Your privacy is important to Madison. This privacy statement provides information about the personal information that Madison collects and the ways in which this information is used.
Madison is a cross-disciplinary performance marketing organization focused on driving measurable results for our clients’ workforce, sales channels, and customer groups.
Collection of Information
If you choose to write to us at firstname.lastname@example.org, email@example.com, or at any of the other addresses listed at (www.madisonpg.com/contact-us), you are giving us de facto permission to contact you regarding a possible business relationship.
Madison builds private extranet sites for its customers. Some of these sites are limited to current employees of our customers, while others are available to our clients’ distributor and sales partners’ employees.
For sites limited to a client’s direct employees, we receive data feeds that contain personally identifiable information (PII) that may include a person’s name, job title, job code, division or other organizational identifier, birth date, employee number, email address, tenure, gender, or other information relevant to the sponsoring company’s relationship to the employee.
For sites accessible to distributor and sales channel partner groups, users of the site may be asked to register and to supply PII including home address, social security number, home or cellular phone number, as this information is not available from the sponsoring company.
Madison does not resell any PII to any other third parties for any marketing purpose. Madison may share this information with a third-party, but only in the circumstance in which that third-party is providing an essential service to Madison’s client, at the direction of the sponsoring client.
Madison’s extranet sites are for general audiences; most are for employees of established companies, and hence most participants are over the age of 13. For sites in which children are eligible to participate, we have partnered with Privo (www.privo.com) to ensure that we are in compliance with the Children’s Online Privacy Protection Act of 1998 (www.ftc.gov). Privo provides tools to ensure that children under the age of 13 have obtained parental consent before sharing PII.
How this information is used
This information is used in a number of ways in the course of supporting the custom extranets we build for our clients.
When members of an extranet site call our toll-free phone number or contact us electronically (email, chat), we may use this stored PII to verify the identity of the person requesting additional information about his or her account.
In extranet sites where participants have the opportunity to purchase merchandise, gift cards, debit cards, or other awards, we may use this information to ship awards directly to participants. We may share shipping information with our fulfillment partners who in turn use this information to ship merchandise or other items directly from their warehouses directly to participants. Our fulfillment partners have agreed not to use this information for any other purpose except for shipping requested items to the individuals who have ordered them.
Many of the extranet sites we build depend on understanding the supervisor-to- employee relationship in order to show the appropriate information to a user of the system. We use the PII provided by the sponsoring company to model these supervisory relationships in our extranet sites and ensure that users of the system see only the information they are authorized by the sponsoring company to see.
The PII collected may be used to send promotional messages to users of the extranets to announce new contests or initiatives or news relevant to the sponsoring companies’ employees.
For sites in which users have the opportunity to earn awards with a cash value, the Internal Revenue Service requires us to report awards with an aggregate annual value greater than $600. This may be reported directly to the government and to individual users via a Form-1099, or, this information may be reported to a sponsoring company, who may in turn report this income on a user’s Form W-2 or Form 1099.
Your choice to opt-in or opt-out
On the public Madison site, no PII is collected on visitors to the site, so we do not offer a choice to opt-out.
For user of the extranet sites we build for our customers that are self-registering, users are asked to acknowledge these uses of their information as a prerequisite to registering for the program. Use of the program’s features and benefits is generally contingent on accepting these uses of their PII. To opt-out of these uses, the recourse is to deactivate one’s account. Each extranet provides a contact page with a toll-free phone number, email address, contact form, and street address for you to contact us. You can also reach us at the email and physical address at the end of this document.
For users of extranet sites in which information is provided from a sponsoring company’s human resources information system (HRIS), your participation is presumed. Opt-out requests must be made via your company’s human resources department, who in conjunction with your company’s IT department, can remove you from the employee feed we receive.
Updating your personal information
For extranet sites in which users register themselves for the site, a user can correct personal information on a page titled “My Account” or “My Information” (actual name may differ by site.)
For extranet sites in which users’ information is provided by a sponsoring company’s HRIS, this information must be corrected in the HRIS. We are unable to change or update this information. Please contact your HR department to correct any erroneous information in your personal account.
How your personal information is protected
Any site that stores a social security number is stored in an encrypted format in the database and is not visible in plain text. Any web page that displays or allows a user to update his or her information is encrypted with industry-standard SSL encryption (128-bit.) We do not ask for nor do we store credit card information.
Employee information feeds that we receive from our clients are encrypted with using the PGP standard (www.pgp.com) and transmitted either physically, or, via secure FTP.
Our database and web servers operate in a secure co-location environment secured by physical measures and hardware firewalls. Access to database servers and web servers is limited to a select group of IT personnel. Madison takes reasonable measures to ensure that only employees who need access to PII are able to read it.
Directing concerns about this policy and its application
Madison conducts an annual self-assessment to ensure that our actions and processes remain compliant with EU data protection principles and the principles laid out in the US Department of Commerce’s Safe Harbor requirements.
Madison complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Madison has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Madison’s certification, please visit www.export.gov/safeharbor.
If you are concerned about a data privacy issue, please contact us at firstname.lastname@example.org. Alternatively, you can write to us at: Privacy Officer, Madison, 18 East 41 Street, 13th Floor, New York, NY 10017. If you are unsatisfied with the result of your interaction with us, we agree to cooperate with the appropriate EU data protection authorities.
This policy was last updated on September 10, 2015.