Reina® Privacy Policy & GDPR Standards

Effective Date: September 3, 2019

General

This Privacy Policy applies to Reina, Your Trust Building® Consultants (“Reina”) in how Reina manages personal information gathered through its Assessment Platform: https://assessments.reinatrustbuilding.com and website: https://reinatrustbuilding.com. This privacy policy is designed to inform you how your data and personal information gathered through these sites will be collected, used and stored. Reina strives to ensure your privacy and personal information are protected and only collects personal information that is essential to providing the service for which you are engaging with us. Should you wish to access, edit or remove any personal information provided to Reina, your options for doing so are outlined below.

Owner and Data Controller

Michelle and Dennis Reina

Reina, Your Trust Building Consultants

560 Black Bear Run

Stowe, VT 05672

Owner contact email: reina@reinatrustbuilding.com

External Web pages and links

We refer to external websites in various places, which can usually be recognized as links. We assume no responsibility for the contents of the linked websites. Likewise, we can provide no information regarding data protection and data security of the links and external websites.

Types of Data collected

Among the types of Personal Data that this website collects, by itself or through third parties, there are: Cookies and Usage Data.

Complete details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy or by specific explanation texts displayed prior to the Data collection. Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using this website. Unless specified otherwise, all Data requested by this website is mandatory and failure to provide this Data may make it impossible for this website to provide its services. In cases where this website specifically states that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or the functioning of the Service. Users who are uncertain about which Personal Data is mandatory are welcome to contact the Owner. Any use of Cookies – or of other tracking tools – by this website or by the owners of third-party services used by this website serves the purpose of providing the Service required by the User, in addition to any other purposes described in the present document and in the Cookie Policy, if available.

Users are responsible for any third-party Personal Data obtained, published or shared through this website and confirm that they have the third party’s consent to provide the Data to the Owner.

Details about collection and processing of personal data

The European Data Protection Ordinance and the Federal Data Protection Act attach great importance to privacy and the protection of personal data. We implement these regulations in our behavior, our processes and technical in line with the technology currently available. In the following paragraph you will receive detailed information about your rights as well as the collection, storage, processing and deletion of your data.

The legal basis for the collection and processing (article 6 EU GDPR lawfulness of processing) is as follows:

Consent (Art. 6 para. 1 lit. a), i.e. you have consented to the processing of your data by us (e.g. for receiving the newsletter)
Necessary to the performance of the contract (art. 6 para) 1 lit. b), i.e. we collect the data necessary to execute a contract or order (e.g. address and payment details)
For the fulfillment of a legal obligation required, which the officer is subject to, (art. 6 para) 1 lit. c), i.e. we are legally obliged to store the data (e.g. for tax authority controls)

In the following we describe the individual situations in which we process your personal data.

Access to general information on our website

You can normally access all our website pages without entering any personal data. For security reasons and for internal statistical purposes, we collect the following usage data (server log files) for each visit:

Your IP address
The amount of data transferred
Date and time of access
Which pages you have visited with us
The page from which you accessed our website
Browser type and browser version
Operating system used
Referrer URL
Host name of the accessing computer, time of the server request

The data is not personalized.

Concrete inquiries and orders

For specific inquiries or orders, we are legally obliged to collect a minimum amount of personal information in addition to the details mentioned under a). In these cases, we process the personal data provided by you exclusively for contract processing and processing your inquiries.

Personal data includes details such as name, address or email address. The prerequisite is that you provide us with this information voluntarily and explicitly. By doing so, you make it clear that you agree to its use and processing. In accordance with the European data protection regulation, we collect only the absolutely minimum amount of data that are necessary for the execution of the order or request.

Email contact

If you provide us your email address for general inquiries (either via the contact form or by email) we will gladly use it to communicate with you.

Please note that in most cases emails are transmitted unencrypted and therefore no confidentiality of the transmitted information is guaranteed. The content of emails can be viewed by third parties, an email message is similar to a postcard in terms of security. We therefore recommend that you send us confidential information exclusively as a letter by traditional mail.

You can revoke your consent to email communication with us at any time. In this case, please send us a short message to the respective postal or email address given.

Newsletter

If you would like to subscribe to our newsletter, we need your email address as well as your first and last name. The registration process is as follows: after registering for the newsletter, you will receive an automatically generated confirmation e-mail to subscribe to the newsletter. The confirmation link contained therein must be clicked on by you, by doing so you agree to receive the newsletter. Then you will receive regularly updated and interesting information from us. When you open the newsletter email, the following data will be sent to us:

Name/email address of the subscriber who has opened the newsletter
Clicked on links contained in the newsletter, incl. number of clicks
Time of registration to the newsletter
Time of un-subscription from the newsletter, if applicable
Responses or error messages (email account not accessible or full)
Geographical information

We evaluate this data statistically in order to be able to offer our customers and prospective customers an optimal service. By subscribing to the newsletter, you agree to the use of your data. We do not use your data for any other purpose and of course do not share it with third parties.

Reina collects, processes and stores your data in the United States of America. By subscribing to a Reina newsletter, you agree that your personal data is transferred to the USA.

You can at any time unsubscribe from the newsletter and revoke your consent. Please click on the corresponding link in the newsletter.

Payment Information

We may ask you for the following personal information for the purposes of processing payment for purchases made through Reina:

your name
your billing address
your email address
your phone number
your credit card information
your banking transfer/wire payment details
your contact preferences

We work with a service provider (PayPal, Square, or your bank) to process your payment details. We do not store your payment details locally, just the invoices and required details for the execution of your order.

Mode and place of processing the Data

Methods of processing

We take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data. The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Owner, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of this website (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Owner at any time.

Legal basis of processing

We may process Personal Data relating to Users if one of the following applies:

Users have given their consent for one or more specific purposes.
Provision of Data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof.
Processing is necessary for compliance with a legal obligation to which the Owner is subject.
Processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Owner.
Processing is necessary for the purposes of the legitimate interests pursued by the Owner or by a third party.
Processing of anonymized data sets for research purposes. We conduct regular research projects to ensure that our methodology reflects the latest developments and changes of demographics, trends of the next generation etc. In order to do so, we anonymize individual responses to the assessments in our results.
Under some legislations the Owner may be allowed to process Personal Data without having to rely on consent or any other of the following legal bases (legitimate interests)
In any case, the Owner will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

We may disclose personal information in certain circumstances such as:

In response to lawful requests by public authorities, national security or law enforcement requirements or to comply with a subpoena, or similar legal process
When it is believed in good faith that disclosure is necessary to protect our rights, protect others’ safety, investigate fraud, or respond to a government request
If Reina is involved in a merger, acquisition, or sale of all or a portion of its assets, users will be notified via email and/or a notice on our Web site. In this case, we will describe changes in ownership and use of personal information, as well as any impact on previously granted consent regarding processing of personal information
To any other third party for whom users or clients have given prior consent.

Location

Reina is based in the United States of America and maintains its storage locally. Users visiting from the regions outside the US are advised that by using our site and services, personal information will be transferred to the United States for processing and storing. To find out more about the place of processing of such transferred Data, Users can check the section containing details about the processing of Personal Data.

Users are also entitled to learn about the legal basis of data transfers to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by the Owner to safeguard their Data. If any such transfer takes place, Users can find out more by checking the relevant sections of this document or contact us for more details.

What type of personal data does Reina collect?

Reina collects personal data in two different scenarios:

Data Collected through Reina’s Assessment Platform

Reina strives to support leaders, teams and organizations in leveraging trust to transform workplace cultures. To support this mission, Reina gathers data on organizations, teams and people through our suite of Reina Trust Scale Assessments. The results generated through this data are provided in the form of Feedback Reports and are used by Reina, Reina Certified Trust Practitioners, and Clients of Reina. The personal data we collect as part of the assessment process are required to fulfill the contract that clients have signed with us.

Information collected from assessment participants is stored in our Reina database and may be used for research purposes, such as establishing normative data benchmarks and creating white papers.

We only collect personal data that you provide to us voluntarily and only collect the minimum information required to fulfill the engagement/request. For participation in our assessments, information collected through our assessment interface may include your name, email address, organization and/or team name, and item level assessment responses.

Reina will share personal information only with third parties who work in partnership with us (e.g. Reina Certified Trust Practitioners) and are authorized to use your personal information to deliver contracted services and research with Reina clients.

We are committed to protecting the rights and privacy of all individuals who participate in a Reina assessment and as such, adhere to the following protocols:

Information collected from an individual in all Reina assessments is considered confidential. Individuals receive feedback on assessments only from Reina Certified Trust Practitioners.
Assessment data collected about an individual as part of a Reina Leadership Trust Scale® Assessment are shared with and explained to that person.
For raters who participate in a Reina Leadership Trust Scale® Assessment, responses in each rater category are aggregated with all other responses in that rater category. For individuals who participate as Direct Report or Peer raters, there are minimum rater participation requirements in place to ensure anonymity.
For individuals who participate in a Reina Team Trust Scale® Assessment or Reina Organizational Trust Scale® Assessment, individual responses are anonymous and aggregated with all other participants.
For segmented data in a Reina Organizational Trust Scale® Assessment, data will not be segmented into categories of fewer than 10 people, unless otherwise agreed upon.
Although Reina has never been required to release information without an individual’s permission (or the permission of an authorized legal representative such as an executor, executrix, or the holder of a valid power of attorney), it is acknowledged that in the extremely rare case of a court order, Reina might be legally required to do so.
Data collected from assessments published by Reina are stored in its database. During the consolidation process, individual data sets become part of a normative data set, containing thousands of scores, to provide a benchmark against which individual, team, and organization scores are calibrated. Periodically, Reina publishes data based on this normative data set. Individuals are never identified in these reports. Specific organizations are identified only if prior written approval is received from the organization.
Reina may also provide aggregate reports on groups of individuals in that organization if the number of individuals is large enough to be potentially meaningful and ensures anonymity.
Individuals have the right to be removed from our database. If we receive such a request, we will delete all personal identifiable information and anonymize their assessment results. Due to the anonymization of collected data we are not able to delete individual responses – simply because they cannot be reconnected or linked to the individual afterwards.
In order to ensure that all assessment materials for individuals are received and scored, data are typically not deleted until 60-90 days after receipt of the individual’s request for deletion. Please note that once your personal data is removed from the database, Reina will not be able to provide a duplicate feedback report at a later date.

Reina collects, processes and stores your data in the United States of America. By completing a Reina assessment, you agree that your personal data is transferred to the USA.

Data Collected on Behalf of our Clients

It is common for Reina to collect information on behalf of Clients and/or Certified Trust Practitioners. In these instances, Reina has no direct relationship with the individuals whose personal data it processes. If you are a customer of one of our Clients and/or Certified Trust Practitioners and would like to access, edit or remove any personal information we have about you, please contact us in writing. Reina acknowledges that you have the right to access your personal information. If you request us to remove your personal data, a response will be provided within 30 business days of your request.

Information Collected through Reina’s website

Information Request Forms

Users who wish to receive more information about Reina are required to provide limited personal information (i.e. name, email address, and/or phone number, and/or organization) when completing Reina’s online Information Request forms. Only if users agree (i.e. consent) that we may use their personal data to deliver the requested service and communicate information regarding Reina programs, products and services in which they may be interested.

Registration Request Form

Participants of Reina’s Certification Programs are asked to complete an online Registration form through Reina’s website. Reina collects only the information necessary for registration in a Certification Program, such as contact information. Payment is collected through a third party of PayPal or via invoicing.

Testimonials

Reina will not publish client testimonials on their website without author consent. Any individual wishing to update or delete a testimonial should contact Reina at reina@reinatrustbuilding.com.

Reina does not rent or sell information to any outside organizations.

How to Unsubscribe or Opt Out

Unsubscribe from Reina’s Newsletters and other Communications

To unsubscribe from Reina’s Newsletter and other email communication, you can select the “Update your Preferences” option in your email communication to unsubscribe and remove your email address from our subscription list. You can also contact us directly as stated in the contact details.

Opt In/Out of Reina Research

By completing an assessment, users agree that the collected personal information are required to process the contract. Clients or users who wish to have their personal information and assessment results removed from Reina’s database must submit their request in writing, please refer to the contact details.

By removing data from Reina’s database, individuals will no longer be able to receive their data in any form, either as part of their own Feedback Report or as part of aggregate data.

Additional information on the processing of Personal Data

Personal Data is collected for the following purposes and using the following services:

Analytics

The services contained in this section enable the Owner to monitor and analyze web traffic and can be used to keep track of User behavior.

Google Analytics (Google Inc.) Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the Data collected to track and examine the use of this website, to prepare reports on its activities and share them with other Google services. Google may use the Data collected to contextualize and personalize the ads of its own advertising network.  Personal Data collected: Cookies and Usage Data. Place of processing: United States – Privacy Policy – Opt Out. Privacy Shield participant.

Display Advertising extension for Google Analytics (Google Inc.) Google Analytics on this website might use Google’s Interest-based advertising, 3rd-party audience data and information from the DoubleClick Cookie to extend analytics with demographics, interests and ads interaction data. Personal Data collected: Cookies and Usage Data. Place of processing: United States – Privacy Policy – Opt Out. Privacy Shield participant.

Interaction with external social networks and platforms 

This type of service allows interaction with social networks or other external platforms directly from the pages of this website. The interaction and information obtained through this website are always subject to the User’s privacy settings for each social network. This type of service might still collect traffic data for the pages where the service is installed, even when Users do not use it.

YouTube button and social widgets (Google Inc.) The YouTube button and social widgets are services allowing interaction with the YouTube social network provided by Google Inc. Personal Data collected: Usage Data. Place of processing: United States – Privacy Policy. Privacy Shield participant.

Platform services and hosting

Our web sites are hosted by a major cloud provider in the United States of America.

The rights of Users

Users may exercise certain rights regarding their Data processed by the Owner.

In particular, Users have the right to do the following:

Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
Access their Data. Users have the right to learn if Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
Restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Owner will not process their Data for any purpose other than storing it.
Have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their Data from the Owner.
Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used and machine-readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User’s consent, on a contract which the User is part of or on pre-contractual obligations thereof.
Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.

If you want to exercise your right in these cases, we support your request free of charge. In this case, please contact us in writing with proof of identity (e.g. identity card or passport). We will be happy to inform you whether and if so which personal data we store about you and correct any errors. You have the right to withdraw your consent to use of data partially or fully for the future. If you wish, we will delete or block your corresponding data.

According to art. 12 para. 3 of the EU GDPR we will immediately, but in any case, within one month of receipt, execute the application. Please keep in mind that it can take longer in complex cases. We will inform you if we are unable to complete your application within 4 weeks.

In the event that you instruct us to delete or not to use your personal data, as a consequence we will be unable to provide a personalized service, as this is based on customer data.

How to exercise these rights

Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by the Owner as early as possible and always within one month.

Cookie Policy

This website uses Cookies. To learn more and for a detailed cookie notice, the User may consult the Cookie Policy.

Additional information about Data collection and processing

Legal action

The User’s Personal Data may be used for legal purposes by the Owner in Court or in the stages leading to possible legal action arising from improper use of this website or the related Services. The User declares to be aware that the Owner may be required to reveal personal data upon request of public authorities.

Additional information about User’s Personal Data

In addition to the information contained in this privacy policy, this website may provide the User with additional and contextual information concerning particular Services or the collection and processing of Personal Data upon request.

Information not contained in this policy

More details concerning the collection or processing of Personal Data may be requested from the Owner at any time. Please see the contact information at the beginning of this document.

How “Do Not Track” requests are handled

This website does not support “Do Not Track” requests. To determine whether any of the third-party services it uses honor the “Do Not Track” requests, please read their privacy policies.

Changes to this privacy policy

We reserve the right to make changes to this privacy policy at any time by giving notice to its Users on this page and possibly within this website and/or – as far as technically and legally feasible – sending a notice to Users via any contact information available to the Owner. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom. Should the changes affect processing activities performed on the basis of the User’s consent, the Owner shall collect new consent from the User, where required.

SSL encryption

This website uses SSL encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon in your browser line is visible.

Security

We store your data in our own data center and with certified cloud providers in the United States of America. Access to information is protected and only possible to authorized employees. We regularly review our security standards and update them according to technical progress, to keep the risk of misuse of data as low as possible. At the same time, we must point out that there is not one hundred percent security.

Definitions and legal references

Personal Data (or Data)

Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.

Usage Data

Information collected automatically through this website (or third-party services employed in this website), which can include: the IP addresses or domain names of the computers utilized by the Users who use this website, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User’s IT environment.

User

The individual using this website who, unless otherwise specified, coincides with the Data Subject.

Data Subject

The natural person to whom the Personal Data refers.

Data Processor (or Data Supervisor)

The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller, as described in this privacy policy.

Data Controller (or Owner)

The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this website. The Data Controller, unless otherwise specified, is the Owner of this website.

This website (or this Application)

The means by which the Personal Data of the User is collected and processed.

Service

The service provided by this website as described in the relative terms (if available) and on this site/application.

European Union (or EU)

Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.

Cookies

Small sets of data stored in the User’s device.

Legal information

This privacy statement has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation).

Latest update: September 5, 2019