Thank you for visiting www.gibsonsylvestre.com (our "Site"). This Site and/or any Gibson Sylvestre & Associates Application (“Application”) is powered by Gibson Sylvestre & Associates., doing business as The Gibson Sylvestre & Associates, and is made available by Gibson Sylvestre as a service to you. As used in this Privacy Statement, the terms “our,” “we,” or “us” refer to Gibson Sylvestre unless the context clearly provides otherwise.
 
We appreciate the opportunity to interact with you on the Internet, and are committed to protecting and safeguarding your privacy. The purpose of this Privacy Statement is to inform you about the types of information we might collect about you when you visit our Site and/or use our Applications, how we may use that information, whether we disclose it to anyone, and the choices you have regarding our use of, and your ability to correct, that information.

1. WHAT INFORMATION WE COLLECT AND HOW WE USE IT
1. Personally Identifiable Information.
   
   This refers to information that lets us know who you are or things specifically about you.
1. Visitors
   
   You can browse most portions of our Site without revealing any Personally Identifiable Information. If you want to register, place an order, and/or use our Applications, you will be required to provide Personally Identifiable Information (such as first and last name, address, email address, and telephone number) to be shared with us for the purpose of contacting you, including via email, to assist with registration and/or ordering. In such event, we might maintain a record of your contact, including such Personally Identifiable Information, in a file specific to you. We use this information to provide better service in the event that you contact us again.
2. Registration
   
   When you register to shop online as a Customer, or to download Gibson Sylvestre & Associates content via the Site and/or an Application, enjoying full access to the many products and services available, we will collect Personally Identifiable Information (such as first and last name, address, email address, and telephone number). Your email address is required to register on our Site, and you select your own password. Both are required to log into the Site.
3. Ordering
   
   When you place an order for products or services, we collect Personally Identifiable Information (such as first and last name, address, email address, and telephone number, billing information, credit card, and other transaction information). We use this information to deliver your order, process payment, and to communicate with you about the status of your order.
4. Credit Card Storage
   
   Credit card information collected at registration or for orders is transmitted over a secure SSL connection and is used only to process payment for the transaction (it is not stored or retained on our Site).
5. Surveys and Promotions
   
   From time to time, you may voluntarily provide Personally Identifiable Information to complete surveys and questionnaires or to participate in user polls. We use this information to improve our products and services. We may also use your Personally Identifiable Information to provide you newsletters and other marketing information that coincide with your preferences. You may customize your marketing preferences, or let us know if you do not wish to receive any promotional materials, by using the opt out feature on the bottom of any email you receive from us.
6. Your E-Mail Address
   
   We may use your e-mail address to send the following types of e-mail messages to you:
1. Updates and Valuable Offers. We may send you e-mail account updates and offers for our products and services.
2. Regularly Scheduled E-mail Newsletters. We may send you e-mails related to our products or services in which you are enrolled or newsletters that you have elected to receive.
3. Account Service Information. We may send you e-mail service notifications that are related to your account(s) or products and services in which you are enrolled. These include e-mails that provide account information, answer your questions about a product or service, facilitate or confirm a sale, or fulfill a legal or regulatory disclosure requirement.
4. Optional Messages. You may also choose to receive other types of e-mail messages from us, including additional alerts and notifications beyond those noted above.
2. Aggregate Information
   
   This refers to information that does not, by itself, identify you as a specific individual. Such information would include without limitation the Uniform Resource Locator ("URL") of the website that referred you to us, your Internet Protocol ("IP") address (a number automatically assigned to your computer whenever you surf the web), your operating system and browser type, and any search terms that you enter. Our web server aggregates this information in order to monitor the level of activity, evaluate its effectiveness, and improve our content in order to make your visit an easy and enjoyable experience.
   
   We may collect, compile, store, publish, promote, report, or otherwise disclose or use any Aggregate Information, provided that such information does not personally identify you. We do not correlate any Personally Identifiable Information with the Aggregate Information that we collect. If we do correlate any Aggregate Information to you, it will be protected like any other Personally Identifiable Information under this Privacy Statement.
3. Use of Cookies
   
   A "cookie" is a small data file transferred to your computer's hard drive that allows a website to respond to you as an individual, gathering and remembering information about your preferences in order to tailor its operation to your needs, likes, and dislikes and save you from re-entering information you have already provided. Cookies also enable an Internet retailer like Gibson Sylvestre & Associates to keep track of a consumer's electronic "shopping cart" before completing a purchase. Overall, cookies are safe, as they only identify your computer to customize your web experience. Accepting a cookie does not provide us access to your computer or any Personally Identifiable Information about you, other than the information you choose to share. Other servers cannot read them, nor can they be used to deliver a virus.
   
   Most browsers automatically accept cookies, but you can usually adjust yours (Microsoft Internet Explorer, Firefox, Chrome, etc.) to notify you of cookie placement requests, refuse certain cookies, or decline cookies completely. If you turn off cookies completely, there may be some website features that will not be available to you, and some web pages may not display properly.
   
   To support personalized features (such as electronic shopping cart and other ordering and browsing functions), we must send a cookie to your computer's hard drive and/or use cookie-based authentication to identify you as a registered user. We do not, however, use so-called "surveillance" cookies that track your activity elsewhere on the web.
4. Use of Active-X And JAVA Applets
   
   Active-X programs and JAVA applets are executable programs that can be transferred to your computer's hard drive to cause your computer to perform functions in connection with your visit to a website. Our Site does not transfer any Active-X programs or Java Applets to your computer's hard drive.
5. Use of Third-party Media and Research Companies
   
   Our Site may run limited third-party ads only for those Gibson Sylvestre & Associates Partners with whom we link.
6. Links to Other Websites
   
   Links to third-party websites may be provided solely for your information and convenience, or to provide additional shopping for various other goods and services through theGibson Sylvestre & Associates Partners. If you use these links, you may leave our Site. This Privacy Statement does not cover the information practices of those websites linked to our Site, nor do we control their content or privacy policies. We suggest that you carefully review the privacy policies of each site you visit.
   
   We maintain contractual agreements with all Gibson Sylvestre & Associates Partners, and expect that they observe the intent of and abide by the terms of this Privacy Statement. In return, Gibson Sylvestre & Associates Partners may share with us any purchases you make from their websites in order for us to better service your future purchasing needs.
7. Children's Privacy Protection
   
   We take special care to protect the privacy needs of children and encourage parents to be an active participant in their child's online activities. Our Site and/or our Applications do not target and are not intended for children under the age of 18, and we will not knowingly collect Personally Identifiable Information from them. If we discover personal data from a child, we will eliminate that data.
2. SHARING THE INFORMATION WE COLLECT
   
   Except as disclosed in this Privacy Statement, we do not sell trade, rent, or otherwise retransmit any Personally Identifiable Information we collect online unless we have your permission. Any Personally Identifiable Information you provide to us will be stored in our databases in the United States.
1. Blanchard Partners
   
   As permitted by law, we may share Personally Identifiable Information you provide with other Gibson Sylvestre & Associates-related entities and/or trusted business partners with whom we collaborate, as well as those that provide services to our Site (collectively “Blanchard Partners”). Where we engage Gibson Sylvestre & Associates Partners, we expect them to observe the intent of and abide by the terms of this Privacy Statement.
2. For Other Business and/or Legal Purposes
   
   From time to time, we may be required to provide Personally Identifiable Information in response to court order, subpoena, or government investigation. We also reserve the right to report to law enforcement agencies any activities that we in good faith believe to be unlawful. We may release Personally Identifiable Information when we believe that such release is reasonably necessary to enforce or apply our Terms of Use (located on the Site) or to protect the rights, property, and safety of others and ourselves.
   
   Should Gibson Sylvestre & Associates or its related entities merge with or be acquired by another business entity, or its respective assets be acquired, you should expect that we would share some or all of your Personally Identifiable Information to companies assuming the role of serving you and other users.
3. To Other Countries
   
   Some of the uses and disclosures mentioned in this Privacy Statement may involve the transfer of your Personally Identifiable Information to various countries around the world. By submitting your Personally Identifiable Information via this Site, and/or our Applications, or in response to our e-mails, you consent to such transfers and to the processing of this information in various countries around the world.
3. YOUR CHOICES
   
   Your permission is generally secured first. We will generally not use or share the Personally Identifiable Information collected on our Site and/or our Applications in ways unrelated to the purpose for which you provided the information, including those described here, without providing you a choice whether to permit any such unrelated uses.
4. ACCESSING AND UPDATING YOUR INFORMATION
   
   We take reasonable measures to ensure that any Personally Identifiable Information we collect is accurate, current, complete, and reliable for its intended use. If you wish to update or otherwise correct Personally Identifiable Information that you have provided to us, you may contact us by using the "Contact Us" link on the Site and we will assist you.
5. SECURING YOUR INFORMATION
   
   We acknowledge your trust and are committed to take reasonable steps to protect Personally Identifiable Information you provide online from loss, misuse, and unauthorized access. We employ physical, electronic, and managerial processes to safeguard and secure your information.
   
   It is your responsibility to safeguard the user name and password you use to access our Site and/or our Applications, and to promptly advise Gibson Sylvestre & Associates if you ever suspect that your user name and password have been compromised. We strongly encourage you to change your password regularly to prevent unauthorized access. Because your user name and password are specific to you, you acknowledge sole responsibility for any and all use of our Site and/or our Applications conducted with your user name and password.
6. CHANGES TO THIS STATEMENT
   
   Any updates or changes to the terms of this Privacy Statement will be posted here on our Site and the date of the newest version posted below. Please check back frequently, especially before you submit any Personally Identifiable Information, to see if this Privacy Statement has changed. Any material changes to this Privacy Statement will be made conspicuous on this page. By using our Site and/or any of our Applications, you acknowledge acceptance of this Privacy Statement in effect at the time of use.
7. CONTACT US
   
   If you have any concerns about our use of your information or about this Privacy Statement please send an email to info@gibsonsylvestre.com . We will make every reasonable effort to address your concerns and remedy any problems you bring to our attention.
8. EU GENERAL DATA PROTECTION REGULATION AND PRIVACY SHIELD FRAMEWORK
   
   For EU and U.K. residents, the Company complies with Regulation (EU) 2016/679 (the General Data Protection Regulation, or "GDPR") which replaces the EU Data Protection Directive 95/46/EC framework as set forth by the European Union. GDPR compliance addresses the collection, use, and retention of personal data from European Union member countries, Switzerland, and the U.K. The company has certified that it adheres to the requirements of notice, choice, onward transfer, security, data integrity, access, and enforcement.
   
   The Company also adheres to the Privacy Shield Framework concerning the transfer of personal data from the European Union (“EU”) to the United States of America. Detailed Privacy Shield Framework information may be found at https://privacyshield.gov. Adherence to this Framework requires the Company to subscribe to the following Principles:
   
   PRINCIPLES
1. NOTICE
1. The U.S. Department of Commerce maintains an authoritative list of U.S. organizations that have self-certified to the Department and declared their commitment to adhere to the principles. The list may be accessed at https://www.privacyshield.gov/list
2. Company utilizes third party developers and their system platforms that allow end users from client organizations to participate in training provided by the Company. The data collected that may personally identify those individuals is email address, first name, and last name.
3. Company is committed to subject to the Principles all personal data received from the EU.
4. Company collects and processes, at the direction and instruction of clients, personal information directly from individuals in the E.U. in order to allow participation in training programs facilitated by electronic platforms that require the ability to identify individuals for the purposes of receiving learning materials, assessments, and other curricula directly connected to the business of the Company.
5. Company processes data under the guidance and direction of the clients. If an individual becomes aware that information the Company maintains about that individual is inaccurate, or if an individual would like to update or review his or her information, the individual must contact the Company and request amendments.
6. Company shall only process Personal Information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by clients. Company shall take reasonable steps to ensure that Personal Information is accurate, complete, current, and reliable for its intended use.
7. In compliance with the Privacy Shield Principles, The Gibson Sylvestre & Associates Companies commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact The Gibson Sylvestre & Associates Companies at:
    

info@gibsonsylvestre.com

The Gibson Sylvestre & Associates Companies has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of the employment relationship.

1. Company is subject to the investigatory and enforcement powers of the FTC or any other U.S. authorized statutory body with jurisdiction to investigate claims against our organization regarding possible unfair or deceptive practices and violations of laws or regulations covering privacy.
2. An individual may invoke binding arbitration. An individual’s decision to invoke this binding arbitration option is entirely voluntary. Arbitral decisions will be binding on all parties to the arbitration. Once invoked, the individual forgoes the option to seek relief for the same claimed violation in another forum, except that if non-monetary equitable relief does not fully remedy the claimed violation, the individual’s invocation of arbitration will not preclude a claim for damages that is otherwise available in the courts.
3. The Company may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
4. Permitted transfers of information to third parties include the transfer of data from one jurisdiction to another, including transfers to and from the United States of America. Company may transfer data to a third party acting as a controller, which provides that such data may only be processed for limited and specified purposes consistent with the consent provided by the individual or the organization pursuant to the principle of Choice and that the recipient will provide the same level of protection as the Principles and will notify the organization if it makes a determination that it can no longer meet this obligation. The contract shall provide that when such a determination is made the third party controller ceases processing or takes other reasonable and appropriate steps to remediate.
5. This notice must be provided in clear and conspicuous language when individuals are first asked to provide personal information to the organization or as soon thereafter as is practicable, but in any event before the organization uses such information for a purpose other than that for which it was originally collected or processed by the transferring organization or discloses it for the first time to a third party.
1. CHOICE
1. An organization must offer individuals the opportunity to choose (opt out) whether their personal information is (i) to be disclosed to a third party or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individuals. Individuals must be provided with clear, conspicuous, and readily available mechanisms to exercise choice.
2. By derogation to the previous paragraph, it is not necessary to provide choice when disclosure is made to a third party that is acting as an agent to perform task(s) on behalf of and under the instructions of the organization. However, an organization shall always enter into a contract with the agent.
2. ACCOUNTABILITY FOR ONWARD TRANSFER
1. To transfer personal information to a third party acting as a controller, organizations must comply with the Notice and Choice Principles. Organizations must also enter into a contract with the third-party controller that provides that such data may only be processed for limited and specified purposes consistent with the consent provided by the individual and that the recipient will provide the same level of protection as the Principles and will notify the organization if it makes a determination that it can no longer meet this obligation. The contract shall provide that when such a determination is made the third party controller ceases processing or takes other reasonable and appropriate steps to remediate.
3. SECURITY
1. Company shall take reasonable steps to protect the Information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the personal data. Company has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the Information from loss, misuse, unauthorized access or disclosure, alteration or destruction. Company cannot guarantee the security of Information on or transmitted via the Internet.
4. DATA INTEGRITY AND PURPOSE LIMITATION
1. Company shall only process Personal Information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by clients. To the extent necessary for those purposes, Company shall take reasonable steps to ensure that Personal Information is accurate, complete, current, and reliable for its intended use.
2. Company retains information in a form identifying or making identifiable the individual only for as long as it serves a purpose of processing within the meaning of the preceding paragraph at the express direction of the client. This obligation does not prevent the Company from processing personal information for longer periods for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research, and statistical analysis. In these cases, such processing shall be subject to the other Principles and provisions of the Framework. Company takes reasonable and appropriate measures in complying with this provision.
5. ACCESS
1. Individuals on demand may access personal information about them that the Company holds and be able to correct, amend, or delete that information where it is inaccurate, or has been processed in violation of the Principles, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated. For remediation, contact information is provided in paragraph 1 above.
6. RECOURSE, ENFORCEMENT AND LIABILITY
1. Effective privacy protection must include robust mechanisms for assuring compliance with the Principles, recourse for individuals who are affected by non-compliance with the Principles, and consequences for the organization when the Principles are not followed. At a minimum such mechanisms must include:
1. readily available independent recourse mechanisms by which each individual’s complaints and disputes are investigated and expeditiously resolved at no cost to the individual and by reference to the Principles, and damages awarded where the applicable law or private-sector initiatives so provide;
2. follow-up procedures for verifying that the attestations and assertions organizations make about their privacy practices are true and that privacy practices have been implemented as presented and, in particular, with regard to cases of non-compliance; and
3. obligations to remedy problems arising out of failure to comply with the Principles by organizations announcing their adherence to them and consequences for such organizations. Sanctions must be sufficiently rigorous to ensure compliance by organizations.
2. Organizations and their selected independent recourse mechanisms will respond promptly to inquiries and requests by the Department for information relating to the Privacy Shield. All organizations must respond expeditiously to complaints regarding compliance with the Principles referred by EU Member State authorities through the Department. Organizations that have chosen to cooperate with DPAs, including organizations that process human resources data, must respond directly to such authorities with regard to the investigation and resolution of complaints.
3. Organizations are obligated to arbitrate claims and follow the terms as set forth in Annex I, provided that an individual has invoked binding arbitration by delivering notice to the organization at issue and following the procedures and subject to conditions set forth in Annex I.
4. In the context of an onward transfer, a Privacy Shield organization has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. The Privacy Shield organization shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.
5. When an organization becomes subject to an FTC or court order based on non-compliance, the organization shall make public any relevant Privacy Shield-related sections of any compliance or assessment report submitted to the FTC, to the extent consistent with confidentiality requirements. The Department has established a dedicated point of contact for DPAs for any problems of compliance by Privacy Shield organizations. The FTC will give priority consideration to referrals of non-compliance with the Principles from the Department and EU Member State authorities, and will exchange information regarding referrals with the referring state authorities on a timely basis, subject to existing confidentiality restrictions.

 


Effective January 7th, 2019.