Morley Companies, Inc. is a corporation incorporated under the laws of the State of Michigan, with its head office at One Morley Plaza, Saginaw, Michigan 48603 in the United States of America.
(the “Website”) and has three business units: Business Process Outsourcing, Meetings & Incentives, and Exhibits & Displays. "Service" refers to any of the services of these business units, our interaction with current or potential clients or their customers, employment candidates, or other communications related to Morley business and operations.
This statement explains what we do with your personal information when you visit our Website, when you register to use our Service and when you communicate with us.
If you have questions about our collection, use or disclosure of your personal information, or if you want to exercise your rights, explained further below, you can contact our Chief Privacy Officer by emailing
firstname.lastname@example.org or by writing to us at One Morley Plaza, Saginaw, MI 48603, Attn: Privacy Officer.
We may collect and process the following information about you:
Information you give us: You may give us information about you by filling out the registration form on our registration site or by corresponding with us by phone, email, chat, via our Website or otherwise. This includes information you provide when you register for our Service. The
information you give us may include:
Information we receive
from third parties: We may obtain information from third parties, such as an employer assisting us and our client with a marketing research study. If we reached out to you to invite you to register for our Service, it may have been because your employer or another entity gave us your
contact information to do so. Your employer or that entity did so because they thought you would be interested in our Service or they specifically wanted you to register for our Service for a business-related event or travel experience. We also may have contacted you for business opportunities, recruitment purposes or other operational purposes.
Log files: As you navigate through and interact with our Website, we automatically collect information about your computer hardware and software. This information can include your IP address, browser type, domain names, internet service provider
(ISP), the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, clickstream data, access times and referring website addresses. We use this information for the operation of the Service, to maintain quality of the Service and to provide general statistics regarding use of the Website.
For these purposes, we do link this automatically collected data to personal information such as name, email address, address and phone number.
and advertising: You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe’s website. If you disable or
We are also responsible for all personal information that we provide to subcontractors/processors and agents for processing to help us in serving our clients. It is the responsibility of the Morley staff person proposing or supervising such activities to ensure that the written contract
In some cases, that will require the third party to enter into a separate contract with us, e.g., a Data Processing Agreement that ensures their processing of your information is compliant with all relevant and applicable laws as they may be applicable to you. Further provisions may include the
return of all personal information to us upon completion, an agreement not to use such information except for our purposes, and the destruction of any remaining records in the possession of the third party.
Finally, the third party must agree to advise Morley immediately of any concerns or objections
Care shall be taken to select only contractors, processors or other third parties who can guarantee the technical and organizational requirements and security provisions necessary for the processing.
We will never sell your personal information to any third party.
In addition, we may process your information and information about you for the following purposes:
The collection of personal information shall be limited to that which is necessary for the purposes identified above.
If you are a visitor/customer located in the EEA, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information from you
only where we have your consent to do so, where we need the personal information to perform a contract with you, where it is necessary to protect your vital interests or those of another person, or where the processing is in our legitimate interests and not overridden by your data protection interests
or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you
do not provide your personal information). Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.
We may share the information we have collected about you, including personal information, as disclosed at the time you provide your information and in the following circumstances:
with our employees/agents: We will share your information with our employees/agents who are responsible for providing you the Service in line with the scope of their employment/agency with us.
Third parties providing
services on our behalf: We share your personal information with third parties, such as payment processors, excursion companies, hotel/lodging accommodations, vendors, etc., to allow them to provide you the Service as they are specific to their particular role. For example, we share your payment
information with payment processors to allow them to charge your relevant debit/credit account for the Service. We share your name information with hotel/lodging and accommodation entities and excursion companies to allow them to reserve you a room/space in their hotel/lodging facility and/or on their
excursion, as relevant. This information is shared for the sole purpose of allowing us to provide you the Service. These companies are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which Morley discloses it to them. We may use: (a)
third-party analytics service providers and (b) ad-serving platforms, such as Google and Facebook, which may set and access their own cookies and web beacons on your device. These parties may have access to usage information. They may also have access to pseudonymous or anonymous information about you (such as a
unique identification number), which may be combined or associated with information from other sources to identify you.
Where we use
subcontractors/processors to provide the Service: Any such subcontractor/processor will only use your personal information for the purposes of providing services to us and will have no right to use your personal information for its own purposes or to share or otherwise disclose
your personal information. We use third-party payment processing services when you make payment through our site. We do not have access to any credit card or other financial information processed by the third party.
Business transfer: We reserve the right to disclose and transfer all information related to the Service, including, without limitation, your personal information, demographic information and usage information: (i) to a subsequent owner, co-owner or
operator of the Service or applicable database; or (ii) in connection with a corporate merger, consolidation, restructuring, the sale of substantially all of our stock and/or assets or other corporate change, including, without limitation, during the course of any due diligence process.
other companies and organizations for the purposes of fraud protection and credit risk reduction.
Compliance: Where we are requested to provide information by authorized third parties or regulatory or governmental agencies investigating illegal activities.
Emergency:Where we believe that an emergency, illegal activity or some other reasonable basis exists for notifying the relevant authority.
If you choose not to provide personal information, you may be unable to access or use the Service as we simply may not be able to perform required functions.
The EU General Data Protection Regulation (“GDPR”) became effective in the European Union as of May 25, 2018. In preparation for the GDPR, we reviewed our internal processes and put policies and procedures in place to attempt to meet the requirements and standards of the GDPR and any
relevant data protection laws.
We are not established in the EEA; however, the following apply to individuals whose personal information is processed in the EEA to allow those individuals to understand and enforce their data protection rights.
EEA Users have the following rights:
To exercise any of your data subject rights, please contact us at
email@example.com. We will respond to your request without undue delay, and, in any event, within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the
requests we receive. If we take an extension, we shall inform you within one month of our receipt of the original request, together with the reasons for delay.
In the event your personal data that we collected was subject to a Personal Data Breach (defined below), we will notify you and competent Supervisory Authority(ies) within 72 hours by email with information about the extent of the breach, affected data, any impact, and our plan for
measures to secure the data and limit any possible detrimental effect on you. A “Personal Data Breach” is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed.
The Company takes the privacy and security of individuals and their personal information very seriously, and we take every reasonable measure and precaution to protect and secure the personal data that we process. We have robust information security policies and procedures in place to protect
personal information from unauthorized access, alteration, disclosure or destruction and have several layers of security measures, including:
Effective Date: February 15, 2019
Last Modified: June 10, 2020