Best Places to Work Programs

Privacy and Security

Last updated September 13, 2019


Welcome to the Best Companies Group (“Best Companies Group”, “us”, “our”) family of websites (the “Sites”), which are operated by GateHouse Media Pennsylvania Holding, Inc. dba Best Companies Group. This privacy policy describes the privacy practices for the Sites and our related services described below (“Services”).

Best Companies Group helps to identify and recognize outstanding employers through the management of a multitude of programs such as Best Places to Work, Best Employer, and Best Companies to Work For (“Best Programs”). Through employer and employee surveys, Best Companies Group specializes in assessing the workplace to create lists for publication and recognition by our local and national program partners. Through its Best Employee Surveys (“BES”), Best Companies Group also works with employers to develop customized independent survey projects.

This Privacy Policy explains what Personal Data (defined below) we collect both on our behalf and on behalf of our employer customers when they use our Sites or Services, register for our Best Programs or take one of our surveys. It also describes why we collect Personal Data, how that data is used and shared, and your choices concerning our data practices. “Personal Data” is information that, alone or in combination with other information, could be used to identify an individual or track that individual’s behavior or location online or through mobile devices.

Please read this Privacy Policy before using our Sites or Services or providing us with your Personal Data, and contact us as provided in the Contact Us section below if you have any questions.

Where permitted by applicable law, by using the Site and/or the Services, and providing us with Personal Data you agree to the practices described in this Privacy Policy and the Cookie Policy referenced below and to the updates to these policies posted here from time to time.

If you are based in the European Economic Area (“EEA”), this Privacy Policy serves as notice of how we process your Personal Data for which we are a controller. If we require consent from individuals in the EEA in connection with the processing of their Personal Data, this will be sought in line with applicable data protection laws.

To make sure you stay informed of all changes, you should check these policies periodically. Updates will be referenced by the “Last Updated” date shown above.

Table of Contents
1. Scope – Site Visitors and Employer Organization Users
2. Information We Collect
3. How Do We Use Personal Data?
4. Disclosure of Personal Data
5. Security
6. Do We Use “Cookies”?
7. Third Party Links
8. California Do Not Track Disclosure
9. Children
10. Individuals in the European Economic Area (EEA)
11. Changes to this Policy
12. Contact Us

1. Scope – Site Visitors and Employer Organizations

1.1 Site Visitors.

We collect and process Personal Data about direct visitors to our Sites (each a “Site Visitor”), some of whom may also be employer organizations who sign up for our Services (“Employer Organizations”). We may refer to Site Visitors as “you” or “your.”

1.2 Employer Organizations.

We also process Personal Data of Employer Organizations’ employees and business contacts as provided to us by those Employer Organizations for processing in connection with our Services.

2. Information We Collect

When an individual interacts with the Sites, registers for any of our Best Programs or takes one of our surveys, we may collect Personal Data, as follows:

2.1 Personal Data Provided Through the Sites

We collect Personal Data that is voluntarily provided by you when you visit our Sites, for example, when you request information about our programs (such as through the “Contact Us” page or other forms on the Sites) or contact our sales or customer support team. The Personal Data we collect includes your first and last name, employer, address, email address, phone number and any other information you choose to include in the body of your email or message. We also collect your email address and may send you information about our company when you register for a Best Program, subscribe to a Best Companies Group newsletter, or when requesting more information about a customized BES.

2.2 Personal Data Provided Through a Registration Form and Our Employer Benefits and Policies Questionnaire

Each Employer Organization electing to participate in a Best Program is required to complete a registration form and an employer questionnaire. As a part of this process, we collect employer business contact information such as: employer contact names, titles, business email addresses, business phone numbers, and postal mailing addresses. Follow-up requests for clarification or more information may also be a part of this process.

As part of the employer questionnaire, we also collect organizational information about the Employer Organization such as benefits, policies, practices, and workplace demographics (“Employer Data”). All information collected through the employer questionnaire may be used, all or in part, by Best Companies Group and the authorized program partners at a public recognition event. This information may also be used, all or in part, to create and distribute a Best Program online or print recognition publication. We will provide the authorized Best Program partners with the Employer Data only for purposes of list-making and identifying winning employers and only to assist the Best Program partners in the development of the results publication or recognition event.

If an Employer Organization does not make the list, that organization’s Employer Data will not be shared with the authorized Best Program partners or be made public. Information regarding an Employer Organization’s participation in Best Companies Group’s Best Programs, in current or prior years, will not be released unless the Employer Organization has made one or more of the published lists.

2.3 Payment Information

When an Employer Organization makes a purchase from any of the Sites including through our Best Program Sites (such as for registration, reports fees, or additional services), through the reporting Site (“Reports”), or through BES, we collect certain payment and billing information, such as billing address, payment card details (if applicable) and bank account information (if applicable).

2.4 Personal Data Provided Through the Employee Engagement and Satisfaction Survey (EESS)

When an Employer Organization registers to participate in a Best Program, we will receive employee business email addresses from the registered organization, unless the organization chooses to use paper surveys. The employees’ business email addresses are only used to send invitations to complete the EESS and for no other purpose. A unique link to the online EESS is included in the body of each email invitation. This link expires once the EESS is completed. Additional language describing security and anonymity principles are included in each email invitation and in the online survey, and the email includes a link for the employee to unsubscribe if desired. In addition, an employee should consult its employer’s business email privacy and use policies for further information about the employer’s handling of business emails.

Best Companies Group may store and share anonymized and aggregated results from those who have participated and submitted answers to the EESS through our Best Programs or any other independent survey project conducted through BES.

We retain business email address lists provided by Employer Organizations for up to two years and they may only be used to conduct the optional follow-up employee surveys. To have your business email address removed from further use, click on the unsubscribe link in the email, or contact us as provided in the Contact Us section below.

Best Companies Group has two methods of conducting the EESS: either through an online survey web portal or via hard copy paper surveys. The Employer Organization chooses the method of conducting the survey. Regardless of the survey method, Best Companies Group will never share individual survey completion status or individual EESS responses with any Employer Organization or any third party, unless compelled by legal requirements. The EESS does ask for demographic information (e.g., birth year, gender, ethnicity, job role, etc.); however, this information is not combined with any employee Personal Data that employees provide to us and is used only in anonymized and aggregated form as described below.

Employees’ EESS responses will be aggregated and anonymized, and used in our Best Programs, employee feedback reports or by the authorized Best Program partners for identification of winning employers. To further protect anonymity, Best Companies Group will not include information falling in any demographic category (or combination of demographics) unless there are at least five responses containing the same demographic information.

2.5 Automatically Collected Data

When you visit the Sites, we may automatically collect information about your use of our Sites, including by using cookies. This information may include the browser or operating system that you use to access the Internet, your IP address, your location, the date and time you may have viewed certain pages on the Sites and which pages were visited. Please see our Cookie Policy to find out more about how we use cookies.

3. How Do We Use Personal Data?

We use Personal Data in the following ways:

3.1 To Deliver Our Programs.

We use Personal Data provided by Employer Organizations through an employer benefits and policies questionnaire to administer and deliver the Best Program, including receiving payments and communicating with each participating Employer Organization (or representative thereof).

Business email addresses of employees that are received from the authorized contact of each Employer Organization are used solely to distribute the employee survey invitation. Each email invitation includes a unique link to the EESS. Unless an employee opts out at the time of submitting a survey, we will retain that employee’s business email address for up to two years for subsequent use in the event the employer elects to have Best Companies Group send a follow-up employee survey, as described under the Personal Data Provided Through the Employee Engagement and Satisfaction Survey (EESS) section above.

3.2 To Respond to Requests.

We use the Personal Data that you provide through the Sites to respond to requests. For example, when asked for information about our programs (e.g., frequently asked questions, report options, registration questions, pricing or BES) we will use your contact information to send you the information you requested. For individuals based in the EEA, such use is necessary to respond to or implement your request before entering into a contract with us.

3.3 For Marketing Purposes.

Best Companies Group may use the business contact details provided by the Employer Organization participating in one of our Best Programs to send information about other or future programs we believe may be of interest to the Employer Organization such as upcoming events or similar promotions. If we do so, each marketing communication we send, will contain instructions permitting an “opt out” of receiving future marketing communications. Note however, that you cannot opt-out of some administrative communications that are reasonably necessary in connection with your participation in our Best Programs, such as billing or service notifications. In addition, if at any time you do not wish to receive any future marketing communications or you want to have your name deleted from our mailing lists, please contact us as provided in the Contact Us section below. The list of employee business email addresses provided by an Employer Organization for survey purposes will not be used for marketing, and are only used to send the invitation to the survey.

Where required by applicable law (such as if you are an individual based in the EEA), we will send you marketing information by email only if you had provided your consent to our doing so at the time you provided us with your Personal Data (for example, when you completed a participation registration form). In such instance, when you provide us with your consent to be contacted for marketing purposes, you have the right to withdraw such consent at any time by following the instructions to “opt-out” of receiving marketing communications in each marketing email we send you, or by contacting us as provided in the Contact Us section below.

3.4 For Research and Benchmarking Purposes.

We will anonymize and aggregate the EESS responses for the purposes of our Best Programs, and for research, benchmarking, and trending purposes. In addition, anonymized and aggregated employee EESS responses may be included in a Best Companies Group Insights Report package purchased by that employee’s Employer Organization. Employees will not be individually identifiable from any EESS responses. For individuals based in the EEA, this use of your Personal Data is necessary for our legitimate interests in conducting research activities and improving our products and services.

3.5 For other legitimate business purposes.

We may also use Personal Data for other legitimate purposes, which include the following:

  • To respond to your inquiries, comments, feedback or questions
  • To analyze how users of our Sites interact with the Sites and provide, maintain and improve the content and functionality of the Sites and our customer relationships and experiences, develop our business, and inform our marketing strategy. For example, we use data about how and when you visit different parts of our Sites in order to improve the structure of the Sites. (see our Cookie Policy)
  • To administer and protect our business and the Sites, prevent fraud, criminal activity, or misuse of our Sites, and to ensure the security of our IT systems, architecture and networks (including troubleshooting, testing, system maintenance, support and hosting of data)
  • To comply with legal obligations and legal process and to protect our rights, privacy, safety or property, and/or that of our affiliates, you or other third parties, and recover debts due to us.

For information about what we mean by legitimate interests and the rights of individuals in the European Economic Area, please see the Individuals in the European Economic Area section below.

4. Disclosure of Personal Data

Best Companies Group will never share an employee’s individual survey completion status or specific survey responses with the Employer Organization or any third party, unless compelled by legal requirements.

We may share Personal Data with certain affiliates and other third parties, as follows:

4.1 Affiliates.

We share Personal Data of Employer Organization business contacts with our affiliates in order to inform about services we believe may be of interest to the Employer Organization that are provided by those affiliates. If we send such marketing communications, each one will contain instructions permitting you to “opt out” of receiving future marketing communications. Where required by applicable law (for example, if you are an individual in the EEA), we will only send marketing information from our affiliates by email if you have consented to us doing so at the time you provide us with your Personal Data.

4.2 Third Party Service Providers.

We share Personal Data with our third party service providers as needed to assist us in operating our Sites, conducting our business, and providing Services to our Employer Organization customers. These service providers include website hosting partners, data centers, sign-on authentication software providers, website analytics companies, advertising technology companies, providers of CRM, marketing and sales software solutions, call tracking and online chat providers, customer support providers, and providers of billing, order management and payment processing functions. Where these parties have access to and process Personal Data on our behalf in the course of performing their duties to us, they are required to keep the Personal Data confidential and secure.

4.3 Business Partners and Advertisers.

If an Employer Organization is participating in a Best Program, Best Companies Group may share the employer business contact information with the relevant Best Program partners. Best Program partners may contact Employer Organization participants to inquire about information related to the Best Companies recognition event and/or the online or printed recognition publication.

In addition, we may provide advertising on our Sites and if you click on a third party advertisement on a Site, it will take you to the advertiser’s website.
We may also share Personal Data of Employer Organization business contacts with our business partners in order to inform about services we believe may be of interest to the Employer Organization that are provided by those business partners. If we send you marketing communications, each one will contain instructions permitting you to “opt out” of receiving future marketing communications. Where required by applicable law (for example, if you are an individual in the EEA), we will only send you marketing information from our business partners and advertisers by email if you have consented to us doing so at the time you provide us with your Personal Data.

4.4 Business Transfers.

If we are involved in a merger, acquisition, financing, due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, Personal Data and other information provided to us may be transferred to a successor or affiliate as part of that transaction along with other assets.

4.5 Legal Requirements.

If required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation or lawful request by public authorities, (ii) protect and defend the rights or property of Best Companies Group, (iii) act in urgent circumstances to protect the personal safety of users of the Sites or the public, or (iv) protect against legal liability.

5. Security

We take reasonable and appropriate steps to protect the Personal Data provided via the Sites from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet, email or other electronic transmission is ever fully secure or error free, so you should take special care in deciding what information you send to us via the Internet.

Our Sites are scanned on a regular basis for security holes and known vulnerabilities. We use malware scanning on a regular basis. Personal Data is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential.

6. Do We Use “Cookies”?

Yes. Cookies and similar technologies are small files that a website or its service provider transfers to a computer’s hard drive through a Web browser (if the user allows) that enables the website’s or service provider’s systems to recognize the user’s browser and capture and remember certain information.

In general, Best Companies and its affiliates, and our third party providers and partners, use cookies and other technologies to optimize the functionality of the Sites, to help us understand how the Sites are used and to provide Site Visitors with interest-based content or advertising based upon their browsing activities and interests.

For more information about the cookies and other technologies used on our Sites, please read our Cookie Policy.

7. Third Party Links

A Site may contain links to other websites not operated or controlled by us (“Third Party Sites“). The privacy practices described in this Privacy Policy do not apply to Third Party Sites. By providing these links we are not endorsing and have not reviewed these sites. Please refer to those sites directly for information on their privacy practices and policies.

8. California Do Not Track Disclosures

Best Companies Group does not currently respond to “Do Not Track” signals sent by your browser or mobile application. It operates, instead, as described in this Privacy Policy whether or not a “Do Not Track” signal is received. If we change our practices in the future and begin to respond to “Do Not Track” signals, we will update this Privacy Policy accordingly.

9. Children

Best Companies Group does not knowingly collect Personal Data from children under the age of (or 16 where required by applicable law) without parental consent. If you have reason to believe that a child under the age of 13 (or 16 where applicable under law) has provided Personal Data to Best Companies Group through a Site please contact us as provided below in the Contact Us section with sufficient detail to enable us to delete that information from our databases.

10. Individuals in the European Economic Area (EEA)

This Section 10 applies only if we collect through any of the Sites any Personal Data of individuals based in the EEA or if we track individuals in the EEA who access our Sites, and it applies only to those individuals who are based in the EEA.

10.1 Controller.

Best Companies Group is the controller (as defined under the General Data Protection Regulation (GDPR)) for processing and using the Personal Data of EEA individuals that is collected through our Site. Please see the Contact Us section below to find out how to contact us.

10.2 Rights of Individuals Based in the EEA.

Subject to applicable law, you may be able to exercise any of the following rights in relation to your Personal Data:

  • Right to know what information we have about you: This is known as the “right of access” and gives you the right to find out what, if any, Personal Data we have about you, how we process it, and to request a copy of the Personal Data.
  • Right to correct your information: This is known as the “right of rectification” and gives you the right to ask that we correct or complete any Personal Data we have about you.
  • Right to delete your information: This is known as the “right to erasure” or “right to be forgotten” and gives you the right to ask us to delete your Personal Data.
  • Right to change how we use your information: This is known as the “right to restrict processing” and gives you the right to ask us to change how we use your Personal Data in certain circumstances, such as where you contest the accuracy of the data or object to us using it in a certain way.
  • Right to move your information: This is known as the “right to data portability” and gives you the right to ask to receive your Personal Data from us in a structured, commonly used and machine-readable format or to have it transmitted to another controller.
  • Right to stop us from using your information: This is known as the “right to object” and gives you the right to ask us at any time to stop using your Personal Data.
  • Rights relating to how we use your information to categorize you or make decisions about you: This is known as the “right in relation to automated decision-making and profiling.”: You have the right to be free from decisions we may make that are based solely on automated processing of your Personal Data, including profiling, if they produce a significant legal effect on you, unless such decision-making or profiling is necessary for entering into or performing a contract between you and us, or is made with your explicit consent.
  • Right to withdraw consent: If we rely on your consent to use your Personal Data, you have the right to withdraw that consent at any time. This will not affect our use of your data before we received notice that you wished to withdraw your consent.
  • Right to file a complaint with the supervisory authority: If you have a concern about our privacy practices, including the way we handled your Personal Data, you can report it to the supervisory authority that is authorized to hear those concerns in your jurisdiction.

You may exercise your rights by contacting us as indicated under the Contact Us section below. To change your consent settings for our use of cookies and other technologies, please see our Cookie Policy.

10.3 Legitimate Interest.

“Legitimate interests” means the interests of Best Companies Group in conducting and managing our organization. For example, we have a legitimate interest in processing your Personal Data to analyze how a Site and our products and services are being used by you, to prevent fraud or criminal activity, to prevent misuse of our products or services, to ensure the security of our IT systems, architecture and networks, to meet our corporate and social responsibility objectives, and otherwise as described in this Privacy Policy.

Use of Personal Data of an individual based in the EEA, as described above, is necessary for the legitimate interests of Best Companies Group to conduct an employee survey as part of a Best Program. It is also in the legitimate interest of the participating Employer Organization in measuring workforce engagement and satisfaction. When we process your Personal Data for our legitimate interests, we consider and balance any potential impact on you and your rights under data protection laws. Our legitimate interests do not automatically override your interests. We will not use your Personal Data for activities where our interests are overridden by the impact on you, unless we have your consent or those activities are otherwise required or permitted by law. You have the right to object to any processing that is based solely on our legitimate interests. For more information on your rights, please see the Rights of Individuals Based in the EEA section above.

10.4 Data Transfers.

Best Companies Group is based in the United States, and we use service providers (described above) based in the United States to operate our business and our relationship with you. When you use our Site or participate in our programs, you acknowledge that your Personal Data will be transmitted to our and our service providers’ servers in the United States as necessary to provide you with the services that you requested, administer our contract with you or to respond to your requests as described in this Privacy Policy. The United States may have data protection laws less stringent than or otherwise different from the laws in effect in the country in which you are located. Where we transfer your Personal Data out of the EEA, we will take steps to ensure that the Personal Data receives an adequate level of security where it is processed and your rights continue to be protected.

10.5 Data Retention.

We will keep your Personal Data only for as long as is reasonably necessary for the purposes outlined in this Privacy Policy based on the context in which you provided it, or for the duration required by law, whichever is longest.

If you are an employee of an Employer Organization participating in a Best Program, we may retain your business email address which was provided to us by your employer in connection with an EESS for up to two years after you completed an EESS to facilitate follow-up surveys (if applicable), unless you tell us that you do not want your email address to be stored for this purpose at the time you submit your survey responses. After that time, your business email address will be deleted. Your employer may provide your business email address to us again after deletion if it elects to participate later in another Best Program or follow-up survey.

If you elected to receive marketing communications from us, we retain information about your marketing preferences until you opt out of receiving such communications in accordance with our policies.

To determine the appropriate retention period for your Personal Data, we will consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we use your Personal Data and whether we can achieve those purposes through other means, and applicable legal requirements.

11. Changes to our Policy

The Sites and our business may change from time to time. As a result, at times it may be necessary for us to make changes to this Privacy Policy. We reserve the right to update or modify this Privacy Policy at any time and from time to time without prior notice unless otherwise required by applicable law. Please review this policy periodically, and especially before you provide any Personal Data. If permitted by applicable laws, your continued use of the Sites after any changes or revisions to this Privacy Policy shall indicate your agreement with the terms of such revised Privacy Policy, without prejudice to your rights under applicable laws.

12. Contact Us

If there are any questions regarding this Privacy Policy or our Cookie Policy, you may contact us using the information below.

General Data Protection Regulation (GDPR) – European Representative [Add EDPO logo]

Pursuant to Article 27 of the General Data Protection Regulation (GDPR), Best Companies Group has appointed a company called “European Data Protection Office” (EDPO) as its GDPR representative in the EEA. If you are an individual based in the EEA, in addition to or alternatively to contacting us, you can also contact EDPO regarding matters pertaining to the processing of your Personal Data under GDPR as follows: