• Introduction

    Morley Companies, Inc. is a corporation incorporated under the laws of the State of Michigan, with its head office at One Morley Plaza, Saginaw, Michigan 48603 in the United States of America.

    For purposes of this Privacy Policy, references to “Morley,” the “Company,” “we,” “our,” and “us” mean Morley Companies, Inc., which is a marketing firm that operates domestically in the United States and on an international basis. Morley owns and operates the website at www.morleycompanies.com (the “Website”) and has three business units: Business Process Outsourcing, Meetings & Incentives, and Exhibits & Displays.

    We reserve the right to change, modify, add, or remove portions of this Privacy Policy from time to time. We will not, however, retroactively change how we share your personal information without your consent. We will provide notice of any material changes by any means as we deem appropriate before they take effect. Please check back periodically for any changes we may make to the Privacy Policy. Your continued use of the Service following the posting of changes to this Privacy Policy means you accept these changes.

    Morley’s Chief Privacy Officer ensures that obligations arising from the Privacy Policy are enforced and that laws, such as those in the United States, Canada, the European Union (“EU”), the European Economic Area (“EEA”), and Australia, are observed.

    This statement explains what we do with your personal information when you visit our Website, when you register to use our Service, and when you communicate with us.

    If you have questions about our collection, use, or disclosure of your personal information, or if you want to exercise your rights, explained further below, you can contact our Chief Privacy Officer by emailing privacy@morleynet.com or by writing to us at One Morley Plaza, Saginaw, Michigan 48603.

    Information We May Collect About You & How We Collect It

    We may collect and process the following information about you:

    Information you give us: You may give us information about you by filling out the registration form on our registration site or by corresponding with us by phone, email, via our Website or otherwise. This includes information you provide when you register for our Service. The information you give us may include:

    • Name
    • Address
    • Email address
    • Phone number
    • Date of birth
    • Passport or foreign personal identification number
    • Debit/credit card account information
    • Gender
    • Employer information
    • Personal description or photograph
    • Travel dates
    • Country of origin/destination
    •  

    Information we receive from third parties: We obtain information from third parties, such as an employer or medical practitioners assisting us and our client with a marketing research study. If we reached out to you to invite you to register for our Service, it was because your employer or another entity gave us your contact information to do so. Your employer or that entity did so because they thought you would be interested in our Service or they specifically wanted you to register for our Service for a business-related event or travel experience.

    Log files: As you navigate through and interact with our Website, we automatically collect information about your computer hardware and software. This information can include your IP address, browser type, domain names, internet service provider (ISP), the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, clickstream data, access times, and referring website addresses. This information is used by us for the operation of the Service, to maintain quality of the Service, and to provide general statistics regarding use of the Website. For these purposes, we do link this automatically collected data to Personal Information such as name, email address, address, and phone number.

    Tracking technologies and advertising: You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe’s website. If you disable or refuse cookies, please note that some parts of this site may then be inaccessible or not function properly. This type of technology includes the following:

    • Google Analytics We use Google Analytics, which Google collects, and use the information shared by sites and apps to deliver our services, maintain and improve them, develop new services, measure the effectiveness of advertising, protect against fraud and abuse, and personalize content and ads you see on Google and on our partners’ sites and apps. To learn more about the Company’s use of Google Analytics and what Google Analytics does, please see How Google uses information from sites or apps that use our services.

      If you do not want your data collected with Google Analytics, you can install the Google Analytics opt-out browser add-on. This add-on instructs the Google Analytics JavaScript (ga.js, analytics.js, and dc.ja) running on websites to prohibit sending information to Google Analytics.

      To opt-out of Analytics for the web, visit the Google Analytics opt-out page and install the add-on for your browser. For more details on installing and uninstalling the add-on, please see the relevant help resources for your specific browser.

      Updates to your browser or operating system may affect functionality of the opt-out add-on. Learn about managing add-ons for Chrome here. If you are not using Chrome, check directly with the manufacturer of your browser to determine whether add-ons will function properly on the browser version that you are using.

      The latest versions of Internet Explorer sometimes load the Google Analytics opt-out add-on after sending data to Google Analytics. Therefore, if you are using Internet Explorer, the add-on will set cookies on your computer. These cookies ensure that any collected data is immediately deleted from the collection server. Please make sure that third-party cookies aren’t disabled for your Internet Explorer browser. If you delete your cookies, the add-on will, within a short time frame, reset these cookies to ensure that your Google Analytics browser add-on remains fully functional.

      The Google Analytics opt-out browser add-on does not prevent data from being sent to the website itself or in other ways to web analytics services.

      Learn about how Google Analytics collects, uses, and processes data  here.

      Learn about the cookies Google Analytics uses here.  
    •  

    Our Use of Sub-Contractors/Processors

    We are also responsible for all personal information that we provide to subcontractors/processors and agents for processing to help us in serving our clients. It is the responsibility of the Morley staff person proposing or supervising such activities to ensure that the written contract with the outside party will afford a comparable level of protection while the personal information is being processed by such third party. This will usually mean the provision of a copy of this Privacy Policy to such third party and the written acknowledgement from such third party that it will be bound by the policy. In some cases, that will require the third party to enter into a separate contract with us, e.g., a Data Processing Agreement that ensures their processing of your information is compliant with all relevant and applicable laws as they may be applicable to you. Further provisions may include the return of all personal information to us upon completion, an agreement not to use such information except for our purposes, and the destruction of any remaining records in the possession of the third party. Finally, the third party must agree to advise Morley immediately of any concerns or objections expressed by individuals, and of any breaches of this Privacy Policy. Care shall be taken to select only contractors, processors or other third parties who can guarantee the technical and organizational requirements and security provisions necessary for the processing.

    How We Use the Information We Collect

    Compliance With Our Privacy Policy

    We use the information we collect only in compliance with this Privacy Policy. Customers who use Service are obligated through our agreements with them to comply with this Privacy Policy.

    We Never Sell Personal Information

    We will never sell your Personal Information to any third party.

    Use of Personal Information

    In addition to the uses identified elsewhere in this Privacy Policy, we may collect, use, or otherwise hold information about you for the following purposes:

    • To deliver the Service to you;
    • To correspond and communicate to you with respect to delivering the Service;
    • To notify you about any changes to our Service to you;
    • To allow you to participate in the Service;
    • To process your registration;
    • We use credit/debit card information solely to collect payment from you and we use a third-party service provider to manage that processing, and they are not permitted to store, retain, or use that information except for the sole purpose of processing credit/debit information on our behalf;
    • As part of our efforts to keep you safe and secure;
    • To assist clients, including their employees and members of their supplier and sales and distribution networks, with their event planning, group and individual travel programs, tradeshow management and participation, interactive services, including the teleservices and database management projects, market research data collection and analysis, and other services offered by us;
    • To operate and manage customer loyalty programs where clients provide us with personal information related to their clients, employees (which may include you), suppliers, and distributors. Examples of which include, but are not limited to, credit and debit card reward programs, sales incentives and other loyalty-based marketing programs.
    • To design, develop, operate, and manage market research studies for clients, including studies where, to preserve the integrity of the research, the identity of the organization commissioning the study is not disclosed to the participants;
    • To identify and communicate with individuals interested in receiving information about our Service or other marketing information;
    • To comply with governmental regulations or to respond to a subpoena or other governmental, court, administrative order/requirement;
    • To hire, train, and manage our staff;
    • To support the functions of our human resources management, including the coordination of third-party vendors that provide insurance and personal financial services such as retirement planning and savings and investment accounts;
    • To operate our Website and Morley-operated client websites in support of client projects;
    • To carry on our business and serve our customers as described above;
    • For other purposes with your consent;
    • We may combine information received from other sources with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above.

    The collection of personal information shall be limited to that which is necessary for the purposes identified above.

    Legal Basis for Processing Personal Information (EEA visitors only)

    If you are a visitor/customer located in the EEA, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, where it is necessary to protect your vital interests or those of another person, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you.

    If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information). Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.

    Who We Share Your Personal Information With & Why

    We may share non-personally identifiable information, such as aggregated user statistics, with third parties. We do not share your personal information with third parties for third-party marketing purposes, or for any other purpose other than as described in this Privacy Policy.

    We may share the information we have collected about you, including personal information, as disclosed at the time you provide your information and in the following circumstances:

    Internally with our employees/agents: We will share your information with our employees/agents who are responsible for providing you the Service in line with the scope of their employment/agency with us.

    Third parties providing services on our behalf: We share your personal information with third parties, such as payment processors, excursion companies, hotel/lodging accommodations, etc., to allow them to provide you the Service as they are specific to their particular role. For example, we share your payment information with payment processors to allow them to charge your relevant debit/credit account for the Service. We share your name information with hotel/lodging and accommodation entities and excursion companies to allow them to reserve you a room/space in their hotel/lodging facility and/or on their excursion, as relevant. This information is shared for the sole purpose of allowing us to provide you the Service. These companies are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which Morley discloses it to them. We may use: (a) third-party analytics service providers and (b) ad-serving platforms, such as Google and Facebook, which may set and access their own cookies and web beacons on your device. These parties may have access to usage information. They may also have access to pseudonymous or anonymous information about you (such as a unique identification number), which may be combined or associated with information from other sources to identify you.

    Where we use sub-contractors/processors to provide the Service: Any such sub-contractor/processor will only use your personal information for the purposes of providing services to us and will have no right to use your personal information for its own purposes or to share or otherwise disclose your personal information. We use third-party payment processing services when you make payment through our site. We do not have access to any credit card or other financial information processed by the third party.

    Business transfer: We reserve the right to disclose and transfer all information related to the Service, including, without limitation, your personal information, demographic information and usage information: (i) to a subsequent owner, co-owner or operator of the Service or applicable database; or (ii) in connection with a corporate merger, consolidation, restructuring, the sale of substantially all of our stock and/or assets or other corporate change, including, without limitation, during the course of any due diligence process.

    Legal obligations: If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of the Company, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

    Compliance: Where we are requested to provide information by authorized third parties or regulatory or governmental agencies investigating illegal activities.

    Emergency:Where we believe that an emergency, illegal activity or some other reasonable basis exists for notifying the relevant authority.

    Other information:

    • Cross-Border Transfers & Data Storage: The Service is hosted on U.S. servers. The data that we collect from you may be transferred to, and stored at, a destination outside the EEA and may also be processed by staff operating outside the EEA who work for us or for one of our processors. Such staff may be engaged in, among other things, hosting or maintaining our Website, the processing of your payment details and the provision of support services. Any personal information you provide to us will be processed and stored on servers in the U.S., the laws of which may be deemed by other countries to have inadequate data protection. Accordingly, if you are located outside the U.S., you consent and continue to consent to the processing, transfer, and storage of such data in the U.S. and outside the U.S. We have agreements in place with our contractors and processors that include standard contractual clauses to protect your rights with respect to your data. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.
    • Do Not Track: Some browsers incorporate a “Do Not Track” (DNT) feature that, when turned on, signals to websites and online services that you do not want to be tracked. At this time, the Service does not respond to DNT signals.
    • California Resident Privacy Rights: California Civil Code Section § 1798.83 permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to privacy@morleynet.com.
    • Children Under the Age of 13: Our Service, including use of the Website, is not intended for children under 13 years of age. No one under age 13 may provide any personal information to or on the Website. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on this Website or on or through any of its features, register on the Website, make any purchases through the Website, use any of the interactive or public comment features of this Website or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at privacy@morleynet.com.

    Your Choices & Rights

    If you choose not to provide personal information, you may be unable to access or use the Service as we simply may not be able to perform required functions.

    User Data Subject Rights (EEA Visitors Only)

    The EU General Data Protection Regulation (“GDPR”) became effective in the European Union as of May 25, 2018. In preparation for the GDPR, we reviewed our internal processes and put policies and procedures in place to attempt to meet the requirements and standards of the GDPR and any relevant data protection laws.

    We are not established in the EEA; however, the following apply to individuals whose personal information is processed in the EEA to allow those individuals to understand and enforce their data protection rights.

    EEA Users have the following rights:

    • You can request access, correction, updates, or deletion of your personal information.
    • You can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information.
    • If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
    • You have the right to withdraw your consent to our collection and/or processing of your information at any time by contacting us.
    • You have the right to complain to a data protection authority about our collection and use of your personal information. Contact details for data protection authorities in the EEA, Switzerland and certain non-European countries (including the U.S. and Canada) are available here.)
    • When the processing of your personal data is for direct marketing purposes, you have the right to object to subject processing.

    To exercise any of your data subject rights, please contact us at privacy@morleynet.com. We will respond to your request without undue delay, and, in any event, within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests we receive. If we take an extension, we shall inform you within one month of our receipt of the original request, together with the reasons for delay.

    In the event your personal data of which we collected was subject to a Personal Data Breach (defined below), we will notify you and competent Supervisory Authority(ies) within 72 hours by email with information about the extent of the breach, affected data, any impact, and our plan for measures to secure the data and limit any possible detrimental effect on you. A “Personal Data Breach” is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

    Information Security & Technical & Organizational Measures

    The Company takes the privacy and security of individuals and their personal information very seriously, and we take every reasonable measure and precaution to protect and secure the personal data that we process. We have robust information security policies and procedures in place to protect personal information from unauthorized access, alteration, disclosure, or destruction and have several layers of security measures, including:

    • Encryption using certificates from trusted certificate authorities
    • Security by design
    • Edge and internal firewalls to segregate roles
    • Segregation of datasets
    • Physical and digital access controls
    • A complex passphrase policy
    • Off-site backups
    • Regular patch cycle and reporting
    • Regular penetration and vulnerability testing by external specialists

    Effective Date: February 15, 2019

    Last Modified: February 15, 2019