

Commercial Information
Such as transaction information and purchase history, including purchases considered, consuming histories or tendencies.

Biometric Information
GMS does not collect biometric data from visitors to its website. Certain GMS clients may obtain biometric date by the use of time clocks or finger scans or similar technology. Information relating to the use of such data for GMS clients can be obtained in the Biometric Information section of our Customer Service Agreement, available here.

Internet or Network Activity Information
Such as IP address, mobile device ids, MAC address, browsing history, search history.

Geolocation Data
Such as precise location/tracking data and coarse location/tracking data.

Audio/Video Data
Such as photographs.

Education Information
Such as education and training history, education degrees, qualifications/certifications.

Employment Information
Such as professional or employment related information such as work history and prior employer, background checks, performance rating or feedback, employer, occupation title/job role.

Inferences
Such as any assumptions drawn from any of the Personal Data listed above to create a profile about, for example, an individual’s preferences or characteristics. This is only applicable to consumers that purchase our TMBC product due to the nature of the product.

Sensitive Personal Data
Such as racial or ethnic origin, religious beliefs, mental or physical health diagnoses, condition, history or treatment, sexual orientation and sex life, citizenship or immigration status, genetic data, biometric data, precise geolocation data, Personal Data collected from a known child.

Disclosure of Personal Data to Third Parties

GMS may disclose all of the above categories of Personal Data to the following categories of Third Parties, or n the following situations: 1) Service Providers/Subcontractors; GMS-Related Entities; 3) When Required by Law; 4) In a Corporate Transaction (such as a sale or merger, etc.); 5) If you consent.

We do not sell Personal Data.

Purposes for the Collection, Use and Sharing of Personal Data

Whether you are a consumer or a professional seeking a relationship to GMS or already with a relationship, GMS might use your Personal Data for any of the following Business Purposes:

(1) To initiate, assess, develop, maintain, or expand a business relationship, including negotiating, contracting, and fulfilling obligations under contracts; (2) For due diligence regarding the Individual’s qualifications and eligibility for the relationship; (3) To send transactional communications (such as requests for information, responses to requests for information, orders, confirmations, training, and service updates); (4) For account management, accounting, finance, dispute resolution purposes, or consolidated management and reporting; (5) for quality control and to ensure compliance with company standards and policies; (6) For risk management and risk mitigation, including for audit and insurance functions, and as needed to protect company property and assets, including intellectual property; (7) For cyber security management; (8) for Data Security Breach purposes; and (9) To anonymize or de-identify the Personal Data.

GMS may also use Personal information for reasons of business necessity, such as to protect the privacy and security of the data; (ii) for treasury operations and money movement activities; (ii) for compliance functions, including screening Individuals against sanction lists in connection with anti-money laundering programs; (iv) for business structuring activities (such as mergers and acquisitions) and general business activities, management reporting, and analysis.

GMS does not sell, rent or lease its customer lists to third parties. However, we might provide such information to business partners with whom you have interacted or otherwise authorized providing such information. For example, if you are referred to GMS from a business partner website, we may provide that partner with your contact information and certain economic and financial information, such as bank account information, to validate the referral. We may also provide your contact information to companies that offer complementary products and services if you request information about these solutions.

Consumer Rights

Subject to applicable law, you may make the following requests:

(a) Right to Know -- You may request to know whether we process your Personal Data and request to access such Personal Data, including, where applicable, a request to obtain a copy of the Personal Data you provided to us in a portable format;

(b) Right to Request Correction of your Personal Data -- You may request to correct inaccuracies in your Personal Data;

(d) Right to Opt-out of Targeted Advertising -- You may request to opt out of targeted advertising, via our web site.

We will not unlawfully discriminate against you for exercising your rights under applicable privacy law.

How to Submit a Rights Request

To make a privacy request, please contact us by emailing us at privacy@groupmgmt.com or by mailing us at:

GMS
P.O. Box 21933
Eagan, MN 55121

To request to opt out of any future sharing of your Personal Data for purposes of targeted advertising, please click the applicable Cookie Preferences to toggle off advertising cookies.

Appeal Process

If you are a Colorado, Virginia, or Connecticut consumer, and we refuse to take action on your request, you may appeal our refusal within a reasonable period after you have received notice of the refusal. You may file an appeal by contacting us via email at privacy@groupmgmt.com.

Changes to this Consumer Privacy Statement

We may change or update this Privacy Statement from time to time. When we do, we will communicate updates to this Privacy Statement by posting the updated Statement on this page with a new “Last Updated” date. For a printable copy of this Privacy Statement, please click here.

Contact Us

If you have any questions regarding this Consumer Privacy Statement, please contact us at privacy@groupmgmt.com. You may also reach us at:

GMS
P.O. Box 21933
Eagan, MN 55121

Nevada Privacy Rights

GMS collects personal information from you in the course of providing requested services. Unless otherwise stated, GMS does not sell any Covered Information, as defined under Nevada law (S.B. 220). Further information may be found in the GMS general Privacy statement, incorporated by reference herein. If you would like to make a further inquiry regarding the selling of your Covered Information, as defined under Nevada law, please contact privacy@groupmgmt.com.