Privacy Policy

When you use our employee recognition programs and services, it is important to us that your privacy remains a priority.

Our Commitment to Privacy

Your privacy is important to us. To protect your privacy Terryberry provides this notice explaining Terryberry’s online information practices and the choices you can make about the way your information is collected and used. To make this notice easy to find, we make it available on our homepage and at every point where personally identifiable information may be requested

 

Terryberry Privacy Policy

Last modified: November 11, 2024

Terryberry Company, LLC (“Terryberry” or “We”) respects your privacy and is committed to protecting it through our compliance with this policy.

This policy describes the types of information we may collect from you or that you may provide when you visit our website, terryberry.com (the “Website”), our 360 Recognition, Awardchoice, Give a WOW platforms, 360 Recognition’s mobile application, Williams Recognition, Walker Tracker and Walker Tracker’s mobile application, Terryberry.net, or other integrations (together with the Website, our “Services”) and our practices for collecting, using, maintaining, protecting, and disclosing that information. By accessing or using the Services, you agree to this privacy policy. This policy may change from time to time. Your continued use of these Services after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

This policy applies to information we collect:

• In the course of providing the Services.
• In email, text, and other electronic messages between you and the Services.
• When you register for events, subscribe to a newsletter or provide feedback in an online survey.
• When you receive our communications or participate in our online or offline activities or events.
• When you receive or enter information into our Services.

This Policy applies only to information collected by Terryberry and does not apply to any other information or websites not owned or operated by Terryberry.

Information We Collect About You and How We Collect It

We collect several types of information from and about users of our Services, including information:

• By which you may be personally identified, such as:
  • Employee name, including preferred name;
  • Job title;
  • Email address
  • Date of birth/birthday
  • Start date
  • Award qualification date
  • Cost center name
  • Department
  • Home address
  • Business address
  • Address for delivery of Rewards
  • Telephone number
  • Line manager name
  • Line manager address
  • Employee number/ID
  • Length of service
  • Reward Points
  • Award value
  • Profile picture
  • Payment data, including billing address, and
  • Such other information as may be collected by our customers from their employees and provided to us from time to time, which may include Sensitive Information such as health data

We will refer to all of the above information as “Personal Information” in this policy.

• About your internet connection, the equipment you use to access our Services, and usage details.

We collect this information:

• Directly from you when you provide it to us.
• Automatically as you navigate through the site. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies.
• From third parties, for example, our business partners.

The information we collect through our Services may include:

• Information that you provide by filling in forms on our Services. This includes information provided when requesting services. We may also ask you for information when you enter a contest or promotion sponsored by us, and when you report a problem with our Services.
• Information about you when you request information, respond to surveys or otherwise correspond with us.
• Details of transactions you carry out through our Services and of the fulfillment of your orders. You may be required to provide financial information before placing an order through our Services.
• Your search queries on the Services.
• We may collect other information from you that is not specifically listed here. We may use such information in accordance with this policy.

How We Use Your Information

We use information that we collect about you or that you provide to us, including any Personal Information:

• To present our Services and their contents to you.
• To provide you with information, products, or services that you request from us.
• To fulfill any other purpose for which you provide it.
• To provide you with notices about your account.
• To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including billing and collection.
• To notify you about changes to our Services.
• To allow you to participate in interactive features on our Services.
• In any other way we may describe when you provide the information.
• For any other purpose with your consent.
• Investigate or prevent violation of the law or your agreements with us; protect our, your or others’ rights, privacy, safety or property (including by prosecuting and defending legal claims) and protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity;
• Comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities; and where permitted by law in connection with a legal investigation.

Disclosure of Your Information

We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

We may disclose Personal Information that we collect, or you provide as described in this privacy policy:

• To contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep Personal Information confidential and use it only for the purposes for which we disclose it to them.
• To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Terryberry’s assets.
• To fulfill the purpose for which you provide it.
• For any other purpose disclosed by us when you provide the information.
• With your consent.
• To government or law enforcement officials or private parties for compliance, fraud prevention and safety and to comply with any lawful court order, law, or legal process, including to respond to any government or regulatory request, which may include compliance with lawful requests to meet national security or law enforcement requirements.

Information We Collect Through Automatic Data Collection Technologies

As you navigate through and interact with our Services, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

• Details of your visits to our Services, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Services.
• Information about your computer and internet connection, including your IP address, operating system, and browser type.

We use Google Analytics to help us gather statistical information about the visitors to our Services and how they use the Services on an anonymous, aggregate basis. However, we will not associate this data with your personally identifiable data unless required to do so to cooperate with law enforcement activity or other governmental request or to comply with law.

We may use this information to gain a better understanding of the users of our Services, to improve our Services. Depending on the type of browser and device that you use, you may have the ability to control the type of information that Google Analytics use. To understand how Google Analytics collects and processes data, please visit www.google.com/policies/privacy/partners/.

It helps us to improve our Services and to deliver a better and more personalized service, including by enabling us to:

• Estimate our audience size and usage patterns.
• Store information about your preferences, allowing us to customize our Services according to your individual interests.
• Speed up your searches.
• Recognize you when you return to our Services.

Technologies we use for automatic data collection may include:

• Cookies (or browser cookies).A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website.
• Web Beacons.Areas of our Services may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit Terryberry, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

Third-Party Cookies and Service Providers

In addition to our own cookies, we collaborate with various third-party service providers who also use cookies to help us optimize our Website and understand more about the visitors to our Website. For example, we use Google Analytics to provide us with demographic information about our visitors and to help us analyze how people use our Services. Our third-party service providers include:

• Google Analytics (used for analytics of website visitors)
• Google Ads (used for website ads)
• Amazon Web Services (used to host Terryberry’s infrastructure);
• Salesforce (used for its support chat tool, for email marketing, and to support other sales efforts)
• Cardconnect (used as our credit card processor)
• OneSignal (used for push notification software)
• OptIn Monster (used for website pop-up plugins to capture third-party analytics)
• Edenred (provides our reward catalogs)
• Twilio (used to send email and text messages)
• Tango (provides gift cards)
• WellRight (one of our wellness solution partners)
• ZenDesk (used as a customer support tool)
• Pendo (used as a product analytics tool)
• Apple Health (used in conjunction with the WalkerTracker app)
• Wellsource (used for human resources surveys)
• GRS (a platform used for reward redemption)
• Axomo (a platform used for reward redemption)
• YouTube (used for social media)
• Microsoft
• Facebook (used for social media)
• LinkedIn (used for social media)
• Pardot (used for email marketing)
• Xplenty (used for data integrations)
• Lead Retrieval (used to collect information from badges at trade shows)
• Vimeo (used for social media)
• Zoom (used for communications)
• G2 (used to facilitate user reviews) and
• Capterra (used to facilitate user reviews).

To learn more about how these providers use cookies as well as Personal Information generally, please click the links above or visit their respective websites to view their privacy policies.

How Can You Disable Cookies and Other Tracking Technology?

Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org and www.youronlinechoices.com.

Choices About How We Use and Disclose Your Information

We strive to provide you with choices regarding the Personal Information you provide to us. We have created mechanisms to provide you with the following control over your information:

• Tracking Technologies and Advertising.You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe's website. If you disable or refuse cookies, please note that some parts of this site may then be inaccessible or not function properly.
• Promotional Offers from Terryberry.If you do not wish to have your email address/contact information used by Terryberry to promote our own products or services, you can opt-out by or sending us an email stating your request to privacy@terryberry.com. If we have sent you a promotional email, you may send us a return email asking to be omitted from future email distributions. This opt out does not apply to information provided to the Company as a result of a product purchase, warranty registration, product service experience or other transactions.

Effect of Not Providing Personal Information.

You are not required to provide all Personal Information identified in this policy to use our Services or to interact with us offline, but certain functionality will not be available if you do not provide Personal Information. For example, if you do not provide Personal Information, we may not be able to respond to your request, perform a transaction with you, consider you for employment, or provide you with marketing that we believe you would find valuable.

State Privacy Laws

We do not meet the eligibility conditions outlined in the Virginia Consumer Data Protection Act, Colorado Privacy Act, Connecticut Data Privacy Act, or Utah Consumer Privacy Act and are therefore are not subject to the requirements of these laws. For specific information related to your ability to access and correct your Personal Information, see Accessing and Correcting Your Information below.

 

For information on data privacy rights for California consumers, see the Supplemental Privacy Notice for California below.

Accessing and Correcting Your Information

You can review and change your Personal Information by logging into the Services and visiting your account profile page.

You may also send us an email at privacy@terryberry.com to request access to, correct or delete any Personal Information that you have provided to us. We cannot delete your Personal Information except by also deleting your user account. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

Data Security

We have implemented measures designed to secure your Personal Information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on our secure servers behind firewalls.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted to our Services. Any transmission of Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Services.

Children

The Services are not intended for use by anyone under the age of 18, nor do we knowingly collect or solicit Personal Information from anyone under the age of 18. If you are under 18, do not attempt to use the Services or send any information about yourself to us. If you believe we might have any information from or about a child under 18, please contact us at privacy@terryberry.com.

Changes to Our Privacy Policy

It is our policy to post any changes we make to our privacy policy on this page. If we make material changes to how we treat our users' Personal Information, we will notify you through a notice on the Website home page. The date the privacy policy was last revised is identified at the top of the page. You are responsible for periodically visiting this privacy policy to check for any changes.

Contact Information

To ask questions or comment about this privacy policy and our privacy practices:

• Email us at privacy@terryberry.com
• Mail us at:

Terryberry Company

Customer Marketing

2033 Oak Industrial Dr. NE

Grand Rapids, MI 49505

Attn: Privacy Officer

 

Supplemental Privacy Notice for California

Effective Date: January 1, 2020

Last Reviewed on August 30, 2024

This Supplemental Privacy Notice for California Residents supplements the information contained in Terryberry’s Privacy Policy and applies solely to all visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018, as amended by the California Rights Act of 2020 (“CCPA”) and any terms defined in the CCPA have the same meaning when used in this notice.

Information We Collect

We collect Personal Information as defined above, which is information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device.

We have collected the following categories of Personal Information covered by the CCPA from consumers within the past 12 months, and have used it for the following business purposes:

Category of Personal Information Collection	Business Purpose of Collection
Identifiers, including real name, alias, mailing address, email address, account name, telephone numbers, and unique personal identifiers such as online identifiers and IP address, or other similar identifiers.	To provide services and marketing.
Characteristics of protected classifications under California or federal law, including age or date of birth, race, color, national origin, physical disabilities, mental disabilities, medical condition, gender, gender identity, gender expression, sexual orientation, military or veteran status, and criminal conviction history	If you choose to disclose this information, we collect it as part of our employment application process. We also collect gender information to assist in relationship management and ensuring we properly address individuals in our communications (e.g., whether to call someone Ms., Mrs., Mr., etc.)
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	As relevant and necessary to provide our services.
Internet or other electronic network activity information, including browsing history, search history, and information regarding an individual’s interaction with an internet site, application, or advertisement	To provide you more relevant content, track original Website visits, and optimize your Website experience as well as to ensure our systems are properly functioning.
Geolocation data	To assist in marketing and identify Website traffic patterns.
Occupation, professional, or employment-related information	To market and provide our services to you and to communicate with you.  In addition, if you choose to disclose this information, we collect it as part of our employment application process.
Profile reflecting a person's preferences, characteristics, predispositions, behavior, attitudes, abilities, mental health, and aptitudes.	As relevant and necessary to provide our Services.

We obtain the categories of Personal Information listed above from the following categories of sources:

• Directly from you. For example, from forms you complete or products and services you purchase.
• Indirectly from you. For example, from observing your actions on our Services.

Use of Personal Information

We may use or disclose the Personal Information we collect for one or more of the following purposes:

• To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about our products or services, we will use that Personal Information to respond to your inquiry. If you provide your Personal Information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns.
• To provide, support, personalize, and develop our Services, products, and services.
• To create, maintain, customize, and secure your account with us.
• To process your requests, purchases, transactions, and payments and prevent transactional fraud.
• To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
• To personalize your Services experience and to deliver content and product and service offerings relevant to your interests, including targeted offers through our Services and via email or text message (with your consent, where required by law).
• To help maintain the safety, security, and integrity of our Services, products and services, databases and other technology assets, and business.
• For testing, research, analysis, and product development, including to develop and improve our Services, products, and services.
• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
• As described to you when collecting your Personal Information or as otherwise set forth in the CCPA.
• To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us about our consumers is among the assets transferred.

We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Sharing Personal Information

We may disclose your Personal Information to a third party for a business purpose. When we disclose Personal Information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract.

We share your Personal Information with the following categories of third parties:

• Service providers.
• Product vendors.

Sales of Personal Information

Terryberry does not sell Personal Information.

Your Rights

The CCPA provides California consumers (which includes employees based in California and California residents engaged in business-to-business activities) with specific rights regarding their Personal Information.

Right to Opt Out of Sales or Sharing. You have the right to opt out of the sales or sharing of your Personal Information (Terryberry does not sell Personal Information and only shares Personal Information as described in our section above titled “Sharing Personal Information”).

Right to Know and Data Portability. You may request no more than twice in a 12-month period that we provide you with copies of specific Personal Information we have collected, sold, or disclosed about you. However, under California law, we cannot provide you with certain sensitive information, despite your request (for example, we will not send you copies of your social security number even if it is something we collected). Once we receive your request and confirm your identity (see Exercising Your Rights), we will disclose to you:

• The categories of Personal Information we collected about you.
• The categories of sources for the Personal Information we collected about you.
• Our business or commercial purpose for collecting or selling that Personal Information.
• The categories of third parties with whom we share that Personal Information.
• If we sold or disclosed your Personal Information for a business purpose, two separate lists disclosing:
  • sales, identifying the Personal Information categories that each category of recipient purchased; and
  • disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained.
• The specific pieces of Personal Information we collected about you (also called a data portability request).

Right to Delete. You may request that we delete certain Personal Information we have collected about you, with certain exceptions. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

• Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
• Debug products to identify and repair errors that impair existing intended functionality.
• Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
• Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
• Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
• Comply with a legal obligation.
• Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

 

We will delete or deidentify Personal Information not subject to one of these exceptions from our records and will direct our service providers to take similar action.

Right to Correct. You have the right to correct Personal Information that we hold about you.

Right to Limit the Use and Disclosure of any Sensitive Personal Information. You have the right to limit the use and disclosure of any sensitive Personal Information that we may maintain about you, which would only be Personal Information that you provide in the use of our Services and is minimally collected and used.

Exercising Your Rights. To exercise your rights above, please submit a request by contacting us at :

• privacy@terryberry.com
• Terryberry Company

Customer Marketing

2033 Oak Industrial Dr. NE

Grand Rapids, MI 49505

Attn: Privacy Officer

Please describe your request with sufficient detail so we can properly respond to your request. As part of your request, please specify which right you are exercising and be prepared to provide the following information: name, email address, and the type of request you wish to make. We may ask for additional information to verify your identity. The information you provide in your request and any follow up information we ask for from you will be used solely to verify your request.

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.

You do not need to create an account with us to submit a request to know, delete, or correct. However, we do consider requests made through your password protected account sufficiently verified when the request relates to Personal Information associated with that specific account.

After receiving your request, we may need to contact you for further information and will notify you if your request has been granted or declined, or if an exception applies to your request.

Only you or an individual designated as your authorized agent to act on your behalf may make a request related to your Personal Information.

Responding to Your Rights Request. We will endeavor to substantively respond to a verifiable consumer request within 45 days. If we need more time (up to another 45 days), we will contact you with the reason we need more time and the extension period. We will deliver our written response by mail or electronically, at your option. Our response will also explain the reasons we cannot comply with any request, if applicable.

We do not charge a fee to process or respond to your request unless your request is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate prior to completing your request.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

• Deny you goods or services.
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
• Provide you a different level or quality of goods or services.
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your Personal Information's value and contain written terms that describe the program's material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.

How to Contact Us

If you have any questions or comments about our Privacy Policy or practices:

• Email us at privacy@terryberry.com
• Mail us at:

 

Terryberry Company

Customer Marketing

2033 Oak Industrial Dr. NE

Grand Rapids, MI 49505

Attn: Privacy Officer

Supplemental Notice to European Users

The following applies to individuals in the United Kingdom, Switzerland, and the European Economic Area.

Legal bases for processing. In compliance with the General Data Protection Regulation (“GDPR”) and other applicable data privacy laws, we are required to inform you of the legal bases of our processing of your Personal Information, which are described in the table below. If you have questions about the legal basis of our processing of your Personal Information, contact us using one of the methods detailed at the end of this Policy.

Processing Purpose	Legal Basis
To provide the Services and communicate with you.	You are subject to a contract with us and we need to use your Personal Information to provide services you have requested or take steps that you request prior to providing services.
To send you marketing communications.           For compliance, fraud prevention, and safety.	These processing activities constitute our legitimate interests. We consider and balance the potential impact on your rights before we process your Personal Information for our legitimate interests. We do not use your Personal Information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).   Processing is necessary to comply with our legal obligations and in order to protect the vital interests of the data subject or of another natural person.
For compliance with law.	Processing is necessary to comply with our legal obligations.
With your consent.	If we expressly ask for your consent prior to processing your information, our processing is based on your consent. Where we rely on your consent you have the right to withdraw it anytime in the manner indicated on the Services.
To share your Personal Information as described in this Policy.	This sharing constitutes our legitimate interests, and in some cases may be necessary to comply with our legal obligations.

 

Retention. We will only retain your Personal Information for as long as necessary to fulfill the purposes for which we we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for Personal Information, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal requirements.

 

Your Rights. Certain data privacy laws give individuals located in the UK, EEA, and Switzerland certain rights regarding your Personal Information. You may ask us to take the following actions in relation to your Personal Information that we hold:

• Access. Provide you with information about our processing of your Personal Information and give you access to your Personal Information.
• Correct. Update or correct inaccuracies in your Personal Information.
• Delete. Delete your Personal Information.
• Transfer. Transfer a machine-readable copy of your Personal Information to you or a third party of your choice
• Restrict. Restrict the processing of your Personal Information.
• Object. Object to our reliance on our legitimate interests as the basis of our processing of your Personal Information that impacts your rights.

You may submit these requests by contacting us as detailed at the end of this Policy. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your Personal Information or response to your requests regarding your Personal Information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction.

Cross-Border Data Transfers. Any information you provide to us through the use of the Services may be stored, processed, transferred among, and accessed from the United States and other countries which may not guarantee the same level of protection of Personal Information as the one in which you reside. However, we will handle your Personal Information in accordance with this Policy regardless of where your Personal Information is kept. Regarding transfers from the European Economic Area (“EEA”) or United Kingdom (“UK”) to the United States, we rely on the derogations for transfers which are necessary to perform the transaction with you, including, as applicable, the Standard Contractual Clauses. Where required by law, you may request a copy of the suitable mechanisms we have in place by contacting us as detailed below. If you reside in other non-US jurisdictions outside the EEA or UK, your use of the Services or provision of any Personal Information constitutes your consent for the transfer of such data to the United States for the purposes identified above. If you have questions about cross-border transfers, please contact us as detailed below.

Compliance with EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF (Data Privacy Framework)

Terryberry complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.

Terryberry has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.

Terryberry has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/

The Federal Trade Commission has jurisdiction over Terryberry’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).

Alternative Dispute Resolution in Compliance with EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF (Data Privacy Framework)

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Terryberry commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States.  If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/dpf-dispute-resolution for more information or to file a complaint.  The services of JAMS are provided at no cost to you.

Cooperation with Panel in Compliance with EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF (Data Privacy Framework)

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Terryberry commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.

Invocation of Binding Arbitration

This Section provides the terms under which Terryberry is obligated to arbitrate claims, pursuant to the Recourse, Enforcement and Liability Principle. The binding arbitration option described below applies to certain “residual” claims as to data covered by the relevant Data Privacy Framework (DPF). The purpose of this option is to provide a prompt, independent, and fair mechanism, at the option of individuals, for resolution of claimed violations of the Data Privacy Framework Principles (“Principles”) not resolved by any of the other Data Privacy Framework mechanisms, if any.

1. Scope

This arbitration option is available to an individual to determine, for residual claims, whether Terryberry has violated its obligations under the Principles as to that individual, and whether any such violation remains fully or partially unremedied. This option is available only for these purposes. This option is not available, for example, with respect to the exceptions to the Principles or with respect to an allegation about the adequacy of the DPF.

1. Available Remedies

Under this arbitration option, the “Data Privacy Framework Panel” (the arbitration panel consisting of one or three arbitrators, as agreed by the parties) has the authority to impose individual-specific, non-monetary equitable relief (such as access, correction, deletion, or return of the individual’s data in question) necessary to remedy the violation of the Principles only with respect to the individual. These are the only powers of the Data Privacy Framework Panel with respect to remedies. In considering remedies, the Data Privacy Framework Panel is required to consider other remedies that already have been imposed by other mechanisms under the DPF. No damages, costs, fees, or other remedies are available. Each party bears its own attorney’s fees.

1. Pre-Arbitration Requirements

An individual who decides to invoke this arbitration option must take the following steps prior to initiating an arbitration claim: (1) raise the claimed violation directly with Terryberry and afford Terryberry an opportunity to resolve the issue within the timeframe set forth in section (d)(i) of the Supplemental Principle on Dispute Resolution and Enforcement; (2) make use of the independent recourse mechanism under the Principles, at no cost to the individual; and (3) raise the issue through the individual’s DPA to the Department and afford the Department an opportunity to use best efforts to resolve the issue within the timeframes set forth in the Letter from the Department’s International Trade Administration, at no cost to the individual.

This arbitration option may not be invoked if the individual’s same claimed violation of the Principles (1) has previously been subject to binding arbitration; (2) was the subject of a final judgment entered in a court action to which the individual was a party; or (3) was previously settled by the parties. In addition, this option may not be invoked if a DPA (1) has authority under the Supplemental Principle on the Role of the Data Protection Authorities or the Supplemental Principle on Human Resources Data; or (2) has the authority to resolve the claimed violation directly with the organization. A DPA’s authority to resolve the same claim against an EU, UK or Swiss data controller does not alone preclude invocation of this arbitration option against a different legal entity not bound by the DPA authority.

1. Binding Nature of Decisions

An individual’s decision to invoke this binding arbitration option is entirely voluntary. Arbitral decisions will be binding on all parties to the arbitration. Once invoked, the individual forgoes the option to seek relief for the same claimed violation in another forum, except that if non-monetary equitable relief does not fully remedy the claimed violation, the individual’s invocation of arbitration will not preclude a claim for damages that is otherwise available in the courts.

1. Review and Enforcement

Individuals and Terryberry will be able to seek judicial review and enforcement of the arbitral decisions pursuant to U.S. law under the Federal Arbitration Act.[see Note 1] Any such cases must be brought in the federal district court whose territorial coverage includes the primary place of business of Terryberry. This arbitration option is intended to resolve individual disputes, and arbitral decisions are not intended to function as persuasive or binding precedent in matters involving other parties, including in future arbitrations or in EU, UK, Swiss or U.S. courts, or FTC proceedings.

[Note 1] Chapter 2 of the Federal Arbitration Act (“FAA”) provides that “[a]n arbitration agreement or arbitral award arising out of a legal relationship, whether contractual or not, which is considered as commercial, including a transaction, contract, or agreement described in [section 2 of the FAA], falls under the Convention [on the Recognition and Enforcement of Foreign Arbitral Awards of June 10, 1958, 21 U.S.T. 2519, T.I.A.S. No. 6997 (“New York Convention”)].” 9 U.S.C. § 202. The FAA further provides that “[a]n agreement or award arising out of such a relationship which is entirely between citizens of the United States shall be deemed not to fall under the [New York] Convention unless that relationship involves property located abroad, envisages performance or enforcement abroad, or has some other reasonable relation with one or more foreign states.” Id. Under Chapter 2, “any party to the arbitration may apply to any court having jurisdiction under this chapter for an order confirming the award as against any other party to the arbitration. The court shall confirm the award unless it finds one of the grounds for refusal or deferral of recognition or enforcement of the award specified in the said [New York] Convention.” Id. § 207. Chapter 2 further provides that “[t]he district courts of the United States . . . shall have original jurisdiction over . . . an action or proceeding [under the New York Convention], regardless of the amount in controversy.” Id. § 203.

Chapter 2 also provides that “Chapter 1 applies to actions and proceedings brought under this chapter to the extent that chapter is not in conflict with this chapter or the [New York] Convention as ratified by the United States.” Id. § 208. Chapter 1, in turn, provides that “[a] written provision in a contract evidencing a transaction involving commerce to settle by arbitration a controversy thereafter arising out of such contract or transaction, or the refusal to perform the whole or any part thereof, or an agreement in writing to submit to arbitration an existing controversy arising out of such a contract, transaction, or refusal, shall be valid, irrevocable, and enforceable, save upon such grounds as exist at law or in equity for the revocation of any contract.” Id. § 2. Chapter 1 further provides that “any party to the arbitration may apply to the court so specified for an order confirming the award, and thereupon the court must grant such an order unless the award is vacated, modified, or corrected as prescribed in sections 10 and 11 of [the FAA].” Id. § 9.

1. The Arbitration Panel

The parties will select arbitrators for the Data Privacy Framework Panel from the list of arbitrators discussed below.

Consistent with applicable law, the Department and the Commission will develop a list of at least 10 arbitrators, chosen on the basis of independence, integrity, and expertise. The following shall apply in connection with this process:

Arbitrators:

1. will remain on the list for a period of 3 years, absent exceptional circumstances or removal for cause, renewable by the Department, with prior notification to the Commission, for additional 3-year terms;
2. shall not be subject to any instructions from, or be affiliated with, either party, or any participating organization, or the U.S., EU, any EU Member State, UK, Swiss or any other governmental authority, public authority, or enforcement authority; and
3. must be admitted to practice law in the United States and be experts in U.S. privacy law, with expertise in EU data protection law.
4. Arbitration Procedures

The Department and the Commission have agreed, consistent with applicable law, to the adoption of arbitration rules that govern proceedings before the Data Privacy Framework Panel.[see note 2] In the event the rules governing the proceedings need to be changed, the Department and the Commission will agree to amend those rules or adopt a different set of existing, well-established U.S. arbitral procedures, as appropriate, subject to each of the following considerations:

1. An individual may initiate binding arbitration, subject to the pre-arbitration requirements provision above, by delivering a “Notice” to the organization. The Notice shall contain a summary of steps taken under Paragraph C to resolve the claim, a description of the alleged violation, and, at the choice of the individual, any supporting documents and materials and/or a discussion of law relating to the alleged claim.
2. Procedures will be developed to ensure that an individual’s same claimed violation does not receive duplicative remedies or procedures.
3. FTC action may proceed in parallel with arbitration.
4. No representative of the U.S., EU, any EU Member State, UK, Swiss or any other governmental authority, public authority, or enforcement authority may participate in these arbitrations, provided, that at the request of an individual, DPAs may provide assistance in the preparation only of the Notice but DPAs may not have access to discovery or any other materials related to these arbitrations.
5. The location of the arbitration will be the United States, and the individual may choose video or telephone participation, which will be provided at no cost to the individual. In-person participation will not be required.
6. The language of the arbitration will be English unless otherwise agreed by the parties. Upon a reasoned request, and taking into account whether the individual is represented by an attorney, interpretation at the arbitral hearing, as well as translation of arbitral materials will be provided at no cost to the individual, unless the Data Privacy Framework Panel finds that, under the circumstances of the specific arbitration, this would lead to unjustified or disproportionate costs.
7. Materials submitted to arbitrators will be treated confidentially and will only be used in connection with the arbitration.
8. Individual-specific discovery may be permitted if necessary, and such discovery will be treated confidentially by the parties and will only be used in connection with the arbitration.
9. Arbitrations should be completed within 90 days of the delivery of the Notice to TERRYBERRY, unless otherwise agreed to by the parties.

[Note 2] The International Centre for Dispute Resolution (“ICDR”), the international division of the American Arbitration Association (“AAA”) (collectively “ICDR-AAA”), was selected by the Department to administer arbitrations pursuant to and manage the arbitral fund identified in Annex I of the Principles. On September 15, 2017, the Department and the Commission agreed to the adoption of a set of arbitration rules to govern binding arbitration proceedings described in Annex I of the Principles, as well as a code of conduct for arbitrators that is consistent with generally accepted ethical standards for commercial arbitrators and Annex I of the Principles. The Department and the Commission agreed to adapt the arbitration rules and code of conduct to reflect the updates under the EU-U.S. DPF, and the Department will work with the ICDR-AAA to make those updates.

1. Costs

Arbitrators should take reasonable steps to minimize the costs or fees of the arbitrations.

The Department will, consistent with applicable law, facilitate the maintenance of a fund, to which TERRYBERRY will be required to contribute, based in part on the size of the organization, which will cover the arbitral cost, including arbitrator fees, up to maximum amounts (“caps”). The fund will be managed by a third party, which will report regularly to the Department on the operations of the fund. The Department will work with the third party to periodically review the operation of the fund, including the need to adjust the amount of the contributions or of the caps on the arbitral cost, and consider, among other things, the number of arbitrations and the costs and timing of the arbitrations, with the understanding that there will be no excessive financial burden imposed on TERRYBERRY. The Department will notify the Commission of the outcome of such reviews with the third party and will provide the Commission with prior notification of any adjustments of the amount of the contributions. Attorney’s fees are not covered by this provision or any fund under this provision.

Disclosures for National Security or Law Enforcement.

Under certain circumstances, we may be required to disclose your Personal Information in response to valid requests by public authorities, including to meet national security or law enforcement requirements.

Liability for Onward Transfer to Third Parties

Terryberry will comply with the Notice and Choice Principles with respect to the transfer of Personal Information to a third party when Terryberry is acting as a controller. Terryberry will remain liable under the DPF principles if (i) Terryberry is acting as a controller with respect to the information and (ii) the third party processes information in a manner inconsistent with the DPF Principles, unless Terryberry is able to prove that Terryberry is not responsible for the event giving rise to the damage. Terryberry will also enter into contracts with its third-party controllers that provide (i) that such data may only be processed for limited and specified purposes consistent with the consent provided by the individual and that the recipient will provide the same level of protection as the Principles and (ii) that the third-party controller will notify the Terryberry if it makes a determination that it can no longer meet this obligation.  The contract shall provide that when such a determination is made the third-party controller ceases processing or takes other reasonable and appropriate steps to remediate.

When transferring personal data to a third party acting as an agent, Terryberry will: (i) transfer such data only for limited and specified purposes; (ii) ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Principles; (iii) take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with Terryberry’s obligations under the Principles; (iv) require the agent to notify Terryberry if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles; (v) upon notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) provide a summary or a representative copy of the relevant privacy provisions of its contract with that agent to the Department of Commerce upon request.

Contact Us

If you have any questions about this Policy or would like to request access to your Personal Information, please contact us as follows:

Email: privacy@terryberry.com

 

Postal Address:

Terryberry Company

Attn: Privacy Officer

2033 Oak Industrial Drive NE

Grand Rapids, MI 49505

Changes to This Policy

We reserve the right to amend this Policy from time to time.