Privacy Statement

Privacy Statement

1.Introduction

1.1.Privacy Statement

GEP is fully committed to maintaining the privacy and personal information collected through GEP’s public Company Website and non-public web sites and software platforms (“GEP’s Technology Solution”). All privacy information is protected by GEP in accordance with the terms set forth in this Privacy Notice and GEP's terms of use (the Agreement). This Privacy Notice is incorporated by reference into and is fully subject to the terms of the Agreement. This Privacy Notice explains what personal data we collect from you, how we use it and to whom it is passed or provided.

2.Purpose

GEP's goals in collecting information, inclusive of any personal information, is to provide you with industry information regarding procurement and sourcing and to provide our clients and their suppliers with a secure, efficient and customized venue for electronic sourcing of products and services.  Personal Information, such as individual names, business address, business email, phone number, and non-Personal Information is retained for those providing consent to enable GEP to continue to provide information such as white papers and industry specific data to visitors of our Company Website.  Personal Information may also be required for use by our clients, and suppliers of our customers, of some features within GEP’s solution and to provide procurement services. Any Personal Information is stored in Microsoft® Azure® data centers in the U.S. & Europe where GEP’s technology platform solution is hosted.  This web link to the Microsoft® web sites describes the privacy policy and practices that govern use of Azure® and Microsoft®’s other enterprise online services.

https://privacy.microsoft.com/en-ca/privacystatement

In addition to maintaining information, GEP may use your Personal Information for its internal business operations, to provide you with a subscription, including research and analysis in order to optimize the website and the services provided thereby and better serve its client’s and members' needs.

Because GEP understands the importance of protecting the privacy of visitors to its website, its clients and the suppliers to its clients (members) and maintaining the security of the Personal Information, GEP pledges that no Personal Information will be disclosed, distributed, published, disseminated, sold, traded, or shared with any third party, including advertisers, business or governmental organizations, or other clients or members.

Provided, however, that GEP shall be entitled to disclose Personal Information and/or member information to third parties in the following situations

  • When such disclosure is necessary to facilitate communications with members or transactions between members in accordance with the normal operation or services and transactions between members and clients;
  • When such disclosure is so ordered by any court, administrative body, governmental agency or regulatory agency, or when GEP in good faith determines that it is legally required to make such disclosure, or when such disclosure is requested by law enforcement authorities in connection with their investigations, or in the event of an emergency;
  • When enforcing the terms of the Agreement (including this privacy policy);
  • When communicating with a visitor to the Company Website, a client or member outside of GEP’s non-public websites and software platforms;
  • When GEP in good faith determines that such disclosure is necessary to correct what GEP believes to be false or misleading information or to address activities that GEP believes to be manipulative or deceptive;
  • GEP may aggregate and publish member information relating to activity within GEP’s non-public websites and software platforms, but such aggregated member information shall not include any member information that could be used to personally identify you; and
  • GEP may share Personal Information with our global affiliates, parent, subsidiaries, agents and integrated service providers that cooperate to provide content to visitors of the Company Website, and/or to provide GEP’s technology platform to clients. GEP Affiliates follow practices no less protective as per practices described in this policy and to the extent allowed by applicable law.

2.1.Personal Information

GEP collects personal data to operate effectively and provide you the best experiences within GEP’s Company website, as well as within GEP’s products and services and non-public websites and software platforms. Visitors, Clients, and members provide this data directly while registering on our web sites, through emails, by visiting our Company Website and/or by updating their profile in the SMART by GEP® technology platform procurement tool and through cookies.

IP address Information

Depending on whether you visit the Company Website, or are a client or member visiting a non-public website and/or software platform, the information gathered may include your Internet Protocol (IP) address (or the proxy server you use to access the World Wide Web), device and application identification numbers, your location, your browser type, your Internet service provider and/or mobile carrier, the pages and files you viewed, your searches, your operating system and system configuration information, and date/time stamps associated with your usage. Due to Internet communications standards, when you visit or use the Company’s Website and Services, we automatically receive the URL of the website from which you came and the website to which you go when you leave our Website. This information is used to analyze overall trends, to help us improve our Website and Services, to track and aggregate non-personal information, and to provide the Website and Services.

Cookies

Cookies are digital text files containing small amounts of website visitor information. They are downloaded to the computer or mobile device through an internet browser, and allow us to recognize our website users.

Why do we use cookies and similar technologies?

Cookies help in many ways, for example, letting you navigate between pages easily, remembering your preferences and generally improving your experience of using the website. They can also help make the advertisements you see online more relevant to you and your interests.

How does GEP use cookies for marketing and analytics?

We may use information collected from cookies through our website to identify user behavior and to serve content and offers based on user profiles, and for other purposes listed below, to the extent that is legally permissible in certain jurisdictions.

Some cookies we use don't collect information that identifies an individual visitor. For example:

  • Performance cookies (see table below)
  • Targeting cookies (see table below)

In other cases, we may be able to associate cookie information (including information from cookies placed through our advertisements on third-party websites) with an identifiable individual. For example:

  • When we send you an email which includes web beacons, cookies or similar web tracking technologies. we can determine whether you’ve opened, read, or deleted the message.
  • When you click a link in a marketing e-mail you’ve received from GEP, we can use a cookie to log the pages viewed and content download from our websites, even if you are not a registered member of — or signed into — our website.
  • Combination and analysis of personal data – As described above, we may combine data from publicly available sources, and from our different e-mail, website, and personal interactions with you (including information collected across our different websites, such as our corporate sites and careers and information collected when you sign up or log on to our sites, or connect to our sites using your social media credentials (such as LinkedIn). We may combine this data to better assess your experience with GEP and to perform the other activities described in our privacy policy.

Do you use any cookies from third-party companies?

Some of the cookies we use are from third-party companies — such as Google Analytics, Pardot, Remarketing, and LinkedIn Analytics —  to provide us with web analytics and intelligence regarding our websites. These companies use programming code to collect information about your interactions with our websites, such as the pages you’ve visited, the links you’ve clicked on, and the time you’ve spent on our websites. This code is only active while you are on our website.

Does GEP use any non-cookie tracking technologies?

We may also use web beacons (including conversion pixels) or other web tracking technologies for similar purposes as above and we may include these on our websites, in marketing e-mail messages, newsletters, and affiliated websites, to determine whether you have opened the messages or have clicked on the links. Web beacons do not place information on your device, but they may work in conjunction with cookies to monitor website activity. The information provided below about cookies also applies to web beacons and similar technologies. Conversion pixels are small codes located on a particular web page which are triggered when someone visits a page resulting in an increase in the conversion count.

What if I don’t want to have cookies on my device?

By using our Company Websites and/or our non-public websites and software platforms, you agree that we can place cookies on your device as explained in our terms of use. If you want to remove existing cookies from your device, you can do this by using your browser options. If you want to block future cookies being placed on your device, you can do so by changing your browser settings. For more information on how to manage your cookies, see All About Cookies - Manage Cookies. Currently, our Company Website, our non-public websites and software platforms do not recognize "Do Not Track" initiatives.

Please note that blocking and deleting cookies will impact your user experience as parts of the specific website may no longer work properly. Unless you have blocked cookies using your browser, our system will issue cookies as soon as you visit any of our websites, or click on a link in a targeted email that we have sent you, even if you have previously deleted our cookies.

What types of cookies are there and which ones does the site use?

The cookies used on GEP sites have been categorized on the basis of the categories found in the ICC UK Cookie Guide issued in 2012. However, it is important to note that not all cookies may be used in all jurisdictions or websites. A list of all the cookies used on this site by category is set out below. Within these four categories below, cookies are classified as either session or persistent cookies.

“Session” cookies are temporary and once you close the browser window, they are deleted from your device.

“Persistent” cookies remain on your device for a longer period and are used by the website to recognize your device when you return. You can find more information about cookies at: All About Cookies and Your Online Choices.

GEP uses both session and persistent cookies.

Category

Examples

Strictly Necessary cookies -

These cookies are essential in order to enable you to move around the site and use its features, such as accessing secure areas of the site. Without these cookies, services you have asked for cannot be provided.

We categorize the following as Strictly Necessary cookies:

  • Registered Visitor cookie – A unique identifier given to each registered user, used to recognize them through their visit and when they return to the site. (See also Functionality cookies below.)

Performance cookies - These cookies collect information about your visit and use of this website, for instance which pages you visit the most often, and if you get error messages from web pages. These cookies don't collect information that identifies a visitor. All information these cookies collect is anonymous and is only used to improve how this website works.

We categorize the following as Performance cookies:

  • Referrer URL (internal page) – Used to store the URL of the previous page visited. Allows us to track how visitors navigate throughout our site.
  • Referrer URL (external page, including if you click on links on GEP social media pages) – Used to store the URL which refers a visitor to our site so we may understand which URLs are referring visitors to our site.
  • URL history – Used to store the pages visited by a user.
  • Unregistered Visitor cookie – A unique identifier given to each visitor to allow analysis on how unregistered visitors use our site.
  • Session Management cookies – These cookies allow us to follow the actions of a user on our sites during a browser session. A browser session starts when a user opens the browser window, visits our sites and finishes when they leave our sites and close their browser window. Our Session Management cookies are created temporarily. Once you close your browser, our Session Management cookies are deleted.

Functionality cookies

These cookies allow a site to remember choices you make (such as your user name, language or the region you are in) and provide more enhanced, personal features.

These cookies cannot track your browsing activity on other websites. They don’t gather any information about you that could be used for advertising or remembering where you’ve been on the Internet outside our site.

We categorize the following as Functionality cookies:

  • Registered Visitor cookie – A unique identifier given to each registered user to our site, used to serve them content and offers based on their profiles. Also used for analysis and marketing purposes. (See also Strictly Necessary cookies above.)

Targeting cookies - These cookies are used to (1) deliver advertisements more relevant to you and your interests; (2) limit the number of times you see an advertisement; (3) help measure the effectiveness of the advertising campaign; and (4) understand people’s behavior after they view an advertisement. They are usually placed on behalf of advertising networks with the site operator’s permission. They remember that you have visited a site and quite often they will be linked to site functionality provided by the other organization.

GEP does not use third-party advertising on our site, so we do not use these Targeting cookies for advertising but we use them for gathering analytics and intelligence about the site.

We categorize the following as Targeting Cookies:

  • Gathering analytics and intelligence cookies
  • Third Party cookies. The Targeting cookies may also be used on third party websites and third parties may use them on our websites as follows:
  • Social media sites – Third-party social media sites may log information about you. This may include activities such as when you click an "Add This" or "Like" button for a social media site while on our site. We do not control such sites or their activities. You may be able to find information about social media sites on the sites themselves. We recommend you read the terms of use and privacy policy of such sites before using them.
  • GEP advertisements on non-GEP sites – Cookies may be placed on non-GEP sites so that when you click on an GEP advertisement located on these sites, GEP is provided with this information to enable us to measure the effectiveness of our advertising

If you have any questions now or during your visit, please submit your request through our Contact Us form.

Contact Information

GEP provides cutting edge procurement technology, consulting and outsourcing services to its clients across the globe. To operate effectively and provide efficient services to our clients, GEP collects email address, phone numbers and designations of the client users accessing procurement applications. This information helps GEP to establish smooth and secure communication with GEP clients.

3.Privacy principles

GEP complies with the Privacy requirements as set forth by the European Union’s data protection regulation as well as the EU – US and Swiss - US Privacy Shield Frameworks regarding the collection, use, and retention of Personal Information transferred from the European Union and/or Switzerland to a third country or an international organization outside the European union.  GEP adheres to the privacy principles relating to the processing of personal data.

  • Personal Information is processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’).
  • Personal Information is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’).
  • Personal Information is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed (‘data minimization’).
  • Information is accurate and, where necessary, kept up to date; every reasonable step is taken to provide that personal data which is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay (‘accuracy’).
  • Information is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed (‘storage limitation’).
  • Information is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’).   
  • When we collect your personal data, we'll give you timely and appropriate notice describing what personal data we’re collecting, how we'll use it, and the types of third parties with whom we may share it. We’ll give rights to access your personal data and method to communicate for any change.
  • We’ll give you choices about the ways we use, share your personal data, and we'll respect the choices you make.
  • To transfer Personal Information to a third party acting as a controller, we will comply with the Notice and Choice Principles. We will enter into a contract with the third-party controller to provide the same level of protection as the Principles.
  • We will take reasonable and appropriate measures to protect it from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the personal data.
  • We will not process Personal Information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual. To the extent necessary for those purposes, we will take reasonable steps to ensure that personal data is reliable for its intended use, accurate, complete, and current.
  • We'll provide ways for you to access your personal data, as required by law, so you can correct inaccuracies.
  • We’ll provide independent recourse mechanism by which each individual’s complaints and dispute are investigated and expeditiously resolved at no cost to the individual.

4.Individual rights

Please note the following which apply to an individual, in reference to the GDPR and a controller.  In most circumstances, GEP is not considered a controller and is operating as a processor.

  • An individual has the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit the data to another controller without hindrance from the controller to which the personal data have been provided.
  • An Individual has the right to object, on grounds relating to his or her particular situation, at any time, to the processing of personal data concerning him or her, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the individual or for the establishment, exercise or defense of legal claims.
  • An Individual has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
  • An individual has right to obtain from the controller confirmation as to whether or not personal data concerning him or her is being processed, and, where that is the case, access to the personal data and the following information is provided:
    • The purposes of the processing.
    • The categories of personal data concerned.
    • The recipients or categories of recipient to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organizations.
    • Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period.
    • The existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing.
    • The right to lodge a complaint with a supervisory authority.
    • Where the personal data is not collected from the data subject, any available information as to their source.
  • An individual has rights to deny or withdraw the consent anytime where relevant.
  • An individual has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
  • An individual has the right to obtain from the controller the erasure or forgotten of personal data concerning him or her without undue delay.
  • An individual has the right to obtain from the controller restriction of processing in a situation where accuracy of the personal data is contested by the data subject, the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
  • The notification of personal data breaches with serious impact on the individual privacy will be reported to supervisory authorities and the communication of such personal data breaches to data subjects.

5.Security of personal data

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we have implemented appropriate technical and organizational measures to provide a level of security appropriate to the risk.

  • The pseudonymization and encryption of sensitive or special category sensitive data.
  • The ability to provide the ongoing confidentiality, integrity, availability and resilience of processing systems and services.
  • The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
  • A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.
  • We have implemented technical controls to prevent unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold.
    • We have encrypted many of our services using the latest strong encryption technologies.
    • We provide secure authentication to access non-public information.
    • We restrict access to Personal Information to employees, contractors and agents who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

6.Compliance and cooperation with regulatory authorities

We regularly review our compliance with our Privacy Notice. We also adhere to regulatory frameworks, including the EU-US and Swiss-US Privacy Shield Frameworks and GDPR (General Data Protection Regulations).

When we receive formal written complaints, we will contact the person who made the complaint to follow up. We will work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve with our users directly.

GEP Contact

Attn: privacy [at] gep.com

100 Walnut Ave
Clark, NJ 07066
http://www.gep.com
Office (732) 382-6565

To raise a request or complaint by the data subject (Individual person), please mail or email the above contact. Please allow at least 10 business days for us to respond to your complaint.