Great Place To Work Privacy & Security Notice

Scope

This Privacy & Security Notice describes GPTW’s privacy practices in connection with:
  • Your use of the Site
  • The GPTW productsand services accessed by GPTW’s customers, partners or end users (hereafter, the “Product”)
This Privacy & Security Notice does not cover GPTW’s privacy practices for:
  • GPTW employees, contractors, or job applicants
  • Children and/or Minors. Our Site is neither designed nor intended for any visitors under 18 years of age. If you have any reason to believe that a visitor to our Site is under 18 years old, please contact us, atprivacy@greatplacetowork.com and we will endeavor to delete the information from our databases.

What is Personal Information?

For purposes of this Privacy & Security Notice, personal information means information collected by GPTW relating to an identified or identifiable natural person and includes similar terms as defined by various jurisdictions.

Links to Third-party Websites

For your convenience, the Site may contain links to third-party websites and/or information. When you access those links, you leave GPTW’s Site and are redirected to a third-party website. GPTW does not control third-party websites, and the privacy practices of third parties might differ from GPTW’s privacy practices. We do not endorse or make any representations about third-party websites. When you share personal information with third-party websites, the third-party processing is not covered by this Privacy & Security Notice. We encourage you to review the privacy policy of any website or company before sharing personal information.

GPTW’s Privacy Practices Affecting Users of Our Site

Sources of Personal Information We Collect From Site Visitors:

GPTW collects personal information from individuals who access our Site, including:
  • Directly from a website visitor
  • From service providers or other third parties; and
  • Automatically from a web visitor’s visit or activity on our site

Information Collected Directly From Website Visitors Including Job Applicants

GPTW collects personal information when you visit our Site and when you choose to provide personal information. For example, we collect information when you contact us via our Site, provide your email, phone number or other similar contact information, such as the information that you provide when you sign up for a webinar.

What We Collect

The personal information collected from a visitor to our Site may include:
  • Name
  • Company
  • Job Title
  • Address
  • Phone Number
  • Email Address
The personal information collected from an applicant or employee of GPTW includes, but is not limited to:
  • Personal Identifiers (Name, Address, Age, Date of Birth, Social Security Number);
  • Professional or Employment-related Information (Employment Record, Salary);
  • Education Information; and
  • Personal/Professional Contact Information
If you register to attend a GPTW sponsored Event, we may require certain data in some instances, including:
  • Emergency contact
  • Dietary preferences
  • Health and safety information
  • Billing information (such as billing name, billing address, and credit card number)

Information Provided by Third Parties or Publicly Available Sources

We may receive information about you from other sources and combine that information with the information we collect directly. Examples of information we may receive from other sources include: purchased business contact information and from publicly accessible websites, such as your company’s website, professional network services, or press releases.

Business contact information may include:
  • First name
  • Last name
  • Business email
  • Telephone number
  • Company name
  • Job level
  • Functional role
  • Business street address
  • Online identifier
  • Employment history

We use this data for our internal customer analytics, to identify prospective customer marketing opportunities, and to improve the relevance of our Site content and our advertising.

Information Collected by Cookies

Like many websites, GPTW uses cookies and similar tracking technologies (including for analytics, functionality, advertising, and other purposes).

You can set your Internet browser or operating system settings to stop accepting new cookies, to receive notice when you receive a new cookie, to disable existing cookies, to omit images (which will disable pixel tags) or adjust your tracking preferences. Note that the opt-out will apply only to the browser that you are using when you elect to opt out of advertising cookies. Without cookies or pixel tags though, you may not be able to take full advantage of our sites’ features.

Information Collected for Analytics

Our Site may record information concerning how often you use the application, the events that occur within the application, aggregated usage, performance data, your IP address. We do not link the information we store within the analytics software to any personal information you submit within the Site.

If you use certain systems provided by GPTW, we will collect data from you to enable multifactor authentication, such as mobile number, email address, or unique verification identifier.

Information Collected Directly From Social Media Features

Our website may host various blogs, forums, wikis, and other social media applications or services that allow you to share content with other users (collectively “Social Media Applications”). Any personal information or other information that you contribute to any Social Media Application can be read, collected, and used by other users of that Social Media Application over whom we have little or no control. Therefore, we are not responsible for any other user’s use, misuse, or misappropriation of any personal information or other information that you contribute to any Social Media Application.

Other Information

If GPTW collects any other personal information from you, we will explain which personal information is collected and the purpose for its collection.

Why We Use Your Personal Information

Our purposes of processing personal information include:

  • To fulfill the purpose(s) for which the information was collected or provided, including to communicate with you and respond to your inquiries and requests;
  • To improve our site, products and services, through testing, research, analysis and product development;
  • To market, advertise, and promote our products and services, such as to make suggestions and recommendations to you about products or services that may be of interest to you;
  • To provide training related to the products and services, such as making available training materials or events (whether in-person or online) for which we may use your personal information to provide notices and information regarding such training and events;
  • For security, audit, internal investigation, and fraud prevention purposes, such as to prevent unauthorized access or disclosure, to maintain data accuracy, to protect the confidentiality, integrity, and availability of your personal information; to allow only the appropriate use of your personal information; to identify any fraudulent, harmful, unauthorized, unethical or illegal activity;
  • To manage litigation, such as in connection with establishing, exercising, or defending our legal rights where it is necessary for our legitimate interests or the legitimate interests of others;
  • To improve the content and format of our Site by using cookies and other similar technologies, such as to measure the preferences of our Site visitors, analyze trends, administer the Site, analyze use of the Site, and to gather demographic information about visitors to the Site;
  • For other purposes for you have provided consent;
  • To aggregate or deidentify your personal information so that the information can no longer be linked to you or your device and use and share such data for any business purpose in accordance with applicable law; and
  • To comply with all applicable legal obligations, such as to comply with subpoenas and other court orders to process data where we have determined there is a legal requirement to do so.

Disclosure of Your Personal Information

Please note, GPTW does not sell or share personal information to third parties. The term “sell” as defined by applicable laws, means disclosure of personal information to third parties for monetary or other valuable consideration. 

Please review each of the sections below to learn more about how we may disclose your personal information. 

  • Affiliates, Licensees, and Subsidiaries: We might disclose your personal information with our affiliates, licensees, and subsidiaries in order to deliver a product or service or to complete a task requested by you.
  • Third-Party Suppliers or Service Providers:We might engage with third parties (suppliers and/or service providers) in order to deliver a product or service, perform certain functions such as enhancing or delivering the Product, or complete a task requested by you.

    We have contracts with our Third-Party Suppliers or Service Providers to perform certain functions on our behalf, and only at our direction. Our third parties are bound by confidentiality agreements and other data protection terms designed to ensure the Third-Party Suppliers or Service Providers only use your personal information to the extent necessary to provide these contracted services in accordance with our instructions (and for the purposes we disclose).

In addition, GPTW might disclose personal information if we in good faith believe that it is necessary:
  • To protect or defend our rights and property;
  • To protect against misuse or unauthorized use of our website;
  • To protect the personal safety or property of our users or the public (among other things, this means that, if you provide false information or attempt to pose as someone else, information about you may be disclosed as part of any investigation into your actions); and
  • To comply with the law or with legal obligations, such as with law enforcement officials, government authorities or other third parties in response to a lawful request for information by a competent authority, if we believe disclosure is in accordance with, or is otherwise required by, any applicable law, regulation, or legal process, including to meet national security or law enforcement requirements.

Choosing Not to Share Your Personal Information

You may choose not to provide personal information. If you choose not to provide personal information (or ask us to delete it), we may not be able to provide you with our Site, the Site functionality may be limited, or we may not be able to otherwise fulfill requests you submit to us. We will tell you what information you must provide for us to fulfill your request by designating it as required at the time of collection or through other appropriate means.

Site Security

GPTW utilizes physical, technical, and administrative controls and procedures designed to safeguard the information we collect, prevent unauthorized access or disclosure, to maintain data accuracy of your personal information, and to restrict the processing of your personal information as set forth in this Privacy & Security Notice.

We utilize a variety of physical and logical access controls, firewalls, anti-virus, and backup systems. We use encrypted sessions when collecting or transferring sensitive data through our Site.

We limit access to your personal information and data to those persons who have a specific business purpose for maintaining and processing such information. Our employees who have been granted access to your personal information are made aware of their responsibilities to protect the confidentiality, integrity, and availability of that information and have been provided training and instruction on how to do so.

GPTW’s Privacy Practices Affecting Users of Our Product

We generally market and sell our Product to businesses, not consumers. Our commitments regarding the personal information we collect, use, and disclose about the end users of the Product are largely driven by our contracts with business customers. The information provided below is intended to help our business customers understand our privacy practices. If you are an end user of one of our products or services, you are encouraged to contact your employer with questions about how your personal information is being collected, used, and disclosed.

Information We Collect

In most instances, GPTW customers are the controllers of the personal information they collect, create, communicate, and store in our Product. The types of personal information that can be stored in our Product may include, but is not limited to:

  • End User Names
  • Company Names
  • Job Titles
  • Business Addresses
  • Email Addresses
  • Any personal information provided to us by Users of our Product, and which is required for us to execute our agreements with our Customers.

Use of Information We Collect

When we act as a processor, the personal information we collect is used to deliver our products and services to Customers.  Any personal information we use is done in accordance with our contracts with our Customers.

Because our business clients are data controllers, it is primarily them who must undertake efforts regarding how information is collected and processed in accordance with data-protection laws.  Therefore, if you have questions or concerns about the processing of your information as an end user, you should contact your employer directly or refer to its separate privacy policies. 

GPTW does not give anyone access to the personal information maintained in the Product unless:

  • It is permitted to do so in its contract with the Customer.
  • The Customer instructs GPTW to do so;
  • The Customer consents (e.g., subprocessors used by GPTW);
  • If GPTW is legally obligated to do so; or
  • If GPTW has a legitimate interest (as defined under GDPR and other applicable laws) to do so.

Data Retention

GPTW will only retain personal information for the length of time necessary to fulfill the purpose(s) for which the information was collected or as required or permitted by applicable laws, (including the resolution of disputes) and in accordance with our customer contracts.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of the personal information, the purposes for which we process your personal information, and whether we can achieve those purposes through other means, and the applicable legal requirements.

When we no longer require your personal information, we will either delete or deidentify it or, if this is not possible, we will securely store it in accordance with this policy and cease use of the personal information until deletion is possible. If we deidentify your personal information (so that it is no longer associated with you), we may retain this information for longer periods. To support our research and enable historical comparisons, we retain deidentified data indefinitely.

Disclosure of Personal Information

We do not sell your personal information to third parties.  We may, however, share your information with:

  • Affiliates, Licensees,and Subsidiaries:  We might share personal information with our affiliates, licensees, and subsidiaries in order to deliver a product or service or to complete a task requested by our customer.
  • Third Party Suppliers or Service Providers:We might engage with third parties (suppliers and/or service providers) in order to deliver a product or service, perform certain functions such as enhancing the Product, or complete a task requested by our customer.

    We have contracts with our Third-Party Suppliers or Service Providers to perform certain functions on our behalf, and only at our direction. Our third parties are bound by confidentiality agreements, only have access to personal information to the extent necessary to provide these contracted services, and are only permitted to process personal information in accordance with our instructions (and for the purposes we disclose). 

In addition, GPTW might disclose personal information if we in good faith believe that it is necessary:
  • To comply with the law or with a legal process
  • To protect or defend our rights and property
  • To protect against misuse or unauthorized use of our website
  • To protect the personal safety or property of our users or the public (among other things, this means that, if you provide false information or attempt to pose as someone else, information about you may be disclosed as part of any investigation into your actions).
  • In connection with, or during negotiations for, an acquisition, merger, asset sale, or other similar business transfer that involves all or substantially all of our assets or functions where personal information is transferred or shared as part of the business assets (provided that such party agrees to use or disclose of personal information consistent with our Privacy & Security Notice or gains your consent for other uses of disclosures).

We will not cross-reference your personal information with that of any other customer or entity. GPTW does not support “back door” access to any of its products, services, or operations (including our data stores) by any government or third party. GPTW does not share its encryption keys or provide the ability to break our encryption keys with any government or third party. 

Protecting Your Information

GPTW has many dedicated policies, practices, and protocols to protect our IT infrastructure, networks, devices, and data from unauthorized access, collection, retention, and use of sensitive, confidential, and/or proprietary customer or user data, including personal information. These policies, practices, and protocols include, but are not limited to:

Product Security

Engineering and development access to the components that comprise the Product is restricted using methods including, but not limited to, Single Sign-On, two factor authentication, network segmentation, and IP restriction. Access to servers and services inside the primary Product boundary is controlled using centralized accounts, two-factor authentication, and bastion hosts. We employ separation of duties between developers and operations staff to limit access to the Product environment to those with a legitimate business need. The Product is protected by a web application gateway and an outbound firewall with IdP. Data is encrypted in transit and at rest using encryption that meets the current NIST standard.

Access Provisioning and Review

We have a policy and process for creating new accounts, adding and removing permissions from existing accounts, and deprovisioning access upon separation. Required approvals are collected from supervisors and application / group owners to ensure that requests are reviewed for appropriateness by multiple leaders before permissions are granted. In addition, we conduct a quarterly two- phase access review that engages both supervisors and group owners. GPTW employee permissions related to the Product that grant access to customer data are included in this access provisioning and review process. The Product provides customers with real-time information about the user accounts they have created and gives them the ability to change or revoke access at any time.

Customers are responsible for managing access to the platform by creating and revoking user accounts.

Endpoint Security

Our employee endpoints (laptops and mobile devices) are connected to endpoint management software. In order to sign on to any GPTW SSO protected resource (including the Product), an employee must be using a device registered in our endpoint management software that meets our compliance policy. The compliance policy is designed to ensure that a device meets our standards for minimum operating system version, hard drive encryption, secure boot/anti- rooting, firewall enablement, anti-virus, etc. Users and administrators are notified when a device is out of compliance. Non-compliant devices are automatically blocked from accessing company resources once the compliance grace period expires.

Vulnerability Management

Our employee endpoints (laptops and mobile devices) as well as servers in the Product environment are connected to vulnerability management software. We actively scan for vulnerabilities and have a vulnerability management policy and procedure designed to limit the number of known vulnerabilities and number of exposed devices, according to the severity of the vulnerability. We have periodic vulnerability management meetings to review current remediation status, plan future remediations, manage exceptions and accepted risk, and review aged vulnerabilities as time passes and the technical landscape evolves. On laptops and mobile devices, we automatically update critical software (operating systems, browsers, productivity software). Inside the Product environment, we periodically update minor versions of operating systems, databases, and other critical software through our change management process following validation in pre-production environments.

Backup and Disaster Recovery

The Product environment is periodically backed up. All persistent data is backed up with at least a 24-hour recovery point objective. Data that changes frequently is backed up more frequently (up to and including continuous backup). Backups are persisted to geo-redundant online storage at least every 24 hours to protect against the catastrophic failure of a given data center. The majority of our infrastructure is implemented using infrastructure as code. We have documentation and code allowing us to build a new Product environment in the event of a major disaster. We test our disaster recovery procedure annually.

Data Classification, Handling, and Labeling

We have a data classification, handling, and labeling policy. Data is classified according to its risk. Employees receive training on the policy and its practical implementation. We have a detailed list of all data artifacts related to or produced by the Product that explains their classification in detail.

Global Laws and Regulations

We commit to comply with all applicable laws and regulations including, but not limited to, Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012 (DPA).

Data Processing

As part of providing the Product to you, we currently engage the following sub-processors:

Name

Website

Details

Microsoft Azure

https://azure.microsoft.com/

Provides the hosting environment and software development tools for the Product.

AWS

https://aws.amazon.com/

Provides the hosting environment for the public Great Place To Work website: https://greatplacetowork.com.ph/

HTEC Group

https://htecgroup.com/

Provides software engineering and operational support services for the Product.

Data Subject Rights

In accordance with applicable law and depending on your location, you may be entitled to exercise some or all the following rights regarding our collection, use, and sharing of your personal information:

  • Access the personal information we maintain about you;
  • Update or correct any inaccurate or incomplete personal information about you;
  • Request that we delete your personal information;
  • Object to or restrict the processing of your personal information;
  • Receive the personal information you have previously provided to GPTW, in a machine-readable format, allowing you to transfer that personal information to another company at your discretion;
  • Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you; and
  • File a complaint directly with your governmental representative (such as your Supervisory Authority) about how we process your personal information.
  • Dispute resolution

 

Exercising Your Rights

To protect your privacy and security, we take reasonable steps to verify your identity before granting access to your personal information. Please follow the instructions below based on your relationship with GPTW and provide the requested information to allow us to adequately address your request. We will respond to your request within a reasonable timeframe and as otherwise required by applicable law in your location.

If you are not a California resident and would like to request access to your personal information or request the erasure (right to be forgotten) of personal information previously provided, please contact privacy@greatplacetowork.com.

If you have a question or request concerning the personal information held by GPTW, including your personal information collected through the use of the Product please email privacy@greatplacetowork.com. To protect your privacy and security, we may take reasonable steps to verify your identity before responding to your request. We will respond to your request within a reasonable timeframe and as otherwise required by applicable law in your location.

Updates To Our Global Privacy & Security Notice

GPTW reserves the right to update or change portions of this statement at any time and without prior notice. If we change or update this statement in a material way, we will process new personal information received under this Global Privacy & Security Notice according to the terms of this Notice, unless you consent otherwise.

How To Contact GPTW

If you have any questions or comments about this Global Privacy & Security Notice, GPTW’s privacy practices or if you would like us to update information or preferences you provided to us, please e-mail us at: privacy@greatplacetowork.com

Written responses may also be submitted to:

General Counsel
Great Place To Work® Institute, Inc.
1999 Harrison Street, Suite 2070
Oakland, CA 94612

Last Updated: 2024-26-04

Great Place To Work identifies Best Workplaces™ in Asia by surveying over 1 million employees in Asia and the Middle East about the key factors that create great workplaces for all and analyzing company workplace programs impacting over 4.7 million employees in the region.

To be considered, companies must first be identified as outstanding in their local region by appearing on one or more of our Best Workplaces lists in Greater China (including China, Hong Kong and Taiwan), India, Indonesia, Japan, Kuwait, Philippines, Qatar, Saudi Arabia, Singapore, South Korea, Sri Lanka, UAE, Vietnam during 2021 or early 2022.

Companies rank in three size categories: Small and Medium (10-499 employees); Large (500+); and Multinational. Multinational organizations are also assessed on their efforts to create great workplaces across multiple countries in the region. They must appear on at least two national lists in Asia and the Middle East and have at least 1,000 employees worldwide with at least 40% (or 5,000) of those employees located outside the headquarters country.

Great Place To Work identifies Best Workplaces in Asia™ by surveying 2.1 million employees in Asia and the Middle East about the key factors that create great workplaces for all and analyzing company workplace programs impacting 5.9 million employees in the region.

To be considered, companies must first be identified as outstanding in their local region by appearing on one or more of our Best Workplaces lists in Bahrain, Greater China (including China, Hong Kong and Taiwan), India, Indonesia, Japan, Kuwait, Oman, Philippines, Qatar, Saudi Arabia, Singapore, South Korea, Sri Lanka, UAE, Vietnam during 2022 or early 2023.

Companies rank in three size categories: Small and Medium (10-499 employees); Large (500+); and Multinational. Multinational organizations are also assessed on their efforts to create great workplaces across multiple countries in the region. They must appear on at least two national lists in Asia and the Middle East and have at least 1,000 employees worldwide with at least 40% (or 5,000+) of those employees located outside the headquarters country.

For All™ Methodology

Great Place To Work, the global authority on workplace culture, determined the Philippines Best Workplaces™ 2023 List by conducting annual workforce studies through our Trust Index Survey™ and Culture Management platform Emprising®, representing the voices of over 450,000 employees across the Philippines.

Employees responded to over 60 survey questions describing the extent to which their organization creates a great place to work For All™, meaning that the company empowers all individuals to reach their full human potential. Eighty-five percent of the evaluation is based on what employees report about their experiences of trust and reaching their full human potential as part of their organization, no matter who they are or what they do. We analyze these experiences relative to each organization’s size, workforce makeup, and what’s typical in their industry and region. The remainder of the evaluation is an assessment of all employees’ daily experiences of the company’s values, people’s ability to contribute new ideas, and the effectiveness of their leaders to ensure they’re consistently experienced.

To ensure surveys truly represent all employees, we require enough people in each organization to respond that results are accurate to a 95% confidence level and 5% margin of error or better. We review any anomalies in survey responses, news, and financial performance to ensure there aren’t any extraordinary reasons to believe we couldn’t trust a company’s survey results.

For All™ Methodology

Great Place to Work, the global authority on workplace culture, determined the Philippines Best Workplaces™ 2022 List by conducting annual workforce studies through our Trust Index Survey™ and Culture Management platform Emprising®, representing the voices of over 130,000 employees across the Philippines.

Employees responded to over 60 survey questions describing the extent to which their organization creates a great place to work For All™, meaning that the company empowers all individuals to reach their full human potential. Eighty-five percent of the evaluation is based on what employees report about their experiences of trust and reaching their full human potential as part of their organization, no matter who they are or what they do. We analyze these experiences relative to each organization’s size, workforce makeup, and what’s typical in their industry and region. The remainder of the evaluation is an assessment of all employees’ daily experiences of the company’s values, people’s ability to contribute new ideas, and the effectiveness of their leaders to ensure they’re consistently experienced.

To ensure surveys truly represent all employees, we require enough people in each organization to respond that results are accurate to a 95% confidence level and 5% margin of error or better. We review any anomalies in survey responses, news, and financial performance to ensure there aren’t any extraordinary reasons to believe we couldn’t trust a company’s survey results.

Categories:
These organizations’ assessment is based 100% on employee responses to the Trust Index survey.

  • Small 10-99 Employees

For larger organizations with more than 100 employees, we also use our Culture Audit™ tool, asking organizations to share with us their practices, policies, and programs to create a great workplace For All™ and evaluate the approach they take.

  • Medium 100-999 Employees
  • Large 1000+ Employees

Why do you say in one place your national list scoring is based on 85%/15% and in another place that it is 75%/25%?

We are explaining two different things:
1.  The criteria we evaluate

  •  85% concerned with Trust and Maximizing Human Potential and
  • 15% concerned with everything else

2.  Where the data comes from

  • 100% Trust Index for organizations with less than 100 employees
  • 75% based on the Trust Index survey analytics and 25% based on responses to the Culture Audit for organizations with more than 100 employees.
For All™ Methodology

Great Place To Work, the global authority on workplace culture, determined the Philippines Best Workplaces™ 2023 List by conducting annual workforce studies through our Trust Index Survey™ and Culture Management platform Emprising®, representing the voices of over 450,000 employees across the Philippines.

Employees responded to over 60 survey questions describing the extent to which their organization creates a great place to work For All™, meaning that the company empowers all individuals to reach their full human potential. Eighty-five percent of the evaluation is based on what employees report about their experiences of trust and reaching their full human potential as part of their organization, no matter who they are or what they do. We analyze these experiences relative to each organization’s size, workforce makeup, and what’s typical in their industry and region. The remainder of the evaluation is an assessment of all employees’ daily experiences of the company’s values, people’s ability to contribute new ideas, and the effectiveness of their leaders to ensure they’re consistently experienced.

To ensure surveys truly represent all employees, we require enough people in each organization to respond that results are accurate to a 95% confidence level and 5% margin of error or better. We review any anomalies in survey responses, news, and financial performance to ensure there aren’t any extraordinary reasons to believe we couldn’t trust a company’s survey results.

Categories:
These organizations’ assessment is based 100% on employee responses to the Trust Index survey.

  • Small 10-99 Employees

For larger organizations with more than 100 employees, we also use our Culture Audit™ tool, asking organizations to share with us their practices, policies, and programs to create a great workplace For All™ and evaluate the approach they take.

  • Medium 100-999 Employees
  • Large 1000+ Employees