YOUR PRIVACY & SECURITY IS OUR TOP PRIORITY.
GTM Payroll Services, Inc. (referred to as “GTM”, “us”, “we”, or “our” as the context may require) respects your privacy. The website www.gtm.com (the “Site”) is owned by GTM. Due to the confidential nature of the services we perform, we are required to manage and process your information with security and privacy as the cornerstone of our operating procedures. This Privacy Statement (the “Privacy Statement”) informs you of our privacy practices and the ways your information is collected and how that information is used. A link to this statement is readily available on our home page and at the bottom of every GTM Web page. Please note that this Privacy Statement applies only to information collected through the Site or offline by GTM and does not cover any information collected at any other Site or offline by another company (unless specifically stated). Please note further, as described in this Privacy Statement, that some components of our website that may be operated by third parties and are therefore subject to additional terms found in the policies of those third parties. In such cases, GTM will take reasonable efforts to provide a link to the privacy policies of the third party, as described later in this Privacy Statement. By accessing or using the Site, you are accepting the terms described in this Privacy Statement. This Privacy Statement may change from time to time, as set forth below. Your continued use of the Site after we make changes is deemed to be acceptance of those changes, so please check the Privacy Statement periodically for updates.
1. IMPORTANT INFORMATION AND WHO WE ARE.
PURPOSE OF THIS PRIVACY STATEMENT.
This Privacy Statement aims to give you information on how GTM collects and processes your personal data through your use of the Site or other services provided to you, including any data you may provide through the Site when you purchase a service from GTM.
If you are in the European Union, or if your personal data otherwise may be subject to the requirements of the General Data Protection Regulation, (Regulation (EU) 2016/679, or the “GDPR”), this Privacy Statement aims to give you information on how GTM collects and processes your personal data in accordance with the GDPR.
The Site is offered and available to users who have reached the age of majority in the applicable jurisdiction, and GTM does not knowingly collect personal information from users who have not reached the age of majority in the applicable jurisdiction. If we learn that we have collected personal data of a person under the age of majority, depending on jurisdiction, we will stop processing such data and take steps to delete the data as soon as possible.
It is important that you read this Privacy Statement so that you are fully aware of how and why we are using your data. This Privacy Statement supplements other notices and privacy policies and is not intended to override them.
CALIFORNIA RESIDENTS’ RIGHTS.
California Civil Code Section § 1798.83 permits users of the Site that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please e-mail us at email@example.com.
CHANGES TO THE PRIVACY STATEMENT AND YOUR DUTY TO INFORM US OF CHANGES.
We keep our Privacy Statement under regular review. This version was last updated in May 2019. We reserve the right to alter, modify, update, add to, subtract from or otherwise change this Privacy Statement at any time. We will use your personal information in a manner consistent with the Privacy Statement in effect at the time. You are responsible for periodically visiting the Site and this Privacy Statement to check for any changes.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
RESPONSIBILITY FOR EXTERNAL SITES.
The Site may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We are not responsible for these third-party websites or their privacy statements. When you leave the Site, we encourage you to review the privacy policies of such third parties by visiting the links included within those separate websites, since their policies may differ from this Privacy Statement, and they may use information consistent with their own policies.
2. COLLECTION OF PERSONAL INFORMATION.
In order to provide services to you accurately and properly, we at GTM need to collect, use, store, and transfer certain personal data and personal information from you, the customer. “Personal data” or “personal information” means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (also known as “anonymous data”). The personal data or personal information may include your:
- Identity and Contact Data, which includes your name(s), billing and mailing addresses, e-mail address, telephone number, company name and address, and social security number.
- Employee Data, which includes your employee(s)’ name(s), address, unique personal identifiers/company identification, and social security number.
- Financial/Transaction Dataincludes your credit/payment card information, bank account information, details about payments from you, detail of payments made on your behalf to your employee(s), and other details of and services you have purchased from us.
- Technical Dataincludes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, internest usage information, operating system and platform, and other technology on the devices you use to access the Site.
- Profile Data includes your name, purchases or orders made by you, the type of business you are involved in, other details about your business, your preferences, feedback, and survey responses.
- Usage Dataincludes information about how you use the Site, products the services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
- Other such information necessary to carry out our services.
We may also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific Site feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Statement.
We do not collect any data about you identified under the GDPR as “Special Categories of Personal Data” (this includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, personal or political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offenses. If we learn that we have such collected personal data, we will stop processing such data and take steps to delete the data as soon as possible.
In providing this information to us, you agree to our use of that information in accordance with this Privacy Statement. In the event that your information changes (such as your address) you must let us know, so that we may avoid errors as a consequence of incorrect data. You may update your information by e-mailing us at firstname.lastname@example.org.
IF YOU FAIL TO PROVIDE PERSONAL DATA
Where we need to collect personal data by law, under the terms of an agreement or Service Request we have with you, or otherwise, and you fail to provide that data when requested, we may not be able to sell products or services to you. In this case, we may have to cancel an agreement or Service Request you have with us, but we will notify you if this is the case.
3. HOW WE COLLECT YOUR PERSONAL DATA AND PERSONAL INFORMATION.
If the personal data or personal information we are collecting from you is subject to the GDPR, we will use our best efforts to collect your personal data pursuant to GDPR required standards. We use different methods to collect data from and about you including through:
- Direct interactions.You may give us your Identity, Contact and Financial Data by filling in forms in person or online or by communicating with us by mail, phone, e-mail or otherwise. This includes personal data you provide when you:
- purchase or use our services;
- create an account on the Site;
- request product information or marketing materials to be sent to you; or
- give us feedback or contact us.
- Automated technologies or interactions. As you interact with the Site, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may use third party analytics services like Google Analytics to provide us with a clearer picture of how you use the Site, including when you view specific pages or take specific actions on the Site. For more information about Google Analytics or to opt-out of Google Analytics, please go to Google Analytics Opt-Out Settings page here: https://tools.google.com/dlpage/gaoptout. If you wish to learn more about our data collection process, please contact us using the contact information provided below.
- Social Media. While we strive to protect users’ personal data and privacy, we cannot guarantee the privacy and/or security of any information you disclose online through social media platforms (Facebook/Twitter/YouTube/LinkedIn/Instagram, etc.) (“Social Media”). Please keep in mind when accessing or using Social Media through our Site; you disclose information at your own risk that may be specifically designed to be visible to other users. You should be aware that any personal data you choose to submit via Social Media can be read, collected, and used by other individuals and/or entities, and could be used to send you unsolicited messages. We are not responsible for any information you choose to submit when you engage in such activities.
4. HOW WE USE YOUR INFORMATION.
We will only use your personal data when the law allows us to. If you are in the European Union, or if your personal data otherwise may be subject to the GDPR, you should understand that we will use our technical infrastructure in the United States in order to deliver various services to you. If you are purchasing services through the Site, we may need to transfer your personal data to the United States, and possibly to other jurisdictions outside of your home country, as necessary to provide these services. Further, in providing the services to you we may collect and transfer the personal data of your employee(s) to the United States. Similarly, if you are browsing the Site, we may collect certain personal data about you in order to enhance the Site, and your experience on the Site. Processing of your personal data as you browse the Site is necessary for our legitimate interests, and we believe these interests will not interfere with your fundamental rights or freedoms. Most commonly, we will use your personal data in the following circumstances:
- Where we need to provide services to you for the performance of our agreement or Service Request with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal obligation.
- To enforce or apply any agreements or Service Requests we have with you, including for billing and collection purposes.
If the personal data we collect from you is subject to the GDPR, we will attempt to process your data pursuant to the lawful bases of the GDPR.
If your personal data is subject to the GDPR, please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details regarding the GDPR specific legal ground we are relying on to process your personal data.
In some instances, GTM may use your Identity and Contact Data solely for marketing purposes associated with GTM’s business (“GTM marketing information”), which may include allowing temporary access of GTM marketing information by a third party. If consent is necessary for this use under GDPR, GTM shall obtain proper consent for marketing purposes. Unless GTM has entered into a formal agreement with a third party regarding the sharing of certain information you provide, beyond GTM marketing information, such information will not be shared with any individual or organization outside GTM. In the event that GTM has entered into such a formal agreement with a third party, you will be advised of the agreement and the possibility that certain information you provide may be disclosed to the third party. In all other cases, such information is only disclosed to third parties (1) as required by law, (2) in response to a subpoena or court order, and (3) as directed by you.
Similarly, you may receive e-mails from us, from time to time, which may enhance our service to you. It may take the form of products we think would interest you, or information in connection with performing our services. All e-mail communications that you receive from GTM will be provided in accordance with this statement.
You can ask us to stop sending you marketing communications at any time by following the instructions provided by GTM.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a service purchase or other transactions.
You may find cookies, web beacons or similar technologies on our website. A cookie is a small text file that is sent to your browser from a web server and is stored on your computer’s hard drive. A web beacon is a small, often invisible, graphic image included in a web page or e-mail. We may use web beacons for many purposes, such as to count visitors to the website or to monitor how visitors navigate the website. These cookies and web beacons are meant to provide you with data and to improve or enhance the browsing experience of our site, and to aid us in determining user preferences. Under no circumstances will cookies be used by GTM to retrieve data from your hard drive or to obtain any information concerning your e-mail address or other personal information which you have not provided. To the extent personal data may be collected, we will secure such data in accordance with this Privacy Statement.
CHANGE OF PURPOSE
We will only use your personal data and/or personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If your personal data is subject to the GDPR, and we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
5. DATA SECURITY.
GTM Payroll Services takes great care to assure you your personal data is kept confidential. We utilize state of the art encryption technology to safeguard all personal information, and industry-standard payment and security systems. Our document handling procedures include precise security and on-site document destruction. However, no transmission of data via the internet or electronic storage of information can be completely secure, so any transmission of personal data or other data is at your own risk.
6. DATA RETENTION.
HOW LONG WILL YOU USE MY PERSONAL DATA FOR?
We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data or personal information for a longer period, if required by law, in the event of a complaint, or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we may consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
We may anonymize your personal data (so that it can no longer be associated with you) for research, statistical purposes, or other purposes, in which case we may use this information indefinitely without further notice to you.
7. YOUR LEGAL RIGHTS.
If your personal data is subject to the GDPR, you have certain rights in relation to your personal data. Such rights may include the right, under certain circumstances, to: (1) request access to your personal data, (2) request rectification of the personal data that we hold about you, (3) request erasure of your personal data, (4) object to processing of your personal data, (5) request restriction of processing of your personal data,(6) request the transfer of your personal data or (7) withdraw your consent at any time where we are relying on consent to process your personal data. If your personal data is subject to the GDPR and you wish to make a complaint regarding our processing of your personal data, you may do so to the relevant Supervisory Authority in the European Union.
If you have any questions about this Privacy Statement, including your legal rights, please contact us using the information provided below.
We value your opinions. If you have comments or questions about our privacy statement, please send them to email@example.com, or write to us at the following address:
GTM Payroll Services
7 Executive Park Dr.
Clifton Park, NY 12065
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Comply with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.