GEP is fully committed to maintaining the privacy and personal information collected through GEP’s public Website, non-public web sites and any GEP software platforms including web application(s) and mobile application (s) (“GEP’s Application(s) and Services”). All Privacy Information is protected by GEP in accordance with the terms set forth in this Privacy Statement. This Privacy Statement explains what Personal Information we collect from You, how GEP uses it and to whom it is passed or provided. [In the event of any conflict or substantive translation changes in a non-English language of this Privacy Statement, the English version of this Privacy Statement shall govern.]
This Privacy Statement applies to all information, inclusive of business information and Personal Information that registered users of the Application (“Users”) and Website visitor users provide to GEP when using GEP’s Application(s) and Services (including email notifications sent to and from the specific Application(s) and services) and/or information provided via GEP’s Website, and information that GEP’s clients provide to GEP personnel for importation into GEP’s Application(s) and Services.
GEP's collects information, inclusive of any Personal Information, to provide You with industry information regarding procurement and sourcing and to provide GEP clients and their suppliers with a secure, efficient and customized venue for electronic sourcing of products and services. The Application may also enable GEP clients to create custom fields or documents for the collection of business and Personal Information.
Personal Information, such as individual names and email addresses, is collected to provide You with information such as white papers and industry specific data where You have provided consent to receive such information.
Personal Information provided by You may also be used by other GEP clients, and suppliers of GEP clients, for some features within GEP’s Application(s) and Services and to provide procurement and sourcing services. GEP clients may submit Personal Information to create registered Users of the solutions, to store transaction documents, and to store contact information associated with other entities.
In addition, GEP may use your business information and Personal Information for its internal business operations, such as securing and updating the Application(s). If you are in the EU, GEP processes such Personal Information where it is in GEP’s or a third party’s legitimate interests to do so.
We may collect, use and disclose qualitative and quantitative data derived from Your use of the Application for analysis including but not limited to industry analysis, analytics, and other business purposes. We will use such qualitative and quantitative data and Information only as part of an aggregated and anonymized transaction information GEP publishes at its sole discretion on the website(s) or in any other medium. All data collected, used and disclosed will be in aggregated form and will not identify You as an individual User. We may aggregate and publish User business information relating to activity within GEP’s non-public websites and software platforms including mobile application(s), but such aggregated User business information shall not include any User business information that could be used to personally identify You. GEP does this to provide you with a subscription, research and analysis to optimize the Website and GEP’s Application(s) and Services inclusive of software platforms including GEP SMARTTM (aka “SMART by GEP®”) and GEP NEXXETM provided thereby, and better serve GEP clients and Users.
Access Provided by Your Organization-Notice to End Users
For Users, the Personal Information is generally related to Your role at Your respective organization and is not related to You as a private person or as an individual client or supplier.
For GEP client Users
When You access or use an Application(s) and Service, GEP’s processing of Your Personal Information in connection with that Application(s) and Service is governed by a contract between GEP and Your company. If you are in the EU or UK, Your company is the ‘controller’ and GEP is a ‘processor’ acting on behalf of Your company, each as defined in the EU General Data Protection Regulation or the UK Data Protection Act 2018. GEP processes Your Personal Information to provide the Application(s) and services (including improving, securing, and updating the service) to Your organization and You for GEP’s business operations related to providing the Application(s) and services. If You have questions about GEP’s processing of Your Personal Information in connection with providing services to Your company, please contact Your company.
For registered supplier Users
When You use an Application(s) and service on behalf of Your organization as a supplier User, GEP’s processing of Your Personal Information in connection with the specific Application(s) is governed by this Privacy Statement. GEP processes Your Personal Information to provide the Application(s) and Services (including improving, securing, and updating the service) to Your company and You, and for GEP’s legitimate business operations related to providing the Application(s) and Services. Certain features of Application(s) and Services may enable GEP’s clients to use or create custom fields or documents to gather various types of information about a supplier. If you object to the types of additional business or Personal Information being requested from a GEP client, please contact the GEP client directly.
Because GEP understands the importance of protecting the privacy of visitors to its Website, GEP clients and the suppliers to GEP clients, and maintaining the security of the business information and Personal Information, GEP pledges that no Personal Information will be disclosed, distributed, published, disseminated, sold, traded, or shared with any third party, including advertisers, business or governmental organizations, or other clients or members.
Provided, however, that GEP shall be entitled to disclose business information and/or Personal Information to third parties in the following situations:
Tracking and other similar technologies
GEP complies with the privacy requirements as set forth by data protection legislation in the United Kingdom and the European Union regarding the collection, use, and retention of Personal Information transferred from the United Kingdom, European Economic Area and/or Switzerland to a third country or an international organization outside the European Union. GEP adheres to the privacy principles relating to the processing of Personal Information:
Please note the following rights which apply to an individual under the General Data Protection Regulation where GEP is acting in its capacity as a controller. In most circumstances, GEP is not considered a controller and is operating as a processor.
GEP’s internal security policy governs the processing of data collected through the Application and Services and the Website. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, GEP has implemented appropriate technical and organizational measures to provide a level of security appropriate to the risk.
GEP regularly reviews our compliance with GEP’s Privacy Statement. GEP also adheres to regulatory frameworks, including the EU-US and Swiss-US Privacy Shield Frameworks. GEP is subject to the investigatory and enforcement powers of the Federal Trade Commission (“FTC”). When GEP receives formal written complaints, GEP will contact the person who made the complaint to follow up. GEP will work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of Personal Information that GEP cannot resolve with our users directly.
100 Walnut Ave
Clark, NJ 07066
Office (732) 382-6565
To raise a request or complaint about how GEP has handled your Personal Information, please mail or email the above contact. Please be aware that if you complain to GEP directly and it is the processor of your Personal Information, it will promptly refer your enquiry to the controller.
Please allow at least 10 business days for GEP to respond to Your request or complaint.
In compliance with the Privacy Shield Principles at https://www.privacyshield.gov/welcome, GEP commits to resolve complaints about GEP’s collection or use of Your Personal Information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact GEP at: Privacy@gep.com.
GEP has further committed to refer unresolved Privacy Shield complaints to ICDR-AAA, an alternative dispute resolution provider located in the United States. Subject to certain conditions, You may be able to invoke binding arbitration. If You do not receive timely acknowledgment of Your complaint from GEP, or if GEP has not addressed Your complaint to Your satisfaction, please visit ICDR-AAA site at https://go.adr.org/privacyshield.html for more information or to file a complaint. The services of ICDR-AAA are provided at no cost to You.