Metrus Group Data Privacy Statement

Metrus Group, Inc. provides talent management services to its clients and uses employee surveys as one tool in that work. In the survey process, we gather the responses of employees, analyze the aggregated data, and prepare reports for the client.

This policy conforms to the EU-US Privacy Shield Principles developed by the US Department of Commerce in consultation with the European Commission and with Switzerland.

Key elements of Metrus Group's privacy policy include:

Clarity of communication. Metrus Group subscribes to a policy of full disclosure. This means that all data that will be collected as well as the rules for protecting the anonymity of the individual are fully disclosed to the respondent. Each respondent voluntarily participates or chooses to opt out of answering individual questions or the questionnaire in total.

Data Integrity. Metrus Group and the client agree in advance to share responsibility for the accuracy of the information being shared. The client is responsible for providing accurate data files, limited to the employee information which is required for the purpose of the survey. Metrus is responsible for maintaining that information in an accurate manner, so that it can be correctly used as part of our analyses. Further, Metrus shall only use any Personal Information in a way that is compatible with and relevant for the purpose for which it was collected, as has been shared with the client, and with the survey respondents.

Relevance. Metrus collects only as much individual information as is needed to conduct the work described above. Metrus Group has established procedures for summarizing the data so that no individual response can be identified in a report. This includes, but is not limited to, requiring a minimum number of responses before a report can be issued or before additional cases can be added to an aggregate group and minimum sizes for demographic groups to be reported.

Retention. Employee information is stored only for as long as it is required to provide the services required as part of the client agreement. In cases in which there is an individual link (for example, to allow an individual employee to store his/her responses and return to his/her unique response file at a later time), that information is removed from all working files once the data collection process is complete.

Data Security. Metrus Group takes every reasonable precaution to protect all data from external access (electronic and otherwise) with state-of-the-art equipment and technology. Metrus Group and the client agree in advance to share responsibility for protecting the privacy of the respondents and the role of each is fully disclosed to the respondent as part of the introductory material. This includes, where appropriate, identifying the country where the data will be stored.

Implementation. Metrus Group uses a self-assessment approach to assure compliance with this privacy policy and periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible and in conformity with the Principles. A copy of this policy is provided to every employee. We encourage interested persons to raise any concerns using the contact information provided below, and we will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of Personal Information in accordance with the Principles.

Right to Access. Metrus Group acknowledges that individuals have the right to access the personal information that we maintain about them. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct his query to Metrus Group at:

Christine Hutchinson
Metrus Group, Inc.
953 Route 202 North
Somerville, NJ 08876 USA
chutchinson@metrus.com
908-231-1900 x108

Onward Transfer of Information. Metrus Group, Inc. does not share information with any third parties. If we ever were to engage in any onward transfers of your data with third parties, we would provide you with an opt-out choice to limit the use and disclosure of your personal data.

We may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including meeting national security or law enforcement requirements.

In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, Metrus Group is potentially liable.

 

EU-US Privacy Shield Framework. Metrus Group, Inc. complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. Metrus Group, Inc. has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/

In compliance with the EU-US Privacy Shield Principles, Metrus Group, Inc. commits to resolve complaints about your privacy and our collection or use of your personal information. European Union individuals with inquiries or complaints regarding this privacy policy should first contact:

Christine Hutchinson
Metrus Group, Inc.
953 Route 202 North
Somerville, NJ 08876 USA
chutchinson@metrus.com
908-231-1900 x108

Metrus Group, Inc. has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.

Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel. Metrus Group is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

US-Swiss Safe Harbor Framework. Metrus Group, Inc. complies with the US-Swiss Safe Harbor Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from Switzerland. Metrus Group, Inc. has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. If there is any conflict between the policies in this privacy policy and the Safe Harbor Privacy Principles, the Safe Harbor Privacy Principles shall govern. To learn more about the US-Swiss Safe Harbor and to view our certification page, please visit www.export.gov/safeharbor.

In compliance with the US-Swiss Safe Harbor Principles, Metrus Group, Inc. commits to resolve complaints about your privacy and our collection or use of your personal information. Swiss citizens with inquiries or complaints regarding this privacy policy should first contact Metrus Group, Inc. at:

Christine Hutchinson
Metrus Group, Inc.
953 Route 202 North
Somerville, NJ 08876 USA
chutchinson@metrus.com
908-231-1900 x108

Metrus Group, Inc. has further committed to refer unresolved privacy complaints under the US-Swiss Safe Harbor to an independent dispute resolution mechanism operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/us/safe-harbor-complaints for more information and to file a complaint.

Statement of conformation. Metrus Group certifies that its privacy policy as described above is accurate, comprehensive, and completely implemented. It can be accessed at any time at: http://www.metrus.com/privacy-policy.html.

Any concerns about Metrus Group’s adherence to the practices described in its privacy policy statement or non-compliance with the Safe Harbor Principles should first be addressed to:

Christine Hutchinson Metrus Group, Inc.
953 Route 202 North Somerville, NJ 08876 USA chutchinson@metrus.com 908-231-1900 x108