ORC Worldwide Website Privacy Notice

Thank you for visiting ORC Worldwide’s website. Your privacy is important to us. To better protect your privacy, ORC provides this notice explaining how we collect, use, and protect personal information (e.g., information that identifies you as an individual, such as your name, address, telephone number and credit card information) that you may provide when accessing and using the services available on this site. We do not collect personal information about you, unless you specifically and knowingly provide such information to us.

This privacy notice was last updated on June 5, 2003. If we need to change our privacy policy in the future, we will post those changes as soon as they go into effect. Please check this page periodically to ensure that you are aware of any change.

The Information ORC May Collect

At various pages of this site, you can subscribe to our services, order and purchase products, and participate in our online surveys and forums. The types of personal information that may be collected at these pages include your: name, address, e-mail address, telephone number, fax number, credit card information, company information, and information about your interests in and use of the various services, products, and programs offered through this site.

We also may collect certain non-personal information when you visit our web pages such as the type of browser and operating system you are using and the domain name of your Internet service provider.

How the Information is Used

We may use the information you provide about yourself to fulfill your requests for our services, products, and programs, to respond to your inquiries about our offerings, and to offer you other services, products, or programs that we believe may be of interest to you.

We sometimes use this information to communicate with you, such as to notify you when we make changes to our subscriber agreements, to fulfill a request by you for a survey, or to contact you about your account or membership with us.

The information we collect in connection with our online forums is used to provide an interactive experience. We use this information to facilitate participation in these forums and, from time to time, to offer you other services, products, or programs.

We sometimes use the non-personal information that we collect to improve the design and content of our site. We also may use this information in the aggregate to analyze site usage, as well as to offer you services, products, or programs.

We will disclose information we maintain when required to do so by law, for example, in response to a court order or a subpoena. We also may disclose such information in response to a law enforcement agency's request.

Agents and contractors of ORC who have access to personal information are required to protect this information in a manner that is consistent with this privacy notice by, for example, not using the information for any purpose other than to carry out the services they are performing for ORC.

Although we take appropriate measures to safeguard against unauthorised disclosures of personal information, we cannot assure you that personal information that we collect will never be disclosed in a manner that is inconsistent with this privacy notice. Inadvertent disclosures may result, for example, when third parties misrepresent their identities in requesting access to personal information about themselves for purposes of correcting possible factual errors in the data.

We will not use or transfer personally identifiable information provided to us in ways unrelated to the ones described above without providing you with an opportunity to opt out of these unrelated uses.

Information Collected by Third-Parties

Some of our web pages contain links to other sites whose information practices may be different than ours. Visitors should consult the other sites' privacy notices, as we have no control over information that is submitted to, or collected by, these third parties.

Cookies

To enhance your experience with our site, some of our web pages use "cookies." Cookies are text files we place in your computer's browser to store your preferences. Cookies, by themselves, do not tell us your e-mail address or other personal information unless you choose to provide this information to us by, for example, registering at our site. However, once you choose to furnish the site with personal information, this information may be linked to the data stored in the cookie.

We use cookies to understand site usage and to improve the content and offerings on our site. For example, we may use cookies to personalise your experience at our web pages (e.g., to recognise your name when you return to our site), save your password in password-protected areas, and enable you to use shopping carts on our site. We also may use cookies to offer you services, products, or programs.

Security

We have put in place appropriate physical, electronic, and managerial procedures to safeguard and help prevent unauthorised access, maintain data security, and correctly use the information we collect online.

1. Access Control of Persons

ORC shall implement suitable measures in order to prevent unauthorised persons from gaining access to the data processing equipment where the data transferred by clients are processed.

This shall be accomplished by:

a. Establishing security areas,
b. Protection and restriction of access paths;
c. Securing the decentralised data processing equipment and personal computers;
d. Establishing access authorisations for employees and third parties, including the respective documentation;
e. Identification of the persons having access authority;
f. Restriction on keys;
g. Code card passes;
h. Time recording equipment

2. Data Media Control

ORC undertakes to implement suitable measures to prevent the unauthorised reading, copying, alteration, or removal of the data media used by ORC and containing, personal data of the cardholders.

This shall be accomplished by:

a. Designating the areas in which data media may/must be located;
b. Designating, the persons in such areas who are authorised to remove data media;
c. Controlling the removal of data media;
d. Securing the areas in which data media are located;
e. Release of data media to only authorised persons;
f. Control of files, controlled and documented destruction of data media;
g. Polices controlling the production of back-up copies.

3. Data Memory Control

ORC undertakes to implement suitable measures to prevent unauthorised data input into memory and the unauthorised reading, alteration or deletion of the stored data on cardholders.

This shall be accomplished by:

a. An authorisation policy for the input of data into memory, as well as for the reading, alteration and deletion of stored data
b. Authentication of the authorised personnel
c. Protective measures for the data input into memory, as well as for the reading, alteration and deletion of stored data
d. Utilisation of user codes (passwords)
e. Use of encryption for critical security files
f. Specific access rules for procedures, control cards, process control methods, programme cataloging authorisation
g. Guidelines for data file organisation
h. Keeping records of data file use
i. Separation of production and test environment for libraries and data files
j. Providing that entries to data processing facilities (the rooms housing the computer hardware and related equipment) are capable of being locked
k. Automatic log-off of user ID's that have not been used for a substantial period of time

4. User Control

ORC shall implement suitable measures to prevent its data processing systems from being used by unauthorised persons by means of data transmission equipment.

This shall be accomplished by:

a. Setting firewall/router screening in place to restrict access to only HTTP and SSL
b. Isolating commerce server from other networks and systems through firewall IPFiltering
c. Identification of the terminal and/or the terminal user to the ORC system
d. Automatic turn-off of the user ID when several erroneous passwords are entered, log file of events, (monitoring of break-in-attempts)
e. Issuing and safeguarding of User IDs and Passwords
f. Dedication of individual terminals and/or terminal users, identification characteristics exclusive to specific functions
g. Evaluation of login records

5. Personnel Control

Upon request, ORC shall provide clients with a list of ORC employees entrusted with processing the personal data transferred by clients, together with a description of their access rights.

6. Access Control to Data

ORC commits that the persons entitled to use ORC's data processing system are only able to access the data within the scope and to the extent covered by their respective access permission (authorisation).

This shall be accomplished by:

a. Allocation of individual terminals and /or terminal user, and identification characteristics exclusive to specific functions
b. Functional and/or time-restricted use of terminals and/or terminal users, and identification characteristics
c. Persons with function authorisation codes (direct access, batch processing) access to work areas
d. Electronic verification of authorisation
e. Not leaving unattended terminals that can access personal data when logged on and the clearing the screen of personal data after use
f. Staff who have contact with personal data taking care that this is kept away from people not entitled to see it
g. Staff who process personal data locally ensuring that floppy disk files of personal data are removed from their machine and stored securely when not in use and are erased and reformatted when no longer required
h. Evaluation of records

7. Transmission Control

ORC shall be obligated to enable the verification and tracing of the locations/destinations to which the cardholders' data are transferred by utilisation of ORC's data communication equipment/devices.

This shall be accomplished by:

a. Documentation of the retrieval and transmission programs
b. Documentation of the remote locations/destinations to which a transmission is intended, and of the transmission paths (logical paths)

8. Input Control

ORC shall provide for the retrospective ability to review and determine the time and the point of the cardholders' data entry into ORC's data processing system.

This shall be accomplished by:

a. Proof established within ORC's organisation of the input authorisation;
b. Electronic recording of entries.

9. Transport Control

ORC and CyberSource (ORC’s electronic payment provider) shall implement suitable measures to prevent the cardholders' personal data from being read, copied, altered or deleted by unauthorised parties during the transmission thereof or during the transport of the data media.

This shall be accomplished by:

a. Encryption of the data for on-line transmission through use of Secure Socket Layer (SSL)
b. Monitoring of the completeness and correctness of the transfer of data (end-to-end check).

How You Can Access or Correct Personal Information

If you need to review, update, correct or change the personal information that this site has collected about you, please contact us at info@orcww.com or call us at 212-719-3400. To protect your privacy and security, we will take reasonable steps to help verify your identity before granting access or making corrections.

How to Contact ORC

If you have any questions or concerns about this privacy notice or its implementation, please contact us at info@orcww.com or call us at 212-719-3400.

Organization Resources Counselors, Inc.
Registered in England No: FCO12412
Registered Office: Liscartan House, 127/131 Sloane Street, London SW1X 9BA

Copyright © 2003, ORC Worldwide. All rights reserved.