GRC 20/20 Membership Agreement

 Terms of Service and Privacy Policy

By registering in the GRC 20/20 Site, you are entering into a GRC 20/20 Membership Agreement and Software License set out below, which is a contract between you and GRC 20/20 Research, LLC. You are agreeing to be a party to this contract by registering through any of the following actions:

  • Submitting your registration either by filling out fields on the Site registration form, or by using your LinkedIn profile to register with one click/li>
  • Registering to attend any GRC 20/20 event or to download any content from the GRC 20/20 Site
  • Purchasing a GRC 20/20 Advisor Subscription
  • Registering using a coupon code that has been provided to you by GRC 20/20, your employer, any GRC 20/20 partner, or any GRC Advisor Subscriber Council member company

If you do not wish to be bound by the terms of the GRC 20/20 Membership Agreement and Software License (hereinafter referred to as the or this Agreement), you should not take any of the above listed actions. You are referred to as “Member” in the Agreement. 

GRC 20/20 MEMBERSHIP AGREEMENT AND SOFTWARE LICENSE

In consideration of GRC 20/20 providing Member with a license to use the GRC 20/20 software service (hereinafter “the GRC 20/20 Site”) to obtain or access resources, training and webinars, Member agrees to the following terms:

  1. Intellectual Property and Use of Site Content
    1. All materials and content on the GRC 20/20 Site is the intellectual property of GRC 20/20 (except some content submitted by members or partners of GRC 20/20) (hereinafter referred to collectively as Site Content). Member’s use of any of the GRC 20/20 Site Content is governed by the terms set out below and in the GRC 20/20 Site Terms of Use which are incorporated into and made a part of this Agreement.
    2. GRC 20/20 makes the Site Content available to Member solely for personal use, including internal use within the organization where Member is employed. Site Content includes but is not limited to Illustrations, eBooks, Research Papers, Research Briefings, Survey Reports, Infographics, Webinar Recordings and Slides, and On Demand Videos. If Member wishes to use any Site Content in public presentations or for commercial purposes, or wishes to customize any content for internal use in Member’s organization, please contact GRC 20/20 (or the relevant content contributing member) for use and licensing information.
    3. Member agrees that Member will not use any GRC 20/20 Site Content to market services, generate revenue or otherwise provide commercial services, either personally or through Member’s organization, without first obtaining a commercial use license from GRC 20/20. If Member or Member’s organization improperly uses such Site Content for any commercial purpose, Member agrees that Member or Member’s organization will pay GRC 20/20 three times the fee for commercial use licenses for such item(s) at GRC 20/20’s then prevailing license rates and to refrain from further use if so requested by GRC 20/20.
    4. Member also agrees to not use for commercial purposes any Site Content that is the intellectual property of any other GRC 20/20 member without first gaining permission from such member (or member organization if a GRC Solutions Council member is the source of the material or content).
    5. There is some content on the Site which GRC 20/20 provides under a “copyleft” agreement. Details are available at https://www.GRC2020.com/terms-of-use/advanced-license-permissions/ GRC 20/20 understands that some organizations are not able to use open source content and code in their products and/or projects. As such, even when there is a copyleft license, GRC 20/20 also offers other licenses that may allow Member to include this content in a Member or Member organization project/product. Contact [email protected] for details about licensing.
    6. From time to time, GRC 20/20 may post content in the GRC 20/20 Site that Member may contribute to share with other GRC 20/20 members. Member hereby certifies that any document or other submission delivered to GRC 20/20 for posting or publication is original to Member as the author or is in the public domain or Member has gained permission to post the document or a link to the document; that such posting or publication does not infringe or violate any law or the intellectual property rights of any third party; and that the document has not been published, sold, licensed, pledged or otherwise encumbered such that it may not be posted on the GRC 20/20 Site. GRC 20/20 refers to member submissions as “User Submissions” subject to the Digital Millennium Copyright Act Provisions further discussed at paragraph 10 of the Terms of Use below. The presentation of any User Submissions on the GRC 20/20 Site is solely within GRC 20/20’s discretion and GRC 20/20 may remove any User Submissions at any time for any reason. Any User Submissions are solely the views of the contributing member, and GRC 20/20 neither endorses nor joins in those views. Member agrees to hold GRC 20/20 harmless and to indemnify and defend GRC 20/20 against any claims it may face that arise from Member’s User Submissions.
  2. Receipt and Use of Member Data
    1. By entering into this GRC 20/20 Member Agreement, Member acknowledges that Member data is collected by GRC 20/20 within the United States through the GRC 20/20 website and grants GRC 20/20 permission to use Member’s personal data in certain ways as detailed below and in the GRC 20/20 Privacy Policy which is incorporated into this Agreement.
    2. GRC 20/20 agrees to comply with all laws and regulations applicable to the use and processing of Member’s data, as detailed below and in the GRC 20/20 Privacy Policy. Member agrees that GRC 20/20 is collecting and processing Member’s data through the GRC 20/20 webiste within the United States, even if Member resides elsewhere.
    3. Member agrees that GRC 20/20 may use Member’s personal data to:
      1. Serve Member by communicating with Member by email and in-app systems, including communications about available GRC 20/20 resources and events; forwarding of GRC 20/20 Member announcements offering resources and events; answering questions and offering information about GRC certifications held by or available to Member; and other communications regarding GRC 20/20 based on Member’s preferences and site use history
      2. Enforce the terms of this Agreement, for example regarding the limited licensing of Site Content for non-commercial
      3. Provide Member contact information and webinar participation information (such as answers to polls and questions asked) to sponsors of Site Content downloaded, or webinars attended by Member, for follow up contact by sponsors (Member may in some cases limit or reject future contact by sponsors when filling out registration forms on the GRC 20/20 site, or may otherwise directly unsubscribe from sponsor communications or ask sponsor to stop contact or remove their data from sponsor possession.)
    4. GRC 20/20 agrees that it will not sell or distribute Member data to any third party, except as such data is provided to Site Content sponsors in accordance with sub-paragraph c. above.
  3. Member Data Protection
    1. GRC 20/20 agrees to comply with all applicable laws and regulations concerning processing and protection of Member’s personal data and shall take all reasonable steps to protect Member’s personal data as required by applicable laws and regulations. GRC 20/20 shall maintain appropriate security measures to protect personal data, including appropriate technical and organizational measures, to protect against unauthorized or unlawful processing, access by individuals who are not in need of the data to do their job for GRC 20/20, and against accidental loss, destruction or damage. Member data will be encrypted.
    2. GRC 20/20 may store Member data in systems provided by third party software-as-service providers located in the United States or elsewhere and shall confirm that such providers are managing the data in accordance with all applicable data protection laws and regulations.
    3. In the event of a data breach which involves Member personal data (Personal Data Breach), GRC 20/20 will: (i) promptly take all necessary and appropriate corrective action to remedy the underlying causes of the Personal Data Breach and make reasonable commercial efforts to ensure that such Personal Data Breach will not recur; (ii) notify Member without unreasonable delay, providing reasonable detail of the Personal Data Breach and likely impact on Data Subjects; and (iii) take any action required by applicable law.
    4. GRC 20/20 shall retain Member data as long as necessary to meet the stated uses of such data and to support GRC 20/20 legal and operational requirements, and statistical, historical and research uses. If Member downloads any Site Content and then asks GRC 20/20 to remove all of Member’s data, GRC 20/20 shall do so within a reasonable period of time, but shall indefinitely retain Member’s data in as much detail as necessary to ensure that GRC 20/20 can enforce the limited license terms of this Agreement. This includes records of details regarding what items were downloaded by Member (title of items and dates downloaded) and Member’s contact information. Also, is required by various certification authorities such as NASBA to maintain identifiable information about your participation in learning events including your registration, attendance and answers to any polls or surveys, and we shall do so to be able to comply and to satisfy any audit by such authorities.
    5. In no event does GRC 20/20 retain credit card data obtained if Member purchases access, research, or other items through the GRC 20/20 website. Such data is collected only by GRC 20/20’s third party credit card processor and never enters GRC 20/20’s possession.
    6. Member may request the following actions by using links provided in the Member profile on the GRC 20/20 site (top right of any page in the site):
  1. access to a copy of the information comprised in their personal data;
  2. have inaccurate personal data rectified, blocked, erased or destroyed

Other requests regarding Member data may be made by contacting GRC 20/20 at [email protected]. GRC 20/20 shall comply with requests in accordance with the provisions of data protection laws applicable to Member and Member’s data and shall apply any provided exemptions and provisions for fees related to such requests.

  1. Paid Access
  1. Paid access (GRC Advisor Access and other levels of access passes) requires payment which establishes Member’s enhanced access for twelve months.
  2. Company subscriptions or bundles (e.g., GRC Advisor Subscriptions bundles) are established at the organizational level and a subscription manager for the organization will determine who within the organization may use the accompanying licenses. We are only able to share information about these subscriptions and bundles with the subscription manager.
  3. If Member purchases an GRC Advisor Subscriptions or any other subscription-based access by credit card through our Site, Member agrees that the card will be automatically charged upon annual renewal dates and/or for scheduled monthly payments following the initial term. If Member wishes to cancel the subscription at any time after the initial term, Member may access “Account & Billing” features of Member’s profile (upper right corner of the Site) and click the Cancel button. Contact GRC 20/20 at [email protected] for assistance if needed. Member agrees to cancel prior to the renewal date and acknowledged that once a renewal charge has been processed, it will not be refunded and that all fees and charges are nonrefundable. Member also agrees to make any necessary changes to credit card information or update expiration dates prior to renewal dates through the “Orders & Billing Info” section of the GRC 20/20 Site.

GRC 20/20 Site Terms of Use

By using the GRC 20/20 Site, you are agreeing to comply with the following Terms of Use. 

By registering on the GRC 20/20 Site, downloading any content from the GRC 20/20 Site or registering for any GRC 20/20 webinar through the Site, you are entering into a binding contractual agreement with GRC 20/20, which is the GRC 20/20 Membership Agreement and Software License that is set forth above. Read that Agreement before downloading or copying any content from the GRC 20/20 Site. 

  1. Unlawful Site Use
    1. You agree not to use the GRC 20/20 Site for any unlawful purpose. We reserve the right to terminate or restrict your access if, in our opinion, your use may violate any laws, infringe upon another person’s rights or violate these Terms of Use or the GRC 20/20 Membership Agreement and Software License.
    2. We may refuse to grant you a user name that impersonates someone else, is protected by trademark or other proprietary right law, or is vulgar or otherwise offensive.
  2. Use of Materials 
    1. All materials and content on this Site, including all original documents to which links are provided, are the copyrighted work of GRC 20/20, unless otherwise noted. Some content posted by GRC 20/20 is provided by members of GRC 20/20 or member companies on the GRC 20/20 GRC Solutions Council (collectively, all of the materials and content are hereinafter referred to as “Site Content”).
    2. As a condition of using the GRC 20/20 Site, you agree not to copy or create screenshots of any Site Content, or to create abstracts from, scrape or display headlines from the Site for use on another web Site or service. You agree not to post any Site Content to newsgroups, mail lists or electronic bulletin boards, without our prior written consent. To request consent for this and other matters, please contact us at support@GRC 20/20.org
    3. Documents or any other Site Content (with the exception of public exposure draft documents) may be downloaded, copied and distributed within your own organization on a limited basis for noncommercial purposes only, provided that any copies include the GRC 20/20 copyright notice in a clearly visible position. Public exposure draft documents may not be copied for distribution, but anyone may register and download their own copies from the Site. Downloading Site Content constitutes your consent to enter into the GRC 20/20 Membership Agreement, which is posted above. Please read the Agreement before proceeding to download any Site Content.
    4. Please note that some downloaded documents will be stamped with a single user noncommercial license and you may want to have others in your organization register and download their own copies instead of distributing your copy, so that you can be sure to prevent further redistribution of an item licensed to you.
  3. Commercial Use of Materials
    1. GRC 20/20 Site Content may not be copied or redistributed for commercial purposes or for compensation of any kind except as provided for in a commercial use license from GRC 20/20. This means that you must first ensure that your organization has arranged a commercial use license before you use these materials in consulting engagements or use the content in any software application which you sell or otherwise make available to clients or customers.
    2. You also may not use any GRC 20/20 materials in presentations or publications which support marketing efforts by your organization without prior approval from GRC 20/20.
    3. If you have questions about these terms, or would like information about licensing materials from GRC 20/20, please contact us via email at [email protected].
  4. Third Party Web Sites, Services and Software
    1. We may link to or promote web sites or services from other companies on the GRC 20/20 Site or offer you the ability to download content or software from other companies. You agree that we are not responsible for, and do not control, those web sites, services, content and software and are not responsible for their actions.
  5. Changes to Terms of Use
    1. We may change these terms at any time by notifying you of the change electronically, using the e-mail address we have on record for you. If you have unsubscribed from email notification, you will be able to find the changes in this document, which you can access at any time by clicking on “Terms of Use” at the bottom of the Site homepage.
    2. Your use of the GRC 20/20 Site after changes are made to this document means that you agree to be bound by such changes.
  6. Privacy
    1. Registration data and other information about you is subject to our Privacy Policy which is presented below.
    2. If you are located outside of the United States, note that information that you provide to us is being sent to, collected and processed within the United States. By registering on the GRC 20/20 Site, you consent to your data being sent to the United States and managed pursuant to U.S. legal requirements.
  7. Fees and Payments 
    1. You agree to pay GRC Advisor Access subscription and any other charges incurred in connection with your username and password for GRC 20/20 at the rates in effect when the charges were incurred.
    2. If you’ve elected to pay by credit card, we will bill all charges to your credit card upon receipt of your application or purchase with an additional 3% fee for credit card use, except in the case of individual All Access Pass purchases.
    3. Upon commencement of an GRC Advisor Access subscription or organizational subscription, or purchase of any item, initiated either by phone, online, or e-mail, or postal mail, there are no cancellations and no refunds of fees or any portion thereof under any circumstances. GRC Advisor Access may be cancelled at any time and if the GRC Advisor Access subscription is month-to-month, charges will be stopped as of the next month following cancellation. There is no pro rata refund if cancellation of an annually billed GRC Advisor Access is cancelled prior to the end of the then current membership year term (which is 12 months rolling from the date of initiation).
    4. An organization becomes bound as a paying member of the GRC 20/20 access and content, or as a purchaser of a bundle of GRC Advisor Access, after either signing up with a representative by phone, or by faxing in an application form. Once the application has been submitted, regardless of whether or not the applying organization has remitted the payment, all sales are final and all fees are due. Questions about GRC 20/20’s cancellation policy should be sent to [email protected]
    5. If you are authorized to access the GRC 20/20 Site through arrangements between your employer and us, some or all of these “Fees and Payments” terms may not apply to you. Please contact your employer representative to GRC 20/20 for details.
  8. Unauthorized Use of Your User Name

If you believe someone has accessed the GRC 20/20 Site using your user name and password without your authorization, please inform us at [email protected]

  1. Renewal and Automatic Billing
    1. If you have an individual or organizational GRC Advisor Access that is not set up for automatic renewal (e.g. you asked for an invoice and made payment by check), we will make reasonable attempts to contact you when your access subscription is due to expire and offer a simple process for renewing. If your membership or subscription expires before you accept our renewal offer, your access to GRC 20/20 and all of its services at the level of your membership or subscription will terminate without additional notice. Any special offers or discounts obtained upon your initial membership, subscription or any subsequent renewals may not necessarily be offered on renewal, and we reserve the right to change our fees at any time without notice.

IMPORTANT: If you purchase an GRC Advisor Access or any other subscription based access by credit card through our Site, your card will be automatically charged upon annual renewal dates and/or for scheduled monthly payments following the initial term. If you wish to cancel your subscription at any time after the initial term, you may access “Account & Billing” features of your profile (upper right corner of the Site) and click the Cancel button. Please contact us at [email protected] if you have any trouble. Please make sure to cancel prior to the renewal date. Once a renewal charge has been processed, it will not be refunded.  Also, please let us know if you wish to change your credit card or update expiration dates on it, prior to renewal dates.

  1. DISCLAIMERS OF WARRANTIES AND LIMITATIONS ON LIABILITY

YOU AGREE THAT YOUR ACCESS TO AND USE OF THE GRC 20/20 SITE AND THE CONTENT AVAILABLE THROUGH THE SITE IS ON AN “AS-IS”, “AS AVAILABLE” BASIS AND WE SPECIFICALLY DISCLAIM ANY REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ANY REPRESENTATIONS OR WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

GRC 20/20 DOES NOT PROVIDE LEGAL ADVICE. INDIVIDUALS OR ORGANIZATIONS SHOULD NOT MAKE DECISIONS WITH POSSIBLY LEGAL CONSEQUENCES BASED ON INFORMATION ON THIS SITE WITHOUT OBTAINING INDEPENDENT LEGAL COUNSEL. THE GRC 20/20 SITE CONTAINS LINKS TO OTHER SITES, BUT WE CANNOT BE RESPONSIBLE FOR THE TERMS OF USE OF OTHER SITES. PLEASE READ THE TERMS OF USE AND PRIVACY STATEMENTS OF EACH SITE YOU VISIT. GRC 20/20 ALSO LINKS TO DOCUMENTS PUBLISHED BY LAW FIRMS, ACCOUNTING FIRMS AND OTHER THIRD-PARTIES. THOSE DOCUMENTS DO NOT REFLECT THE VIEWS OF GRC 20/20.

INFORMATION GATHERED AND DISPLAYED ABOUT INDIVIDUAL COMPANIES, ORGANIZATIONS, GOVERNMENT AGENCIES, AND OTHER GROUPS IS AVAILABLE FOR INFORMATIONAL PURPOSES ONLY AND IS NOT INTENDED FOR TRADING PURPOSES OR FOR THE EVALUATION OF THOSE ORGANIZATIONS FOR ANY OTHER PURPOSE. GRC 20/20 SHALL NOT BE LIABLE FOR ANY ERRORS OR DELAYS IN CONTENT, OR FOR ANY ACTIONS TAKEN IN RELIANCE THEREON.

GRC 20/20 AND ITS SUBSIDIARIES, AFFILIATES, SHAREHOLDERS, DIRECTORS, OFFICERS, EMPLOYEES AND LICENSORS (“THE GRC 20/20 PARTIES”) WILL NOT BE LIABLE (JOINTLY OR SEVERALLY) TO YOU OR ANY OTHER PERSON AS A RESULT OF YOUR ACCESS OR USE OF THE GRC 20/20 SITE FOR INDIRECT, CONSEQUENTIAL, SPECIAL, INCIDENTAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS, LOST SAVINGS AND LOST REVENUES (COLLECTIVELY, THE “EXCLUDED DAMAGES”), WHETHER OR NOT CHARACTERIZED IN NEGLIGENCE, TORT, CONTRACT, OR OTHER THEORY OF LIABILITY, EVEN IF ANY OF THE GRC 20/20 PARTIES HAVE BEEN ADVISED OF THE POSSIBILITY OF OR COULD HAVE FORESEEN ANY OF THE EXCLUDED DAMAGES, AND IRRESPECTIVE OF ANY FAILURE OF AN ESSENTIAL PURPOSE OF A LIMITED REMEDY. IF ANY APPLICABLE AUTHORITY HOLDS ANY PORTION OF THIS SECTION TO BE UNENFORCEABLE, THEN THE GRC 20/20 PARTIES’ LIABILITY WILL BE LIMITED TO THE FULLEST POSSIBLE EXTENT PERMITTED BY APPLICABLE LAW.

  1. Digital Millennium Copyright Act Provisions 
    1. If you are a copyright owner or an agent thereof and believe that any User Submission or other content infringes upon your copyrights, you may submit a notification pursuant to the Digital Millennium Copyright Act (“DMCA”) by providing our Copyright Agent with the following information in writing (see 17 U.S.C 512(c)(3) for further detail):
      • A physical or electronic signature of a person authorized to act on behalf of the owner of an exclusive right that is allegedly infringed;
      • Identification of the copyrighted work claimed to have been infringed, or, if multiple copyrighted works at the GRC 20/20 Site are covered by a single notification, a representative list of such works at the Site;
      • Identification of the material that is claimed to be infringing or to be the subject of infringing activity and that is to be removed or access to which is to be disabled and information reasonably sufficient to permit the service provider to locate the material;
      • Information reasonably sufficient to permit GRC 20/20 to contact you, such as an address, telephone number, and, if available, an electronic mail;
      • A statement that you have a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law; and
      • A statement that the information in the notification is accurate, and under penalty of perjury, that you are authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
      • GRC 20/20’s designated Copyright Agent to receive notifications of claimed infringement is: Michael Rasmussen, 336 North Milwaukee Street, #506 or [email protected]. For clarity, only DMCA notices should go to the Copyright Agent; any other feedback, comments, requests for technical support, and other communications should be directed to [email protected]. You acknowledge that if you fail to comply with all of the requirements of this Section 5(D), your DMCA notice may not be valid.
    2. Counter-Notice. If you believe that your User Submission that was removed (or to which access was disabled) is not infringing, or that you have the authorization from the copyright owner, the copyright owner’s agent, or pursuant to the law, to post and use the content in your User Submission, you may send a counter-notice containing the following information to the Copyright Agent:
      • Your physical or electronic signature;
      • Identification of the content that has been removed or to which access has been disabled and the location at which the content appeared before it was removed or disabled;
      • A statement that you have a good faith belief that the content was removed or disabled as a result of mistake or a misidentification of the content; and
      • Your name, address, telephone number, and e-mail address, a statement that you consent to the jurisdiction of the federal court in Milwaukee, Wisconsin, and a statement that you will accept service of process from the person who provided notification of the alleged infringement.
    3. If a counter-notice is received by the Copyright Agent, GRC 20/20 may send a copy of the counter-notice to the original complaining party informing that person that it may replace the removed content or cease disabling it in 10 business days. Unless the copyright owner files an action seeking a court order against the content provider, member or user, the removed content may be replaced, or access to it restored, in 10 to 14 business days or more after receipt of the counter-notice, at GRC 20/20’s sole discretion.
  2. General
    1. This Agreement, and the GRC 20/20 Member Agreement if you have entered into such under the terms above, contain the final and entire agreement between us regarding your use of the GRC 20/20 Site and supersede all previous and contemporaneous verbal or written negotiations, understandings, or agreements regarding your use of the GRC 20/20 Site.
    2. We may discontinue or change the Site or its availability to you, at any time.
    3. This Agreement is personal to you, which means that you may not assign your rights or obligations under this Agreement to anyone. No third party is a beneficiary of this Agreement.
    4. You agree that this Agreement, as well as any and all claims arising from this Agreement will be governed by and construed in accordance with the laws of the State of Wisconsin, United States of America applicable to contracts made entirely within Wisconsin and wholly performed in Wisconsin, without regard to any conflict or choice of law principles. The sole jurisdiction and venue for any litigation arising out of this Agreement will be an appropriate federal or state court located in Milwaukee, Wisconsin. This Agreement will not be governed by the United Nations Convention on Contracts for the International Sale of Goods.

GRC 20/20 Privacy Policy

The following discloses the information gathering and dissemination practices for the GRC 20/20 Site. Additional terms regarding the collection, use and disposition of personal data are included in the GRC 20/20 Membership Agreement. For legal information and further details, please read our Membership Agreement and Terms of Use (above).

GRC 20/20 seeks to ensure the ethical use of information collected online and to protect the privacy of those who register on or otherwise use our Site. In addition to the provisions regarding data of anyone who enters into an GRC 20/20 Member Agreement, We follow these privacy practices:

  1. Information we collect

When you register on the GRC 20/20 Site, we ask you to provide certain information in order to gain access to content and features on the Site. The following fields are required to subscribe:

  1. First & Last Name
  2. Company Name
  3. Title / Position (your job title)
  4. Billing / Credit Card Information (where applicable)
  5. E-mail Address
  6. Mailing Address and Phone Number
  7. User Name (which may be your email address)
  8. Password

We ask that you provide additional voluntary information to complete your profile so that we may serve you better. The more information you provide about your interests and your organization, the more we can provide content of interest to you.

Anonymous information is collected for every visitor to the GRC 20/20 site.  This includes:

  1. Device or System Information such as hardware model, operating system, device identifiers, browser type.
  2. Use information such as pages viewed, date and time, IP numbers are used to determine domain type and in some cases, geographic region. We do not make any association between this information and a visitor’s identity. 
  3. Information may be stored on your hard drive in a “cookie file.” We use cookies to verify your account and determine when you’re logged in so we can make it easier for you to access the Website.  We use cookies to help us keep your account and the Website safe and secure.  You have the ability to accept or decline use of cookies.  If you wish to block or delete such files, most browsers provide a method for doing so; however, you may be restricted from logging in to or accessing our Website.
  4. Release to Third Parties
  1. You may disallow the release of personally identifiable information to third parties.
  2. We never provide contact information, or names, of any individuals or entities that participate in any GRC 20/20 benchmarking studies to anyone, except to the extent that you answer a question indicating that you want to be contacted to participate in future benchmarking or research with GRC 20/20 or any survey sponsor. Even in that case, the rest of your survey answers will not be provided to anyone with any identification of who provided the answers.
  3. From time to time, we send you email on behalf of GRC thought leaders and organizations, when they wish to send you information that is GRC related and of value to our members. If you wish to opt-out and prevent receiving such communications, you may do so by using the unsubscribe/manage link at the bottom of any communication or changing the communication preferences associated with your user name in the My Account section of the Site when you are logged in.
  4. We provide contact information of those who download sponsored materials or participate in sponsored webinars to the Sponsors of those products and events. If you are asked to register for such download or attendance by providing your contact information, it will be shared with the Sponsors who may use it to contact you, so if you don’t want that to happen, don’t download the item or register for the event.
  5. Completing the registration form for one of our events or download offers constitutes opting-in to your information being shared with the identified Sponsor of that item for the purpose of being further transferred, stored, processed and used within the Sponsor company and/or third parties that the Sponsor may choose at its reasonable discretion, for research and marketing activities. You are also opting-in to receiving promotional electronic communications, such as, but not limited to, phone calls, faxes, e-mail, newsletters and related materials, from the Sponsor or from third parties on behalf of the Sponsor.
  6. Use of Data
    1. Personally identifiable information you give us will be used to:
      • Process billing and orders for products/services you choose to purchase on our Site
      • Send you information you may request and/or personalize the content you see based on personal preferences
      • Send you occasional updates about GRC 20/20 activities and developments and about those of other organizations that relate to governance, risk management, ethics, compliance and other business issues which we believe you will find valuable.
      • Help us identify the time, date, Internet location, and system information you use during any purchase. This information will assist us in the event of fraud against your credit card.
      • Provide us with aggregate information about use of our Site to help us understand what role in organizations (e.g., lawyer, auditor, etc.) and what types of organizations use our Site, so that we may improve its usability and value. We also use aggregate data from online surveys you choose to fill out for research and publication purposes. Individuals or firms are not identified in any such research or publication.
      • We may include the names of subscribing companies (or companies of unidentified individual members) in promotional materials, but this would not include personally identifiable information.
      • Meet audit needs of certification authorities for CPE program reviews.
    2. We also may disclose and use personally identifiable information in special circumstances where it is necessary to enforce our Member Agreements or Terms of Use, such as when it may be necessary to protect our intellectual property rights. We may also disclose or use your personal information when we believe that the law requires us to do so.
    3. We will release your personal information as ordered by any court of law, and we do not guarantee that we will provide prior or subsequent notice to you. We will not challenge, or defend against any action seeking, such a court order.
  7. Cookies 

We use cookies to help you navigate our Site, suggest content you may want to see in our site, or to help us fulfill an order you may place. We also use cookies to understand how users navigate our Site and to improve user interactions and flows. You can remove any cookies in your own device at any time and if you do so, you will be asked to agree to our terms each time you return to use the site.

  1. How we store and protect information

We will retain your personal information for the period necessary to fulfill the purposes outlined in this Privacy Policy and in our Member Agreement unless a longer retention period is required or permitted by law.  This information is retained and used in accordance with existing laws, rules, regulations, and other policies.

We have implemented reasonable measures to secure your personal information from accidental loss and from unauthorized access, use, alteration and disclosure. However, the transmission of information is not completely secure. We cannot guarantee the security of personal information transmitted to us, and any transmission of such information is at your own risk. Our website may contain links to third party websites and online services. We are not responsible for the privacy practices or content of third party websites.

  1. Children.

 GRC 20/20’s policy is that our website may be used only by users who are over the age of 18. We do not intentionally collect any information from children or users that we have reason to believe are under the age of 18. However, if a parent learns that a child has submitted Personal Information to our website, the parent should contact us and that information will be deleted.

  1. Links 

The GRC 20/20 Site contains links to other Sites, but we cannot be responsible for the privacy policies of other Sites. We encourage you to read the privacy statements of each Site you visit.

  1. Do Not Track’ notifications.

Some browsers allow you to automatically notify websites you visit not to track you using a “Do Not Track” signal. There is no consensus among industry participants as to what “Do Not Track” means in this context. Like many websites and online services, we currently do not alter our practices when we receive a “Do Not Track” signal from a visitor’s browser.

  1. Notification of Changes 

We may change this Privacy Policy from time to time. We will post any changes here, so be sure to check back periodically. Your use of the Site constitutes your agreement to the terms in effect at the time of your use.

Subject to certain exceptions prescribed by law, you have a right to access or request correction or deletion of most personal data that we have about you. In some circumstances, it may not be possible for us to provide you with all of your personal data. For instance, there may be instances where disclosing the requested information would impact the privacy of another individual. Where we cannot provide access to personal data held about you, we will tell you why.

If you think that any personal data we hold about you is inaccurate, you may contact us using the contact details below and we will take reasonable steps to ensure that the information is corrected. We may take steps to verify your identity before providing you access to your personal data.

If you send any request for access to or correction of your personal data, we will do our best to respond within a reasonable period after your request.  We may retain all information you submit for backups, archiving, prevention of fraud, legal compliance or where we have a legitimate reason to do so. 

To:

  • ask questions about this Privacy Statement or our privacy practices
  • to obtain a copy of this Privacy Statement in paper format
  • request access to information that we have about you
  • correct any information you have provided
  • delete information that we have about you

you may contact us electronically at [email protected].