GSI Privacy Policy

This website (www.getgsi.com is maintained in the United States by Global Systems Integration, Inc. ("we" or "us"). This Privacy Policy explains how we, and our corporate subsidiaries and affiliates, use any personal information that we collect about you when you use this website (the "Site") or otherwise interact with us. This Privacy Policy does not apply to any third-party websites, services, or applications accessed via our Site.

We take seriously your privacy rights. Please read this Website Privacy Policy Notice (the “Policy”) carefully, because it contains important information about who we are and our information practices; meaning, how and why we collect, use, disclose, share, retain, and dispose of your personal information. This Policy reflects our intent to be transparent about our privacy practices, and also explains your rights in relation to your personal information and sensitive personal information, as well as how to contact us or supervisory authorities in the event you have a request or complaint. Please also see- if you have not already - our “Cookies Policy” and our “Notice of Collection”. This Policy shall be revised/updated at least once every twelve months. The date of the most recent revision/update is June 15, 2024.

1. Purpose of this Policy:

CCPA/CPRA: The purpose of this privacy policy notice (“Policy”) is to provide California consumers and other visitors to/users of (“you”) our websites (our “sites”) with a comprehensive description of our business’s online and off-line privacy practices, the rights regarding your personal information that you have under applicable law, and how to exercise those rights. This Policy informs visitors about the data collection, storage, and distribution practices of our sites. It also provides an explanation of what information is collected and how it is used.

When you visit our websites we collect, use, and therefore become responsible for, certain personal information about you. For California consumers, we are subject to the California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy Rights Act of 2020 (“CPRA”) (together, the “CCPA, as amended”). When we offer goods and services (paid or free) to individuals in the European Economic Area “(EEA”), and/or when we control or process the personal data of EU residents, we are subject to the EU General Data Protection Regulation (EU GDPR) (the “Regulation”), which applies across the entire European Union. We are responsible for your personal information as a “business” under the CCPA/CPRA. We are responsible as a “controller” of personal information for the purposes of the GDPR.

www.getgsi.com

www.askcga.com

www.flawlessinbound.ca

John Bassett

Email: John.Bassett@GetGSI.com

Wendell B. Hays
Email: Legal@GetGSI.com

Email us at: privacy@GetGSI.com or

Call us toll-free at (877) 474-4262

2. Categories of Personal (and Sensitive Personal Information) We Collect About You.

We collect, and/or in the preceding 12 month have collected, the following categories and specific types of consumer personal and sensitive personal information:

1. Identifiers (for example, a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers)	[specific types of information collected] Real name, postal address, email address. Telephone number
2. Customer Records Information: Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.	[specific types of information collected] Real name, postal address, email address. Telephone number. (when you volunteer this information).
3. Characteristics of protected classifications under California or U.S. federal law: (which include Race, religion, sexual orientation, gender identity, gender expression, age)	[specific types of information collected] None
4. Commercial information (for example, records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies)	[specific types of information collected] None
5. Biometric information: (including, but not limited to hair color, eye color, fingerprints, height, retina scans, facial recognition, voice, and other biometric data.)	[specific types of information collected] None
6. Internet or other electronic network activity information: (for example, browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement)	[specific types of information collected] NO
7. Geolocation data: (see definition above)	[specific types of information collected] NO
8. Audio, electronic, visual, thermal, olfactory, or similar information	[specific types of information collected] NO
9. Professional or employment-related information:	[specific types of information collected] The information you provide about your employment history; only on our careers page, when you apply for employment (when you volunteer this information).
10. Education information, (defined as information that is not publicly available personally identifiable information as defined in the U.S. federal Family Educational Rights and Privacy Act (FERPA)	[specific types of information collected] The information you provide about your educational background; only on our careers page, when you apply for employment. (when you volunteer this information).
11. Inferences drawn from any of the information identified above to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes	[specific types of information collected] None

Sensitive personal information/ Special category personal data
Racial or ethnic origin, religious or philosophical beliefs, union membership, or citizenship or immigration status	[specific types of information collected] NO
Contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication	[specific types of information collected] NO
Genetic data	[specific types of information collected] NO
Processing of biometric information for the purpose of uniquely identifying a consumer	[specific types of information collected] NO
Health information	[specific types of information collected] NO
Sex life or sexual orientation	[specific types of information collected] NO

If you do not provide personal information required for us to provide you products AND/OR services to you, that may delay or prevent us from providing products AND/OR services to you.

3. How Your Personal Information is Collected. We collect personal information from the following categories of sources:

You, directly in person, by telephone, text, or email and/or via our website
Advertising networks
Data analytics providers
Operating systems and platforms
Data brokers
Cookies on our website
Our IT systems, including:
- Automated monitoring of our websites and other technical systems, such as our computer networks
  and connections, communications systems, email, and instant messaging systems

4. “How” and “Why” We Use Your Personal Information.

Under applicable consumer data-privacy and consumer protection laws, we can only use your personal information if we have a proper reason for doing so, for example:

To comply with our legal and regulatory obligations
For the performance of our contract with you or to take steps at your request before entering into a contract
For our legitimate interests or those of a third party –or–
Where you have given consent

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.

The table below explains what we use (process) your personal information for and our reasons for doing so:

“HOW” we use your personal information	Our reasons (“WHY”) (the purposes of collection)
To provide products AND/OR services to you	For the performance of our contract with you or to take steps at your request before entering into a contract.
To prevent and detect fraud against you or GSI.	For our legitimate interests or those of a third-party, (that is, to minimize fraud that could be damaging for us and for you.)
Conducting checks to identify our customers and verify their identities. Other processing necessary to comply with professional, legal, and regulatory obligations that apply to our business, for example rules issued by our professional regulator	To comply with our legal and regulatory obligations.
Gathering and providing information required by or relating to audits, inquiries or investigations by regulatory bodies	To comply with our legal and regulatory obligations.
Ensuring business policies are adhered to, (for example, policies covering security and internet use)	For our legitimate interests or those of a third party, (that is, to make sure we are following our own internal procedures so we can deliver the best service to you.)
Operational reasons, such as improving efficiency, training, and quality control	For our legitimate interests or those of a third party, (that is, to be as efficient as we can so we can deliver the best service for you at the best price.)
Ensuring the confidentiality of commercially sensitive information	For our legitimate interests or those of a third-party, (that is, to protect trade secrets and other commercially valuable information.) AND/OR To comply with our legal and regulatory obligations
Statistical analysis to help us manage our business, e.g., in relation to [our financial performance, customer base, product range or other efficiency measures]	For our legitimate interests or those of a third party, i.e., to be as efficient as we can so we can deliver the best service for you at the best price
Preventing unauthorized access and modifications to systems	For our legitimate interests or those of a third party, i.e., to prevent and detect criminal activity that could be damaging for us and for you. To comply with our legal and regulatory obligations.
Updating [and enhancing] customer records	For the performance of our contract with you or to take steps at your request before entering into a contract. AND/OR To comply with our legal and regulatory obligations. AND/OR For our legitimate interests, (FOR EXAMPLE, making sure that we can keep in touch with our customers about existing orders and new products).
Statutory returns	To comply with our legal and regulatory obligations.
Ensuring safe working practices, staff administration and assessments.	To comply with our legal and regulatory obligations. For our legitimate interests, (FOR EXAMPLE, to make sure we are following our own internal procedures and working efficiently so we can deliver the best products and services to you.)
Marketing our services to: Existing and former clients Third-parties who have previously expressed an interest in our services Third-parties with whom we have had no previous dealings	For our legitimate interests, (FOR EXAMPLE, to promote our business to former, existing, and potential clients).
Credit reference checks via external credit reference agencies	For our legitimate interests, (FOR EXAMPLE, to ensure that our clients are likely to be able to pay for our products and services).

5. Categories of third-parties with whom we may share your personal information.

We routinely share personal information with:

Service providers we use to help deliver our products and/or services to you, such as our Customer Relationship Management technology.
Other third-parties we use to help us run our business, such as marketing agencies or website hosts.
Third-parties approved by you, including social media sites you choose to link your account to, or third-party payment providers.
Credit reporting agencies.
Our insurers and brokers.
Our bank[s].

We DO NOT and WILL NOT sell or share your personal information with any other third-party, and NEVER with any party for cross-contextual behavioral advertising.

We only allow our service providers to handle your personal information if we are satisfied they take appropriate measures to protect your personal information.
We also impose contractual obligations on service providers to ensure they can only use your personal information to provide services to us and to you.
We may also share personal information with external auditors, e.g., in relation to ISO, CMMC, SOC II accreditation and the audit of our accounts.
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
We may also need to share some personal information with other parties, such as potential buyers of some or all of our business or during a re-structuring. In such a circumstance, we will endeavor to anonymize information, but this may not always be possible. Any recipient of such information will be bound by confidentiality obligations.

We DO NOT and WILL NOT sell or share your personal information with any other third-party, and NEVER with any party for cross-contextual behavioral advertising.

6. How Long Your Personal Information Will Be Kept.

We will keep your personal information while you have an account with us or while we are providing [products AND/OR services] to you. Thereafter, we will keep your personal information for as long as is necessary for the business purpose for which it was collected:

To respond to any questions, complaints or claims made by you or on your behalf
To show that we treated you fairly –or–
To keep records required by law

We will not retain your personal information for longer than necessary for the purpose(s) set forth in this policy. When it is no longer necessary to retain your personal information, we will delete or anonymize it.

7. California Consumers: Your Rights Under the CCPA, as amended:

You have the right under the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA), and certain other privacy and data protection laws, as applicable, to exercise free of charge:

You have the right to know, and request disclosure of:

The categories and/or specific pieces of personal information we have collected about you in the preceding 12 months, including sensitive personal information
The categories of sources from which any personal information is collected
The purposes for which we use that personal information
The categories of third-parties to whom we disclose that personal information (if any)

Please note that we are not required to:

Retain any personal information about you that was collected for a single one-time transaction if, in the ordinary course of business, that information about you is not retained
Reidentify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information –or–
Provide the personal information to you more than twice in a 12-month period

In connection with any personal information we may share, or disclose to a third party for a business purpose, you have the right to know:

The categories of personal information about you that we shared and the categories of third parties with whom the personal information was shared

–and–

The categories of personal information that we disclosed about you for a business purpose and the categories of persons to whom the personal information was disclosed for a business purpose.

You have the right to opt-out of the sale of your personal information or sharing of your personal information for the purpose of targeted behavioral advertising. If you exercise your right to opt-out of the sale or sharing of your personal information, we will refrain from selling or sharing your personal information, unless you subsequently provide express authorization for the sale or sharing of your personal information.

To opt-out of the sale or sharing of your personal information, use the cookie consent banner and select the Opt-Out/Do Not Sell or Share My Personal Information option.

You have the right to limit the use and disclosure of your sensitive personal information uses which are necessary to:

Perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services.
To perform the following services: (1) Help to ensure security and integrity to the extent the use of the consumer's personal information is reasonably necessary and proportionate for that purpose; (2) Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of your current interaction with the business, provided that your personal information is not disclosed to a third-party and is not used to build a profile about you otherwise alter your experience outside the current interaction with the business; (3) Perform services on our behalf, including the maintenance of or servicing accounts, providing you customer service, processing or fulfilling your orders and transactions, verifying your customer information, processing your payments, providing financing, providing analytic services, providing storage, or providing similar services on our behalf; and (4) Undertaking activities to verify or maintain the quality and/or safety of a service or device that is owned, manufactured, manufactured for, or controlled by GSI, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by GSI –and–
As authorized by further regulations

You have a right to know if your sensitive personal information may be used, or disclosed to a service provider or contractor, for additional, specified purposes.

Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will:

Delete your personal information from our records –and–
Direct third parties and/or service providers with whom we have sold or shared your personal information to delete your personal information, unless this proves impossible or involves disproportionate effort.

Please note that we might not delete your personal information if it is reasonably necessary to:

Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us
Help to ensure security and integrity, to the extent the use of your personal information is reasonably necessary and proportionate for those purposes.
Debug to identify and repair errors that impair existing intended functionality.
Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
Comply with the California Electronic Communications Privacy Act.
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent for such a use.
Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us.
Comply with an existing legal obligation –or–
Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.

If we maintain inaccurate personal information about you, you have the right to request us to correct that inaccurate personal information. Upon receipt of a verifiable request from you, we will use commercially reasonable efforts to correct the inaccurate personal information.

You have the right to not be retaliated against by us because you exercised any of your rights under the CCPA/CPRA. This means we cannot, among other things:

Deny goods or services to you
Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties
Provide a different level or quality of goods or services to you –or–
Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services

8. How to Exercise Your Rights.

If you would like to exercise any of your rights as described in this Privacy Policy, you can email us at Privacy@GetGSI.com, and you can also call us toll-free at (877) 447-4262. California residents who believe we have violated their privacy rights can submit a complaint with the official California Privacy Protection Agency by going to: https://www.cppa.ca.gov/webapplications/complaint . However, we strongly encourage you to reach out to us before filing such a complaint, so we can work with you to resolve the issue and alleviate your concern.

Please note that you may only make a CCPA/CPRA-related data access or data portability disclosure request twice within a 12-month period.
If you choose to contact us directly by website/email/phone you will need to provide us with:
Enough information to identify you (e.g., your full name, email address, mailing address and customer or matter reference number).
Proof of your identity and address (e.g., a copy of your driving license or passport and a recent utility or credit card bill) –and–
A description of what right you want to exercise and the information to which your request relates
Any personal information we collect from you to verify your identity in connection with you request will be used solely for the purposes of verification.
We are not obligated to make a data access or data portability disclosure if we cannot verify that the person making the request is the person about whom we collected information or is someone authorized to act on such person's behalf.

GSI Privacy policy