• Introduction

    Morley Companies, Inc. is a corporation incorporated under the laws of the State of Michigan, with its head office at One Morley Plaza, Saginaw, Michigan 48603 in the United States of America.

    For purposes of this Privacy Policy, references to “Morley,” the “Company,” “we,” “our,” and “us” mean Morley Companies, Inc. Morley owns and operates the website at www.morleycompanies.com (the “Website”) and has three business units: Business Process Outsourcing, Meetings & Incentives, and Exhibits & Displays. "Service" refers to any of the services of these business units, our interaction with current or potential clients or their customers, employment candidates, or other communications related to Morley business and operations. 

    We reserve the right to change, modify, add or remove portions of this Privacy Policy from time to time. Please check back periodically for any changes we may make to the Privacy Policy. Your continued use of this site or our Services following the posting of changes to this Privacy Policy means you accept these changes.

    Morley’s Chief Privacy Officer ensures that obligations arising from the Privacy Policy are enforced and that laws, such as those in the United States, Canada, the European Union (“EU”), the European Economic Area (“EEA”) and Australia, are observed.

    This statement explains what we do with your personal information when you visit our Website, when you register to use our Service and when you communicate with us.

    If you have questions about our collection, use or disclosure of your personal information, or if you want to exercise your rights, explained further below, you can contact our Chief Privacy Officer by emailing privacy@morleynet.com or by writing to us at One Morley Plaza, Saginaw, MI 48603, Attn: Privacy Officer.

    Information We May Collect About You & How We Collect It

    We may collect and process the following information about you:

    Information you give us: You may give us information about you by filling out the registration form on our registration site or by corresponding with us by phone, email, chat, via our Website or otherwise. This includes information you provide when you register for our Service. The information you give us may include:

    • Name
    • Address
    • Email address
    • Phone number
    • Date of birth
    • Passport or foreign personal identification number
    • Debit/credit card account information
    • Gender
    • Employer information
    • Personal description or photograph
    • Travel dates
    • Country of origin/destination
    •  

    Information we receive from third parties: We may obtain information from third parties, such as an employer assisting us and our client with a marketing research study. If we reached out to you to invite you to register for our Service, it may have been because your employer or another entity gave us your contact information to do so. Your employer or that entity did so because they thought you would be interested in our Service or they specifically wanted you to register for our Service for a business-related event or travel experience. We also may have contacted you for business opportunities, recruitment purposes or other operational purposes.

    Log files: As you navigate through and interact with our Website, we automatically collect information about your computer hardware and software. This information can include your IP address, browser type, domain names, internet service provider (ISP), the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, clickstream data, access times and referring website addresses. We use this information for the operation of the Service, to maintain quality of the Service and to provide general statistics regarding use of the Website. For these purposes, we do link this automatically collected data to personal information such as name, email address, address and phone number.

    Tracking technologies and advertising: You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe’s website. If you disable or refuse cookies, please note that some parts of this site may then be inaccessible or not function properly. This type of technology includes the following:

    • Google Analytics: We use Google Analytics, which Google collects, and use the information shared by sites and apps to deliver our services, maintain and improve them, develop new services, measure the effectiveness of advertising, protect against fraud and abuse, and personalize content and ads you see on Google and on our partners’ sites and apps. To learn more about the Company’s use of Google Analytics and what Google Analytics does, please see How Google uses information from sites or apps that use our services.

      If you do not want your data collected with Google Analytics, you can install the Google Analytics opt-out browser add-on. This add-on instructs the Google Analytics JavaScript (ga.js, analytics.js, and dc.ja) running on websites to prohibit sending information to Google Analytics.

      To opt-out of Analytics for the web, visit the Google Analytics opt-out page and install the add-on for your browser. For more details on installing and uninstalling the add-on, please see the relevant help resources for your specific browser.

      Updates to your browser or operating system may affect functionality of the opt-out add-on. Learn about managing add-ons for Chrome here. If you are not using Chrome, check directly with the manufacturer of your browser to determine whether add-ons will function properly on the browser version that you are using.

      The latest versions of Internet Explorer sometimes load the Google Analytics opt-out add-on after sending data to Google Analytics. Therefore, if you are using Internet Explorer, the add-on will set cookies on your computer. These cookies ensure that any collected data is immediately deleted from the collection server. Please make sure that third-party cookies aren’t disabled for your Internet Explorer browser. If you delete your cookies, the add-on will, within a short time frame, reset these cookies to ensure that your Google Analytics browser add-on remains fully functional.

      The Google Analytics opt-out browser add-on does not prevent data from being sent to the website itself or in other ways to web analytics services.

      Learn about how Google Analytics collects, uses and processes data here.

      Learn about the cookies Google Analytics uses here.  

    Our Use of Subcontractors/Processors

    We are also responsible for all personal information that we provide to subcontractors/processors and agents for processing to help us in serving our clients. It is the responsibility of the Morley staff person proposing or supervising such activities to ensure that the written contract with the outside party will afford a comparable level of protection while the personal information is being processed by such third party. This will usually mean the provision of a copy of this Privacy Policy to such third party and the written acknowledgement from such third party that it will be bound by the policy.

    In some cases, that will require the third party to enter into a separate contract with us, e.g., a Data Processing Agreement that ensures their processing of your information is compliant with all relevant and applicable laws as they may be applicable to you. Further provisions may include the return of all personal information to us upon completion, an agreement not to use such information except for our purposes, and the destruction of any remaining records in the possession of the third party.

    Finally, the third party must agree to advise Morley immediately of any concerns or objections expressed by individuals, and of any breaches of this Privacy Policy.

    Care shall be taken to select only contractors, processors or other third parties who can guarantee the technical and organizational requirements and security provisions necessary for the processing.

    How We Use the Information We Collect

    Compliance With Our Privacy Policy

    We use the information we collect only in compliance with this Privacy Policy. Customers who use Service are obligated through our agreements with them to comply with this Privacy Policy.

    We Never Sell Personal Information

    We will never sell your personal information to any third party.

    Use of Personal Information

    In addition to the uses identified elsewhere in this Privacy Policy, we may collect, use or otherwise hold information to facilitate communication and delivery of our Service that you have given us information for in order for us to provide the Service and/or to perform our contract obligations with our clients, which are likely your employer or your spouse/partner's employer.

    In addition, we may process your information and information about you for the following purposes:

    • To deliver the Service to you;
    • To correspond and communicate to you with respect to delivering the Service;
    • To notify you about any changes to our Service to you;
    • To allow you to participate in the Service;
    • To process your registration;
    • To collect payment from you – We use credit/debit card information solely to collect payment from you, and we use a third-party service provider to manage that processing, and that provider is not permitted to store, retain or use that information except for the sole purpose of processing credit/debit information on our behalf;
    • As part of our efforts to keep you safe and secure;
    • To assist clients, including their employees and members of their supplier and sales and distribution networks, with their event planning, group and individual travel programs, trade show management and participation, interactive services, including the teleservices and database management projects, market research data collection and analysis, and other services offered by us;
    • To operate and manage customer loyalty programs in which clients provide us with personal information related to their clients, employees (which may include you), suppliers and distributors. Examples include, but are not limited to, credit and debit card reward programs, sales incentives and other loyalty-based marketing programs.
    • To design, develop, operate and manage market research studies for clients, including studies for which, to preserve the integrity of the research, the identity of the organization commissioning the study is not disclosed to the participants;
    • If you use one of our applications to register for an event/meeting, we will use the email address you provided to send you information and announcements relating to that event; 
    • If you use one of our applications to pay for event registration fees or for hotel incidentals or for other products or services, we will pass that information on to payment card processors to validate and process the payment information and to otherwise complete the transaction; 
    • When you use your social media credentials to share information or log in to one of our applications, as that functionality might be available, we will share information with your social media account provider, and that information will be governed by the social media platform's privacy, cookie and other relevant policies;
    • To identify and communicate with individuals interested in receiving information about our Service or other marketing information;
    • To comply with governmental regulations or to respond to a subpoena or other governmental, court or administrative order/requirement;
    • To hire, train and manage our staff;
    • To support the functions of our human resources management, including the coordination of third-party vendors that provide insurance and personal financial services such as retirement planning and savings and investment accounts;
    • To recruit and correspond with candidates, potential candidates and new hires, whether via our applicant tracking system or otherwise;
    • To operate our Website and Morley-operated client websites in support of client projects;
    • To carry on our business and serve our customers as described above;
    • For other purposes with your consent;
    • To deliver to a third party in the event of a merger, divestiture, restructuring, recapitalization, reorganization, dissolution or other sale or transfer of some or all Morley's assets, whether as a continuing operating business or as part of bankruptcy, liquidation or similar proceeding, in which personal data held by Morley about clients is among the assets transferred;
    • For our internal business purposes that include administering access and use of our applications, data analysis, securely identifying users upon logging on to an application, enhancing or modifying our Service, determining the effectiveness of our promotional campaigns, billing for the Service and operating our business;
    • As we believe to be necessary or appropriate (a) under applicable law, including laws outside your country of residence; (b) to respond to requests from public and government authorities including public and government authorities outside your country of residence; and (c) to protect against or identify fraudulent transactions; 
    • We may combine information received from other sources with information you give to us and information we collect about you, and we may use this information and the combined information for the purposes set out above.

    The collection of personal information shall be limited to that which is necessary for the purposes identified above.

    Legal Basis for Processing Personal Information (EEA visitors only)

    If you are a visitor/customer located in the EEA, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, where it is necessary to protect your vital interests or those of another person, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you.

    If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information). Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.

    Who We Share Your Personal Information With & Why

    We may share non-personally identifiable information, such as aggregated user statistics, with third parties. We do not share your personal information with third parties for third-party marketing purposes, or for any other purpose other than as described in this Privacy Policy.

    We may share the information we have collected about you, including personal information, as disclosed at the time you provide your information and in the following circumstances:

    Internally with our employees/agents: We will share your information with our employees/agents who are responsible for providing you the Service in line with the scope of their employment/agency with us.

    Third parties providing services on our behalf: We share your personal information with third parties, such as payment processors, excursion companies, hotel/lodging accommodations, vendors, etc., to allow them to provide you the Service as they are specific to their particular role. For example, we share your payment information with payment processors to allow them to charge your relevant debit/credit account for the Service. We share your name information with hotel/lodging and accommodation entities and excursion companies to allow them to reserve you a room/space in their hotel/lodging facility and/or on their excursion, as relevant. This information is shared for the sole purpose of allowing us to provide you the Service. These companies are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which Morley discloses it to them. We may use: (a) third-party analytics service providers and (b) ad-serving platforms, such as Google and Facebook, which may set and access their own cookies and web beacons on your device. These parties may have access to usage information. They may also have access to pseudonymous or anonymous information about you (such as a unique identification number), which may be combined or associated with information from other sources to identify you.

    Where we use subcontractors/processors to provide the Service: Any such subcontractor/processor will only use your personal information for the purposes of providing services to us and will have no right to use your personal information for its own purposes or to share or otherwise disclose your personal information. We use third-party payment processing services when you make payment through our site. We do not have access to any credit card or other financial information processed by the third party.

    Business transfer: We reserve the right to disclose and transfer all information related to the Service, including, without limitation, your personal information, demographic information and usage information: (i) to a subsequent owner, co-owner or operator of the Service or applicable database; or (ii) in connection with a corporate merger, consolidation, restructuring, the sale of substantially all of our stock and/or assets or other corporate change, including, without limitation, during the course of any due diligence process.

    Legal obligations: If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of the Company, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

    Compliance: Where we are requested to provide information by authorized third parties or regulatory or governmental agencies investigating illegal activities.

    Emergency:Where we believe that an emergency, illegal activity or some other reasonable basis exists for notifying the relevant authority.

    Other information:

    • Cross-Border Transfers & Data Storage: The Service is hosted on U.S. servers. The data that we collect from you may be transferred to, and stored at, a destination outside the EEA and may also be processed by staff operating outside the EEA who work for us or for one of our processors. Such staff may be engaged in, among other things, hosting or maintaining our Website, the processing of your payment details and the provision of support services. Any personal information you provide to us will be processed and stored on servers in the U.S., the laws of which may be deemed by other countries to have inadequate data protection.

      Accordingly, if you are located outside the U.S., you consent and continue to consent to the processing, transfer and storage of such data in the U.S. and outside the U.S. We have agreements in place with our contractors and processors that include standard contractual clauses to protect your rights with respect to your data. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.
    • Do Not Track: Some browsers incorporate a “Do Not Track” (DNT) feature that, when turned on, signals to websites and online services that you do not want to be tracked. At this time, the Service does not respond to DNT signals.
    • California Resident Privacy Rights:
      • Shine the Light
        Pursuant to Section 1798.83-.84 of the California Civil Code, residents of California have the right to request from a business, with whom the California resident has an established business relationship, what types of personal information, if any, the business shares with third parties for direct marketing purposes by such third party and the identities of the third parties with whom the business has shared such information in the immediately preceding calendar year. To access this information, please contact us by emailing privacy@morleynet.com with “CA Shine the Light Privacy Requests” in the subject line. Please note that, under the law, we are not required to respond to your request more than once in a calendar year, nor are we required to respond to any requests that are not sent to the above-designated email.
      • The California Consumer Privacy Act
        We collect information that identifies, relates to, describes, references, is capable of being associated with or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). We may have collected the following categories of personal information of California residents in the past 12 months:
        • Identifiers such as a name, postal address, Internet Protocol address, email address or other similar identifiers
        • Categories of personal information described in subdivision (e) of California Civil Code Section 1798.80
        • Characteristics of protected classifications under California or federal law
        • Commercial information, including records of products or services purchased or considered
        • Internet or other electronic network activity information
        • Geolocation data
        • Audio and visual information, such as customer service call recordings and photographs
        • Professional or employment-related information
        • Education information
        • Inferences drawn from any of the information identified above
        This information is collected and used for the purposes disclosed in this Notice. 

        Under the CCPA, you may have certain rights to your information, to delete your information or to stop the sale of your information. We do not sell your information and have not sold your information for any commercial or business purpose in the 12 months immediately preceding the posting of this updated Privacy Policy. If you wish to enforce any of your rights to information that we may process on behalf of our clients, please contact our client directly and make your request through their procedures. In most cases, this will be your employer. 
    • Children Under the Age of 13: Our Service, including use of the Website, is not intended for children under 13 years of age. No one under age 13 may provide any personal information to or on the Website. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on this Website or on or through any of its features, register on the Website, use any of the interactive or public comment features of this Website or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at privacy@morleynet.com.

    Your Choices & Rights

    If you choose not to provide personal information, you may be unable to access or use the Service as we simply may not be able to perform required functions.

    User Data Subject Rights (EEA Visitors Only)

    The EU General Data Protection Regulation (“GDPR”) became effective in the European Union as of May 25, 2018. In preparation for the GDPR, we reviewed our internal processes and put policies and procedures in place to attempt to meet the requirements and standards of the GDPR and any relevant data protection laws.

    We are not established in the EEA; however, the following apply to individuals whose personal information is processed in the EEA to allow those individuals to understand and enforce their data protection rights.

    Our legal basis for collecting and using your personal information will be our legitimate interest where the processing is in our, or a third party’s, legitimate interests and not overridden by your data protection interests, or fundamental rights and freedoms. These interests are to provide you with access to the Service; to send you information you have requested; to ensure the security of our Service by trying to prevent unauthorized or malicious activities; or, to enforce compliance with our terms of use, contracts and other policies. 

    EEA Users have the following rights:

    • You can request access, correction, updates or deletion of your personal information.
    • You can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information.
    • If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
    • You have the right to withdraw your consent to our collection and/or processing of your information at any time by contacting us.
    • You have the right to complain to a data protection authority about our collection and use of your personal information. Contact details for data protection authorities in the EEA, Switzerland and certain non-European countries (including the U.S. and Canada) are available.
    • When the processing of your personal data is for direct marketing purposes, you have the right to object to subject processing.

    To exercise any of your data subject rights, please contact us at privacy@morleynet.com. We will respond to your request without undue delay, and, in any event, within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests we receive. If we take an extension, we shall inform you within one month of our receipt of the original request, together with the reasons for delay.

    In the event your personal data that we collected was subject to a Personal Data Breach (defined below), we will notify you and competent Supervisory Authority(ies) within 72 hours by email with information about the extent of the breach, affected data, any impact, and our plan for measures to secure the data and limit any possible detrimental effect on you. A “Personal Data Breach” is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed.

    Information Security & Technical & Organizational Measures

    The Company takes the privacy and security of individuals and their personal information very seriously, and we take every reasonable measure and precaution to protect and secure the personal data that we process. We have robust information security policies and procedures in place to protect personal information from unauthorized access, alteration, disclosure or destruction and have several layers of security measures, including:

    • Encryption using certificates from trusted certificate authorities
    • Security by design
    • Edge and internal firewalls to segregate roles
    • Segregation of datasets
    • Physical and digital access controls
    • A complex passphrase policy
    • Off-site backups
    • Regular patch cycle and reporting
    • Regular penetration and vulnerability testing by external specialists

    Effective Date: February 15, 2019

    Last Modified: June 10, 2020