Privacy Policy
This Privacy Notice applies to Gordian’s collection and use of Personal Information (as defined below, and otherwise referenced as “Personal Data” in certain applicable privacy laws) of users (“Users” or “you,” “your,” or “yours”) of Gordian’s software, devices, websites, mobile applications, and other products and services provided by Gordian (collectively, the “Services”), or where such use or collection relates to consumer transactions or other interaction with Gordian. This Privacy Notice applies only to consumer transactions; it does not apply to Personal Information or Personal Data collected or used exclusively in the business-to-business context or the Human Resources context.
Please read this Privacy Notice carefully because it provides important information and explains your rights. This Privacy Notice outlines our collection and use practices for Users generally. For those Users who are subject to additional data privacy laws, such as the GDPR and CCPA, please see the additional Privacy Notice Addendums for your region (each, an “Addendum,” and collectively with the Privacy Notice, the “Notice”). Please visit this website from time to time, as we may update our Notice for changes in the law or our data practices. If you have any questions or concerns, or wish to exercise your privacy rights, we invite you to contact us by any of the methods listed at the bottom of this Notice.
PLEASE READ THIS NOTICE IN ITS ENTIRETY BEFORE USING ANY OF OUR SERVICES OR OUR WEBSITE. BY USING OUR WEBSITE OR ANY OF OUR SERVICES, YOU ARE ACKNOWLEDGING THAT YOU HAVE READ AND UNDERSTAND THIS NOTICE AND THAT YOU AGREE TO BE BOUND BY ITS TERMS.
IF YOU DO NOT AGREE TO BE BOUND BY THE TERMS OF THIS NOTICE, SIMPLY EXIT WITHOUT ACCESSING OR USING OUR WEBSITE OR ANY OF OUR SERVICES.
Who Are We?
We are The Gordian Group, Inc. (“Gordian”). Gordian is the leading provider of Building Intelligence™ Solutions for all phases of the building lifecycle, delivering unrivaled insights, robust technology and comprehensive expertise that fuel customers’ success.
We use your information as further explained in this Privacy Notice. As permitted by applicable law, we may use your Personal Information jointly with our affiliated operating companies worldwide and Fortive Corporation, our parent company.
Gordian’s address is:
30 Patewood Drive, Suite 350
Greenville, SC 29615
legal@gordian.com
Phone: 800-874-2291
Fortive Corporation’s address is:
6920 Seaway Boulevard
Everett, Washington, 98203 USA
What Does This Privacy Notice Cover?
We at Gordian take your personal data seriously. This policy:
- sets out the types of personal data that we collect about you;
- explains how and why we collect and use your personal data;
- explains how long we keep your personal data for;
- explains when, why and with who we will share your personal data;
- sets out the legal basis we have for using your personal data;
- explains the effect of refusing to provide the personal data requested;
- explains where we store your personal data and whether we transfer your data outside of the European Economic Area;
- explains the different rights and choices you have when it comes to your personal data; and
- explains how you can contact us.
What Personal Information Do We Collect About You?
It is routine for us to collect, process, and store Personal Information about you over the course of your relationship with us.
As used in this Notice and its Addendums, “Personal Information” (or “Personal Data”) means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. It does not include deidentified or aggregated information, or public information lawfully available from governmental records.
The following chart describes the categories of Personal Information we may have collected about you in the past 12 months:
Category of Personal Information (PI)
Sources from which PI was collected
Purpose of collection
Categories of entities with whom PI was shared
Categories of entities to whom PI was sold┼
Contact Information, such as name, email address, and phone number
Directly from you and from third parties
- to contact you to discuss the Services you receive from us;
- to respond to any questions or concerns you have raised;
- to deal with administrative matters such as invoicing, renewal or to audit customer transactions; and
- for marketing and advertising purposes
- Service providers, including to provide and support our data management, analytics, security, and storage systems;
- Group companies, for business and operational purposes
N/A
Demographic Information, such as Industry
Directly from you and from third parties
- for marketing and advertising purposes; and
- for internal research, analytics and development
- Service providers, including to provide and support our data management, analytics, security, and storage systems;
- Group companies, for business and operational purposes
N/A
Product Interest Preference
Directly from you
- for marketing and advertising purposes; and
- for internal research, analytics and development
- Service providers, including to provide and support our data management, analytics, security, and storage systems;
- Group companies, for business and operational purposes
N/A
Information collected using CCTV cameras (only if you visit one of our premises that use this technology)
From the use of our CCTV cameras. Where we have cameras on our premises, your image and movements may be recorded.
- for site security purposes
- Service providers, including to provide and support our data management, analytics, security, and storage systems;
- Group companies, for business and operational purposes
N/A
┼ This includes information purchased from third parties.
Additional collected information may include (1) any Personal Data entered into free text fields within our Service or when submitting customer service requests to us, and (2) if you are a customer of ours, any other Personal Data that you collect from employees, agents, contractors, and other applicable individuals and provide to Gordian for the purpose of providing Services. In exceptional cases we may also collect and process sensitive Personal Data about you, but only where we inform you in advance and you have given us your explicit consent.
What Categories of Personal Information Will We Collect in The Next 12 Months And Why?
We will continue to collect the same categories of Personal Information listed in the chart above, for the same purposes. If this should change, we will issue an updated Privacy Notice.
How Long Do We Keep Your Personal Information?
How long we keep your Personal Information will depend on the purpose for which we use it. We only keep your Personal Information for as long as is reasonably necessary for the purposes set out in this Notice and applicable Addendums and to fulfill our legal obligations. We have internal rules that set out how long we retain Personal Information. What this means in practice will vary as between different types of information, any ongoing need for the information, and our legal obligations (for example, relating to tax, health and safety, and potential or actual disputes or investigations).
Where Do We Collect Personal Data About You From?
We may collect Personal Data about you from the following sources:
- Directly from you. This is information you provide to us.
- From an agent or third party acting on your behalf, e.g., from one of our recruitment agencies.
- Through publicly available sources, such as LinkedIn or even by word of mouth.
- Using CCTV cameras. Where we have cameras on our premises, your image and movements will be recorded.
- Regarding our Services, some are available for use through a mobile app. These mobile apps are collecting location data constantly, whether the app is being actively used or not, according to user permissions as dictated by an Agreement between Gordian and its applicable client.
Additional Facts About How We Share Your Personal Information
The third parties with whom we share your Personal Information are bound to comply with similar and equally stringent undertakings of privacy and confidentiality.
We also share your Personal Information with third parties in the following circumstances:
- to comply with legal obligations;
- when we believe in good faith that an applicable law requires it;
- at the request of governmental authorities or other third parties conducting an investigation;
- to detect and protect against fraud, or any technical or security vulnerabilities;
- to respond to an emergency;
- to otherwise protect the rights, property, safety, or security of third parties, visitors to our websites, our businesses, or the public.
We do not grant access to your Personal Information to any other third parties unless we say so in this Privacy Notice or unless required by law.
We Do Not Knowingly Collect Personal Information of Minors
Our Services are not directed toward minors under the age of 18 and we do not knowingly collect or sell the Personal Information of minors.
How Do We Keep Your Personal Information Secure?
We provide for the security of your Personal Information by implementing a specific set of technical and organizational security measures that are based on controls published by the National Institute of Standards and Technology (NIST). These controls call for the use of encryption, firewalls, and other measures that ensure we provide a level of security appropriate to the risk presented by a particular situation. We implement and maintain reasonable security appropriate to the nature of the Personal Information that we collect, use, retain, transfer, or otherwise process. Our reasonable security program is implemented and maintained in accordance with applicable law.
While we are committed to developing, implementing, maintaining, monitoring, and updating a reasonable information security program, no such program can be perfect; in other words, all risk cannot reasonably be eliminated. Data security incidents and breaches can occur due to vulnerabilities, criminal exploits, or other factors that cannot reasonably be prevented. Accordingly, while our security program is designed to manage data security risks and help prevent data security incidents and breaches, it cannot be assumed that the occurrence of any given incident or breach results from our failure to implement and maintain reasonable security.
Who Do We Share Your Personal Information With?
We may share your Personal Information with third parties who provide services on our behalf to help with our business activities. Examples of third party service providers include email service providers to send out emails on our behalf, an employment management provider, or a credit card processing provider to process payments for certain transactions. These third parties comply with similar and equally stringent undertakings of privacy and confidentiality.
We may disclose your Personal Information (a) as required by law to comply with a subpoena, or similar legal process when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate or protect against fraud or any technical or security vulnerabilities, respond to an emergency or a government request, or otherwise to protect the rights, property, safety, or security of third parties, visitors to our website, our business, or the general public, and (b) to any other third party with your prior consent to do so.
We share your Personal Information with our other Fortive Group companies for internal reasons, primarily for business and operational purposes
As we continue to develop our business, we may sell or purchase assets. If another entity acquires us or merges with us your Personal Information will be disclosed to such entity.
If any bankruptcy or reorganization proceeding is brought by or against us, all such Personal Information will be considered an asset of ours and as such it is possible these assets will be sold or transferred to third parties.
What About Marketing?
Gordian would like to contact you from time to time about our Services and promotional offers by email, text message, telephone, and mail. Where we have already collected valid marketing permissions from you, you can always unsubscribe or opt out at any time by clicking the “Unsubscribe” link in any of our communication or by contacting us using the details at the end of this Privacy Notice.
We endeavor in good faith to adhere to self-regulatory advertising principles, such as the Digital Advertising Alliance’s Principles. If you are interested in learning more about and/or opting out of online behavioral advertising, sometimes called interest-based advertising, we encourage you to visit one of the advertising industry-developed opt-out pages, such as youradchoices.com or aboutads.info. Please note that while we provide these links for your convenience, we do not have access to, or control over, these third parties’ use of cookies or other tracking technologies.
Do We Respond To “Do Not Track” Signals?
No, we do not respond to browser or do not track signals.
How Do You Access or Request Deletion of Your Personal Information?
You can log into your account to access or request deletion of certain information about yourself, or you can do so by using the contact details set out at the end of this Privacy Notice.
What Rights Do You Have In Relation To The Personal Information We Hold On You?
Residents of certain jurisdictions may have the following additional privacy rights:
Your Right To Request Disclosure of Information We Collect and Share About You
We are committed to ensuring that you know what information we collect about you. You can submit a request to us for the following information:
- The categories of Personal Information we’ve collected about you.
- The categories of sources from which we collected the Personal Information.
- The business or commercial purposes for which we collected or sold the Personal Information.
- The third parties with whom we shared the information.
- The specific pieces of information we collected.
We are also committed to ensuring that you know what information we share about you. You can submit a request to us for the following further information:
- The categories of Personal Information (if any) about you that we have sold, the third parties to whom we sold that Information, and the categories of Personal Information sold to each third party.
- The categories of Personal Information that we have shared with Service Providers who provide services to us.
Your Right To Request The Deletion Of Personal Information We Have Collected From You
Upon your request, we will delete the Personal Information we have collected about you, except for situations where specific information is necessary
for us to: provide you with a good or service that you requested; perform a contract we entered into with you; maintain the functionality or security of our systems; or comply with or exercise rights provided by the law. The law also permits us to retain specific Personal Information for our exclusively internal use, but only in ways that are compatible with the context in which you provided the information to us or that are reasonably aligned with your expectations based on your relationship with us.
Your Right To Ask Us Not To Sell Your Personal Information
We do not sell Personal Information to third parties, but we may share information with our parent company or any affiliated companies.
We Are Committed To Honoring Your Rights
We are committed to providing consumer control over their Personal Information. If you exercise any of the rights explained in this Privacy Notice, we will continue to treat you fairly.
How Can You Make A Request To Exercise Your Rights or Contact Us?
If you would like to exercise any of your rights please submit a request using this form. If you have any questions or concerns regarding the processing of your personal information please contact us here:
The Gordian Group, Inc.
Attention: Gordian Legal Department
30 Patewood Drive, Suite 350
Greenville, SC 29615
USA
Or at legal@gordian.com. We are committed to ensuring that our communications are accessible to people with disabilities.
How Will We Handle A Request To Exercise Your Rights?
We’ll respond as soon as we can, generally within 45 days from when we receive your request, although we may be allowed to take longer to process your request in certain jurisdictions or under certain circumstances. If we expect your request is going to take us longer than normal to fulfill, we’ll let you know.
We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information in certain situations.
In some cases, the law may allow us to refuse to act on certain requests. When this is the case, we will endeavor to provide you with an explanation as to why.
How Will We Verify Your Identity When You Submit An Access or Deletion Request?
Requests For Specific Pieces of Personal Information
We will ask you for at least three pieces of Personal Information and endeavor to match those to information we maintain about you. Additionally, we require that you provide a declaration attesting to your identity, signed under penalty of perjury.
If we are unable to verify your identity with the degree of certainty required, we will not be able to respond to the request. We will notify you to explain the basis of the denial. Additionally, we will treat the request as one seeking disclosure of the categories of Personal Information we have collected about you and endeavor to verify your identity using the less-stringent standards applicable to such requests.
Requests For Categories of Personal Information Collected About You
We will ask you for at least two pieces of Personal Information and endeavor to match those to information we maintain about you.
If we are unable to verify your identity with the degree of certainty required, we will not be able to respond to the request. We will notify you to explain the basis of our denial.
Requests For Deletion of Personal Information We Have Collected From You
We will ask you for at least two pieces of Personal Information and endeavor to match those to information we maintain about you.
If we are unable to verify your identity with the degree of certainty required before providing you with the information requested, we will notify you to explain the basis of our denial.
What About Household Personal Information?
There may be some types of Personal Information that can be associated with a household (a group of people living together in a single dwelling). Requests for access or deletion of household Personal Information must be made by each member of the household. We will verify each member of the household using the verification criteria explained above.
If we are unable to verify the identity of each household member with the degree of certainty required, we will not be able to respond to the request. We will notify you to explain the basis of our denial.
Do We Make Automated Decisions Concerning You?
No, we do not carry out automated decision making or automated profiling.
Do We Use Cookies To Collect Personal Data On You?
To provide better service to you on our websites, we and our service providers use cookies to collect your Personal Data when you browse.
What About Changes To This Privacy Notice?
We will review and update this Notice periodically in light of changing business practices, technology, and legal requirements. If we make a significant or material change in the way we use or share your Personal Information, you will be notified via email or a notice on our website.
Privacy Notice Addendum GDPR
Effective Date: 2/14/2023
Last Updated: 2/14/2023
This Privacy Notice Addendum (“GDPR Addendum”) is incorporated into the Gordian Privacy Notice and applies only to situations where the General Data Protection Regulation (GDPR) and related European data protection laws govern the way Gordian handles, or “processes,” Personal Data. These laws are most likely to apply whenever a company is established in Europe or handles the Personal Data of individuals who are located in Europe.
This notice does not apply to our handling of your Personal Data in the human resources context. A separate privacy notice applies to these situations and is available from the Gordian Human Resources Department.
If this GDPR Addendum is applicable to you, please read it carefully because it provides important information and explains your rights.
What Does the GDPR Addendum Cover?
In addition to the obligations set forth in the Gordian Privacy Notice, this Addendum:
- explains how long we keep your Personal Data for;
- sets out the legal basis we have for using your Personal Data;
- explains the effect of refusing to provide the Personal Data requested; and
- explains where we store your Personal Data and whether we transfer your data outside of the European Economic Area.
What Personal Data Do We Collect About You?
We will collect certain Personal Data about you in the course of your relationship with us, which may include the categories of Personal Information set forth in the table on the Gordian Privacy Notice.
What Legal Basis Do We Have For Using Your Personal Data?
We process your information:
- To be able to provide you with Services in line with our Ters & Conditions via our website.
- As is necessary for the performance of the contract with you or to take steps at your request prior to entering into a contract
- To comply with our legal obligations
- To protect your vital interests and the vital interests of others.
- As is necessary for us to carry out our functions as a global business, including profiling related to your Personal Data. While there are some risks with this type of activity, on balance, we consider the risk to your rights of data protection is outweighed by the significant benefits in providing Services to a relevant and interested marketplace.
- You have the right to object, on grounds relating to your situation, at any time to the processing of your Personal Data based on legitimate interests.
- If you notify us of any health or disability requirements, then this may involve the processing of more detailed Personal Data, including sensitive data such as health information that you or others provide about you. In that case we always ask for your consent before undertaking such processing and you have the right to withdraw your consent at any time.
- On the basis of your consent for us to process your Personal Data for a particular purpose.
What Happens If You Do Not Provide Us With The Information We Request Or Ask That We Stop Processing Your Information?
We have statutory and contractual obligations that require us to process your Personal Data. If you don’t provide the Personal Data requested, we may not be able to fulfill our contract with you or perform our obligations to you or related others.
Where Do We Store Your Personal Data? Do We Transfer Your Personal Data Outside The EEA?
We store your personal data safely at our premises, in contracted storage facilities, with our service providers, or on our servers within the country where we are based and otherwise within the European Economic Area (EEA). We strive to process your Personal Data within the country where we collected it or within the EEA. If we or our service providers transfer Personal Data, where relevant, outside of the EEA, we will always require that appropriate safeguards are in place to protect the Personal Data that is transferred. For example, a portion of our centralized Compliance, Marketing, and Finance functions are performed outside of the EEA, in the USA, so we have put in place safeguards to protect Personal Data exported from the EEA that is processed in or accessed from the USA. You can obtain a copy of the safeguards in place for such transfers by contacting us using the details at the end of this Privacy Notice.
What Rights Do You Have In Relation To The Personal Data We Hold About You?
By law, you have a number of rights when it comes to your Personal Data. Further information and advice about your rights can be obtained from the data protection regulator in your country.
Rights
What does this mean?
1. The right to be informed
You have the right to be provided with clear, transparent and easily understandable information about how we use your Personal Data and your rights. This is why we’re providing you with the information in this Privacy Notice.
2. The right of access
You have the right to obtain access to your Personal Data (if we’re processing it), and certain other information (similar to that provided in this Privacy Notice).
This is so you’re aware and can check that we’re using your information in accordance with data protection law.
3. The right to rectification
You are entitled to have your Personal Data corrected if it’s inaccurate, not up to date or incomplete.
4. The right to erasure
In simple terms, you can request the deletion of excessive, unnecessary, or incorrectly processed data or deletion of data that has been processed with your consent. This is not a general right to erasure; there are exceptions.
5. The right to block processing
You have rights to ‘block’ or suppress further use of your Personal Data. When processing is blocked, we can still store your Personal Data, but we will stop using it temporarily. We keep lists of people who have asked for further use of their Personal Data to be ‘blocked’ to make sure the restriction is respected in future.
6. The right to data portability
You have rights to obtain and reuse your Personal Data for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your Personal Data easily between our IT systems and theirs safely and securely, without affecting its usability.
7. The right to oppose to processing
You have the right to oppose processing of your Personal Data if you believe it has not been processed in compliance with applicable data processing laws. This is different from withdrawing consent as it includes processing based on our legitimate interests.
8. The right to lodge a complaint
You have the right to lodge a complaint about the way we handle or process your personal data with a supervisory authority, in particular, in the Member State of your habitual residence, place of work or place of the alleged infringement of your rights.
9. The right to withdraw consent
If you have given your consent for processing of Personal Data, it can be withdrawn at any time (although if you do so, it does not mean that anything we have done with your Personal Data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your Personal Data for marketing purposes.
10. The right to request anonymization
You have the right to request your Personal Data to be anonymized by technical means. You may do this, for example, if your data is part of a market study.
11. The right to request information of third-party public and private entities with whom we have shared data
You have the right to request information of the public and private entities with whom we have shared your Personal Data and the purpose for which we have shared it, for example with processors we have listed in this notice.
How Can You Make A Request To Exercise Your Rights or Contact Us?
If you have questions on the processing of your Personal Information, would like to exercise any of your rights, or are unhappy with how we’ve handled your Personal Information, please contact us here:
The Gordian Group, Inc.
Attention: Gordian Legal Department
30 Patewood Drive, Suite 350
Greenville, SC 29615
USA
Or at legal@gordian.com with subject line: “Attention: Legal – GDPR Request.” We are committed to ensuring that our communications are accessible to people with disabilities.
If you’re not satisfied with our response to any complaint or believe our processing of your information does not comply with applicable data protection laws, you can make a complaint to the data protection regulator in your country.
Privacy Notice Addendum CCPA
Effective Date: 2/14/2023
Last Updated: 2/14/2023
This Privacy Notice Addendum (“CCPA Addendum”) is incorporated into the Gordian Privacy Notice and applies only to the collection and use of the Personal Information of California residents by Gordian, particularly where such use or collection is governed by the California Consumer Privacy Act (CCPA) and relates to consumer transactions. Although the CCPA applies to Personal Information of individuals that are residents of California, Gordian may as a courtesy extend some of the CCPA’s requirements to the Personal Information of residents of the United States of America more broadly.
This notice does not apply to our handling of your Personal Information in the human resources context. A separate privacy notice applies to these situations and is available from the Gordian Human Resources Department.
If this CCPA Addendum is applicable to you, please read it carefully because it provides important information and explains your rights.
What Does the CCPA Addendum Cover?
In addition to the obligations set forth in the Gordian Privacy Notice, this Addendum:
- explains how we keep your Personal Information secure; and
- sets out your rights under specific California laws
What Personal Information Do We Collect About You?
We will collect certain Personal Information about you in the course of your relationship with us, which may include the categories of Personal Information set forth in the table on the Gordian Privacy Notice.
How Do We Keep Your Personal Information Secure?
Our reasonable security program is implemented and maintained in accordance with applicable law and relevant standards as outlined in the report issued by the California Attorney General in February 2016, available at https://oag.ca.gov/sites/all/files/agweb/pdfs/dbr/2016-data-breach-report.pdf.
Specifically, among other safeguards, our reasonable security program implements and maintains all 20 of the Center for Internet Security’s Critical Security Controls for Effective Cyber Defense identified in Appendix A of the California Attorney General Report. As noted in that report, “there is no perfect security,” and reasonable security is a process that involves risk management rather than risk elimination. While we are committed to developing, implementing, maintaining, monitoring and updating a reasonable information security program, no such program can be perfect; in other words, all risk cannot reasonably be eliminated. Data security incidents and breaches can occur due to vulnerabilities, criminal exploits or other factors that cannot reasonably be prevented. Accordingly, while our reasonable security program is designed to manage data security risks and thus help prevent data security incidents and breaches, it cannot be assumed that the occurrence of any given incident or breach results from our failure to implement and maintain reasonable security.
California Shine The Light
California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits California residents to annually request, free of charge, information about the Personal Information (if any) disclosed to third parties for direct marketing purposes in the preceding calendar year. No information is shared with third parties for their own marketing purposes.
How Can You Make A Request To Exercise Your Rights or Contact Us?
If you have questions on the processing of your Personal Information, would like to exercise any of your rights, or are unhappy with how we’ve handled your Personal Information, please contact us here:
The Gordian Group, Inc.
Attention: Gordian Legal Department
30 Patewood Drive, Suite 350
Greenville, SC 29615
USA
Or at legal@gordian.com with subject line: “Attention: Legal – CCPA Request.” We are committed to ensuring that our communications are accessible to people with disabilities.
Authorized Agents – Additional Verification Required
You may designate an agent to submit requests on your behalf. The agent can be a natural person or a business entity that is registered with the California Secretary of State.
If you would like to designate an agent to act on your behalf, you and the agent will need to comply with our agent verification process. You will be required to verify your identity by providing us with certain Personal Information as described above, depending on whether you hold an account with us or not and the nature of the information you require, which we will endeavor to match the information submitted to information we maintain about you. Additionally, we will require that you provide us with written confirmation that you have authorized the agent to act on your behalf, and the scope of that authorization. The agent will be required to provide us with proof of the agency relationship, which may be a declaration attesting to the agent’s identity and authorization by you to act on their behalf, signed under penalty of perjury. If the agent is a business entity, it will also need to submit evidence that it is registered and in good standing with the California Secretary of State. Information to identify and verify your agent can be submitted through the same mechanism and at the same time that you submit information to verify your identity.