Gibson Sylvestre COMPANIES
Thank you for visiting www.gibsonsylvestre.com (our "Site"). This Site and/or any Gibson
& Associates Application (“Application”) is powered by Gibson Sylvestre & Associates.,
doing business as The Gibson Sylvestre & Associates, and is made available by Gibson Sylvestre as a
service to you. As used in this Privacy Statement, the terms “our,” “we,” or
“us” refer to Gibson Sylvestre unless the context clearly provides otherwise.
We appreciate the opportunity to interact with you on the Internet, and are committed to protecting and
safeguarding your privacy. The purpose of this Privacy Statement is to inform you about the types of
information we might collect about you when you visit our Site and/or use our Applications, how we may use
that information, whether we disclose it to anyone, and the choices you have regarding our use of, and
ability to correct, that information.
- WHAT INFORMATION WE COLLECT AND HOW WE USE IT
- Personally Identifiable Information.
This refers to information that lets us know who you are or things specifically about you.
You can browse most portions of our Site without revealing any Personally Identifiable Information.
If you want to register, place an order, and/or use our Applications, you will be required to
provide Personally Identifiable Information (such as first and last name, address, email address,
and telephone number) to be shared with us for the purpose of contacting you, including via email,
to assist with registration and/or ordering. In such event, we might maintain a record of your
contact, including such Personally Identifiable Information, in a file specific to you. We use this
information to provide better service in the event that you contact us again.
When you register to shop online as a Customer, or to download Gibson Sylvestre & Associates
content via the Site and/or an Application, enjoying full access to the many products and services
available, we will collect Personally Identifiable Information (such as first and last name,
address, email address, and telephone number). Your email address is required to register on our
Site, and you select your own password. Both are required to log into the Site.
When you place an order for products or services, we collect Personally Identifiable Information
(such as first and last name, address, email address, and telephone number, billing information,
credit card, and other transaction information). We use this information to deliver your order,
process payment, and to communicate with you about the status of your order.
- Credit Card Storage
Credit card information collected at registration or for orders is transmitted over a secure SSL
connection and is used only to process payment for the transaction (it is not stored or retained on
- Surveys and Promotions
From time to time, you may voluntarily provide Personally Identifiable Information to complete
surveys and questionnaires or to participate in user polls. We use this information to improve our
products and services. We may also use your Personally Identifiable Information to provide you
newsletters and other marketing information that coincide with your preferences. You may customize
your marketing preferences, or let us know if you do not wish to receive any promotional materials,
by using the opt out feature on the bottom of any email you receive from us.
- Your E-Mail Address
We may use your e-mail address to send the following types of e-mail messages to you:
- Updates and Valuable Offers. We may send you e-mail account updates and
offers for our products and services.
- Regularly Scheduled E-mail Newsletters. We may send you e-mails related to
our products or services in which you are enrolled or newsletters that you have elected to
- Account Service Information. We may send you e-mail service notifications
that are related to your account(s) or products and services in which you are enrolled. These
include e-mails that provide account information, answer your questions about a product or
service, facilitate or confirm a sale, or fulfill a legal or regulatory disclosure requirement.
- Optional Messages. You may also choose to receive other types of e-mail
messages from us, including additional alerts and notifications beyond those noted above.
- Aggregate Information
This refers to information that does not, by itself, identify you as a specific individual. Such
information would include without limitation the Uniform Resource Locator ("URL") of the
website that referred you to us, your Internet Protocol ("IP") address (a number
automatically assigned to your computer whenever you surf the web), your operating system and browser
type, and any search terms that you enter. Our web server aggregates this information in order to
monitor the level of activity, evaluate its effectiveness, and improve our content in order to make
your visit an easy and enjoyable experience.
We may collect, compile, store, publish, promote, report, or otherwise disclose or use any Aggregate
Information, provided that such information does not personally identify you. We do not correlate any
Personally Identifiable Information with the Aggregate Information that we collect. If we do correlate
any Aggregate Information to you, it will be protected like any other Personally Identifiable
Information under this Privacy Statement.
A "cookie" is a small data file transferred to your computer's hard drive that allows a
website to respond to you as an individual, gathering and remembering information about your
preferences in order to tailor its operation to your needs, likes, and dislikes and save you from
re-entering information you have already provided. Cookies also enable an Internet retailer like
Gibson Sylvestre & Associates to keep track of a consumer's electronic "shopping cart"
before completing a purchase. Overall, cookies are safe, as they only identify your computer to
customize your web experience. Accepting a cookie does not provide us access to your computer or any
Personally Identifiable Information about you, other than the information you choose to share. Other
servers cannot read them, nor can they be used to deliver a virus.
Most browsers automatically accept cookies, but you can usually adjust yours (Microsoft Internet
Explorer, Firefox, Chrome, etc.) to notify you of cookie placement requests, refuse certain cookies,
or decline cookies completely. If you turn off cookies completely, there may be some website features
that will not be available to you, and some web pages may not display properly.
To support personalized features (such as electronic shopping cart and other ordering and browsing
functions), we must send a cookie to your computer's hard drive and/or use cookie-based authentication
to identify you as a registered user. We do not, however, use so-called "surveillance"
cookies that track your activity elsewhere on the web.
- Use of Active-X And JAVA Applets
Active-X programs and JAVA applets are executable programs that can be transferred to your computer's
hard drive to cause your computer to perform functions in connection with your visit to a website. Our
Site does not transfer any Active-X programs or Java Applets to your computer's hard drive.
- Use of Third-party Media and Research Companies
Our Site may run limited third-party ads only for those Gibson Sylvestre & Associates Partners
with whom we link.
- Links to Other Websites
Links to third-party websites may be provided solely for your information and convenience, or to
provide additional shopping for various other goods and services through theGibson Sylvestre &
Associates Partners. If you use these links, you may leave our Site. This Privacy Statement does not
cover the information practices of those websites linked to our Site, nor do we control their content
or privacy policies. We suggest that you carefully review the privacy policies of each site you
We maintain contractual agreements with all Gibson Sylvestre & Associates Partners, and expect
that they observe the intent of and abide by the terms of this Privacy Statement. In return, Gibson
Sylvestre & Associates Partners may share with us any purchases you make from their websites in
order for us to better service your future purchasing needs.
- Children's Privacy Protection
We take special care to protect the privacy needs of children and encourage parents to be an active
participant in their child's online activities. Our Site and/or our Applications do not target and are
not intended for children under the age of 18, and we will not knowingly collect Personally
Identifiable Information from them. If we discover personal data from a child, we will eliminate that
- SHARING THE INFORMATION WE COLLECT
Except as disclosed in this Privacy Statement, we do not sell trade, rent, or otherwise retransmit any
Personally Identifiable Information we collect online unless we have your permission. Any Personally
Identifiable Information you provide to us will be stored in our databases in the United States.
- Blanchard Partners
As permitted by law, we may share Personally Identifiable Information you provide with other Gibson
Sylvestre & Associates-related entities and/or trusted business partners with whom we collaborate,
as well as those that provide services to our Site (collectively “Blanchard Partners”).
Where we engage Gibson Sylvestre & Associates Partners, we expect them to observe the intent of
and abide by the terms of this Privacy Statement.
- For Other Business and/or Legal Purposes
From time to time, we may be required to provide Personally Identifiable Information in response to
court order, subpoena, or government investigation. We also reserve the right to report to law
enforcement agencies any activities that we in good faith believe to be unlawful. We may release
Personally Identifiable Information when we believe that such release is reasonably necessary to
of others and ourselves.
Should Gibson Sylvestre & Associates or its related entities merge with or be acquired by another
business entity, or its respective assets be acquired, you should expect that we would share some or
all of your Personally Identifiable Information to companies assuming the role of serving you and
- To Other Countries
Some of the uses and disclosures mentioned in this Privacy Statement may involve the transfer of your
Personally Identifiable Information to various countries around the world. By submitting your
Personally Identifiable Information via this Site, and/or our Applications, or in response to our
e-mails, you consent to such transfers and to the processing of this information in various countries
around the world.
- YOUR CHOICES
Your permission is generally secured first. We will generally not use or share the Personally
Identifiable Information collected on our Site and/or our Applications in ways unrelated to the purpose
for which you provided the information, including those described here, without providing you a choice
whether to permit any such unrelated uses.
- ACCESSING AND UPDATING YOUR INFORMATION
We take reasonable measures to ensure that any Personally Identifiable Information we collect is
accurate, current, complete, and reliable for its intended use. If you wish to update or otherwise
correct Personally Identifiable Information that you have provided to us, you may contact us by using
the "Contact Us" link on the Site and we will assist you.
- SECURING YOUR INFORMATION
We acknowledge your trust and are committed to take reasonable steps to protect Personally Identifiable
Information you provide online from loss, misuse, and unauthorized access. We employ physical,
electronic, and managerial processes to safeguard and secure your information.
It is your responsibility to safeguard the user name and password you use to access our Site and/or our
Applications, and to promptly advise Gibson Sylvestre & Associates if you ever suspect that your
user name and password have been compromised. We strongly encourage you to change your password
regularly to prevent unauthorized access. Because your user name and password are specific to you, you
acknowledge sole responsibility for any and all use of our Site and/or our Applications conducted with
your user name and password.
- CHANGES TO THIS STATEMENT
Any updates or changes to the terms of this Privacy Statement will be posted here on our Site and the
date of the newest version posted below. Please check back frequently, especially before you submit any
Personally Identifiable Information, to see if this Privacy Statement has changed. Any material changes
to this Privacy Statement will be made conspicuous on this page. By using our Site and/or any of our
Applications, you acknowledge acceptance of this Privacy Statement in effect at the time of use.
- CONTACT US
If you have any concerns about our use of your information or about this Privacy Statement please send
an email to email@example.com . We
will make every reasonable effort to address your concerns and remedy any problems you bring to our
- EU GENERAL DATA PROTECTION REGULATION AND PRIVACY SHIELD FRAMEWORK
For EU and U.K. residents, the Company complies with Regulation (EU) 2016/679 (the General Data
Protection Regulation, or "GDPR") which replaces the EU Data Protection Directive 95/46/EC
framework as set forth by the European Union. GDPR compliance addresses the collection, use, and
retention of personal data from European Union member countries, Switzerland, and the U.K. The company
has certified that it adheres to the requirements of notice, choice, onward transfer, security, data
integrity, access, and enforcement.
The Company also adheres to the Privacy Shield Framework concerning the transfer of personal data from
the European Union (“EU”) to the United States of America. Detailed Privacy Shield Framework
information may be found at https://privacyshield.gov.
Adherence to this Framework requires the Company to subscribe to the following Principles:
- The U.S. Department of Commerce maintains an authoritative list of U.S. organizations that have
self-certified to the Department and declared their commitment to adhere to the principles. The list
may be accessed at https://www.privacyshield.gov/list
- Company utilizes third party developers and their system platforms that allow end users from
client organizations to participate in training provided by the Company. The data collected that may
personally identify those individuals is email address, first name, and last name.
- Company is committed to subject to the Principles all personal data received from the EU.
- Company collects and processes, at the direction and instruction of clients, personal information
directly from individuals in the E.U. in order to allow participation in training programs
facilitated by electronic platforms that require the ability to identify individuals for the
purposes of receiving learning materials, assessments, and other curricula directly connected to the
business of the Company.
- Company processes data under the guidance and direction of the clients. If an individual becomes
aware that information the Company maintains about that individual is inaccurate, or if an
individual would like to update or review his or her information, the individual must contact the
Company and request amendments.
- Company shall only process Personal Information in a way that is compatible with and relevant for
the purpose for which it was collected or authorized by clients. Company shall take reasonable steps
to ensure that Personal Information is accurate, complete, current, and reliable for its intended
- In compliance with the Privacy Shield Principles, The Gibson Sylvestre & Associates Companies
commits to resolve complaints about our collection or use of your personal information. EU
individuals with inquiries or complaints regarding our Privacy Shield policy should first contact
The Gibson Sylvestre & Associates Companies at:
The Gibson Sylvestre & Associates Companies has further committed to cooperate with the panel
established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield
complaints concerning human resources data transferred from the EU in the context of the employment
- Company is subject to the investigatory and enforcement powers of the FTC or any other U.S.
authorized statutory body with jurisdiction to investigate claims against our organization regarding
possible unfair or deceptive practices and violations of laws or regulations covering privacy.
- An individual may invoke binding arbitration. An individual’s decision to invoke this
binding arbitration option is entirely voluntary. Arbitral decisions will be binding on all parties
to the arbitration. Once invoked, the individual forgoes the option to seek relief for the same
claimed violation in another forum, except that if non-monetary equitable relief does not fully
remedy the claimed violation, the individual’s invocation of arbitration will not preclude a
claim for damages that is otherwise available in the courts.
- The Company may be required to disclose personal information in response to lawful requests by
public authorities, including to meet national security or law enforcement requirements.
- Permitted transfers of information to third parties include the transfer of data from one
jurisdiction to another, including transfers to and from the United States of America. Company may
transfer data to a third party acting as a controller, which provides that such data may only be
processed for limited and specified purposes consistent with the consent provided by the individual
or the organization pursuant to the principle of Choice and that the recipient will provide the same
level of protection as the Principles and will notify the organization if it makes a determination
that it can no longer meet this obligation. The contract shall provide that when such a
determination is made the third party controller ceases processing or takes other reasonable and
appropriate steps to remediate.
- This notice must be provided in clear and conspicuous language when individuals are first asked to
provide personal information to the organization or as soon thereafter as is practicable, but in any
event before the organization uses such information for a purpose other than that for which it was
originally collected or processed by the transferring organization or discloses it for the first
time to a third party.
- An organization must offer individuals the opportunity to choose (opt out) whether their personal
information is (i) to be disclosed to a third party or (ii) to be used for a purpose that is
materially different from the purpose(s) for which it was originally collected or subsequently
authorized by the individuals. Individuals must be provided with clear, conspicuous, and readily
available mechanisms to exercise choice.
- By derogation to the previous paragraph, it is not necessary to provide choice when disclosure is
made to a third party that is acting as an agent to perform task(s) on behalf of and under the
instructions of the organization. However, an organization shall always enter into a contract with
- ACCOUNTABILITY FOR ONWARD TRANSFER
- To transfer personal information to a third party acting as a controller, organizations must
comply with the Notice and Choice Principles. Organizations must also enter into a contract with the
third-party controller that provides that such data may only be processed for limited and specified
purposes consistent with the consent provided by the individual and that the recipient will provide
the same level of protection as the Principles and will notify the organization if it makes a
determination that it can no longer meet this obligation. The contract shall provide that when such
a determination is made the third party controller ceases processing or takes other reasonable and
appropriate steps to remediate.
- Company shall take reasonable steps to protect the Information from loss, misuse and unauthorized
access, disclosure, alteration and destruction, taking into due account the risks involved in the
processing and the nature of the personal data. Company has put in place appropriate physical,
electronic and managerial procedures to safeguard and secure the Information from loss, misuse,
unauthorized access or disclosure, alteration or destruction. Company cannot guarantee the security
of Information on or transmitted via the Internet.
- DATA INTEGRITY AND PURPOSE LIMITATION
- Company shall only process Personal Information in a way that is compatible with and relevant for
the purpose for which it was collected or authorized by clients. To the extent necessary for those
purposes, Company shall take reasonable steps to ensure that Personal Information is accurate,
complete, current, and reliable for its intended use.
- Company retains information in a form identifying or making identifiable the individual only for
as long as it serves a purpose of processing within the meaning of the preceding paragraph at the
express direction of the client. This obligation does not prevent the Company from processing
personal information for longer periods for the time and to the extent such processing reasonably
serves the purposes of archiving in the public interest, journalism, literature and art, scientific
or historical research, and statistical analysis. In these cases, such processing shall be subject
to the other Principles and provisions of the Framework. Company takes reasonable and appropriate
measures in complying with this provision.
- Individuals on demand may access personal information about them that the Company holds and be
able to correct, amend, or delete that information where it is inaccurate, or has been processed in
violation of the Principles, except where the burden or expense of providing access would be
disproportionate to the risks to the individual’s privacy in the case in question, or where
the rights of persons other than the individual would be violated. For remediation, contact
information is provided in paragraph 1 above.
- RECOURSE, ENFORCEMENT AND LIABILITY
- Effective privacy protection must include robust mechanisms for assuring compliance with the
Principles, recourse for individuals who are affected by non-compliance with the Principles, and
consequences for the organization when the Principles are not followed. At a minimum such mechanisms
- readily available independent recourse mechanisms by which each individual’s complaints
and disputes are investigated and expeditiously resolved at no cost to the individual and by
reference to the Principles, and damages awarded where the applicable law or private-sector
initiatives so provide;
- follow-up procedures for verifying that the attestations and assertions organizations make about
their privacy practices are true and that privacy practices have been implemented as presented
and, in particular, with regard to cases of non-compliance; and
- obligations to remedy problems arising out of failure to comply with the Principles by
organizations announcing their adherence to them and consequences for such organizations.
Sanctions must be sufficiently rigorous to ensure compliance by organizations.
- Organizations and their selected independent recourse mechanisms will respond promptly to
inquiries and requests by the Department for information relating to the Privacy Shield. All
organizations must respond expeditiously to complaints regarding compliance with the Principles
referred by EU Member State authorities through the Department. Organizations that have chosen to
cooperate with DPAs, including organizations that process human resources data, must respond
directly to such authorities with regard to the investigation and resolution of complaints.
- Organizations are obligated to arbitrate claims and follow the terms as set forth in Annex I,
provided that an individual has invoked binding arbitration by delivering notice to the organization
at issue and following the procedures and subject to conditions set forth in Annex I.
- In the context of an onward transfer, a Privacy Shield organization has responsibility for the
processing of personal information it receives under the Privacy Shield and subsequently transfers
to a third party acting as an agent on its behalf. The Privacy Shield organization shall remain
liable under the Principles if its agent processes such personal information in a manner
inconsistent with the Principles, unless the organization proves that it is not responsible for the
event giving rise to the damage.
- When an organization becomes subject to an FTC or court order based on non-compliance, the
organization shall make public any relevant Privacy Shield-related sections of any compliance or
assessment report submitted to the FTC, to the extent consistent with confidentiality requirements.
The Department has established a dedicated point of contact for DPAs for any problems of compliance
by Privacy Shield organizations. The FTC will give priority consideration to referrals of
non-compliance with the Principles from the Department and EU Member State authorities, and will
exchange information regarding referrals with the referring state authorities on a timely basis,
subject to existing confidentiality restrictions.
Effective January 7th, 2019.