• Introduction

    Morley Companies, Inc. is a corporation incorporated under the laws of the State of Michigan, with its head office at One Morley Plaza, Saginaw, Michigan 48603 in the United States of America. When the term "Morley" is used in this policy, it means Morley Companies, Inc.

    Morley is a group travel, business theater, interactive, research, performance improvement, exhibit, display and experiential marketing firm that operates on a domestic and international basis.

    Morley complies with the U.S.-EU Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. Morley has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Morley’s certification, please visit http://www.export.gov/safeharbor/

    Ultimately, the Chief Privacy Officer for Morley ensures that obligations arising from the Privacy Policy are enforced and that national laws, such as those in Canada, the European Union and Australia, are observed.

  • Definitions Overview

    The following definitions apply in this Privacy Policy:

    1. "Collection" - the act of gathering, acquiring or obtaining personal information from any source, including from third parties, by any means.
    2. "Consent" - voluntary agreement with what is being done or proposed. Consent can be either express or implied. Express consent is given explicitly, either orally or in writing. Express consent is unequivocal and does not require any inference on the part of the persons seeking the consent. Implied consent arises where consent may reasonably be inferred from the action or inaction of the individual.
    3. "Disclosure" - making personal information available to other persons outside of Morley.
    4. "Personal information" - means information about an identifiable individual, but does not include the name, title or business address or telephone number of an employee of an organization.
    5. "Use" - treatment and handling of personal information within Morley.
  • Principle 1: Accountability

    Accountability for Morley's compliance with the privacy principles in this Privacy Policy shall rest with an individual as appointed by the Privacy Committee from time to time. The members of the Privacy Committee are appointed by the Board of Directors of Morley from time to time. This individual may delegate other individuals to act in his or her behalf. The individual will be known as the "Chief Privacy Officer."

    Morley is responsible for all personal information in its possession or custody, including information that has been transferred to it through any third party, such as an employer or medical practitioner assisting Morley and its client with a marketing research study. Morley is also responsible for all personal information that it provides to subcontractors and agents for processing to assist Morley in serving its clients. It is the responsibility of the Morley staff person proposing or supervising such activities to ensure that the written contract with the outside party will afford a comparable level of protection while the personal information is being processed by such third party.

    This will usually mean the provision of a copy of this Privacy Policy to such third party and the written acknowledgement from such third party that it will be bound by the policy. Further provisions may include the return of all personal information to Morley upon completion, an agreement not to use such information except for the purposes of Morley, and the destruction of any remaining records in the possession of the third party. Finally, the third party must agree to advise Morley immediately of any concerns or objections expressed by individuals, and of any breaches of this Privacy Policy.

    Care shall be taken to select only contractors or third parties who can guarantee the technical and organizational requirements and security provisions necessary for the processing.

    Morley shall implement policies and practices to give effect to this privacy policy, including:

    1. Implementing procedures to protect personal information;
    2. Establishing procedures to receive and respond to complaints and inquiries, and ensuring that Morley staff are knowledgeable about such procedures;
    3. Training staff and communicating to staff information about Morley's policies and practices;
    4. Developing information to explain Morley's policies and procedures;
    5. Verifying compliance within Morley with the policies and procedures through methods such as regular audits, random reviews and/or the use of "decoys" on a regular basis; and
    6. Monitoring developments in privacy and security on a continuing basis.

    Morley's staff shall only have access to personal information on a need-to-know basis. See also Principle 5.

    Principle 2: Identifying Purposes

    The purposes for which personal information is collected shall be identified by Morley before or at the time the information is collected. Morley shall also identify to the individual the classes of third parties to which the data may be transferred.

    Morley staff shall collect and distribute personal information only as needed for the purposes of operating its business and administering client-related programs and projects including:

    1. Assisting clients, including their employees and members of their supplier and sales and distribution networks, with their event planning, group and individual travel programs, trade-show management and participation, interactive services, including teleservices and database management projects, market research data collection and analysis, and other services offered by Morley
    2. Operating and managing customer loyalty programs where clients provide Morley with personal information related to their clients, employees, suppliers and distributors. Examples of which include but are not limited to credit and debit card reward programs, sales incentives and other loyalty-based marketing programs.
    3. Designing, developing, operating and managing market research studies for clients, including studies, where to preserve the integrity of the research, the identity of the organization commissioning the study is not disclosed to the participants
    4. Identifying and communicating with individuals interested in receiving information about Morley's services and other marketing purposes
    5. Complying with governmental regulations
    6. Hiring, training and managing staff
    7. Supporting the functions of Morley human resource management, including the coordination of third-party vendors that provide insurance and personal financial services such as retirement planning and savings and investment accounts
    8. Operating Morley Web sites and Morley-operated client Web sites in support of client projects. When operating client Web sites, Morley may also follow client-imposed privacy requirements.

    Morley generally uses such personal information to carry on its business and serve its customers as described above. If the business is transferred to a new owner, the personal information will also be transferred subject to the limitations of Principle 5.

    The purposes for which a Morley staff person is collecting personal information shall be identified by the staff person at or before the time the information is collected. Only information that is necessary for the purposes that have been identified may be collected. The purposes for the collection, use and disclosure shall be communicated to the subject individual.

    Principle 3: Consent

    The knowledge and consent of the individual are required for the collection, use or disclosure of personal information, except as provided by law.

    Consent is required for the collection of personal information and the subsequent use or disclosure of such information. The exceptions to such requirement are specified in the national law of each country. Where there is no applicable privacy or data protection legislation, the exceptions to the consent requirement are as specified in Schedule "A" to this Privacy Policy.

    When acting as a service provider to another organization with respect to the collection, use or disclosure of personal information, a Morley staff person shall obtain and adhere to any form of consent previously obtained by such organization, subject to the relevant exceptions.

    Morley may not, as a condition for the supply of a service or employment, for example, require an individual to consent to the collection, use or disclosure of personal information beyond what is reasonably necessary for such purposes. In particular, without limiting the generality of the foregoing statement, government identifiers, such as Social Security numbers, are not to be adopted by Morley for its own identification purposes, and individuals must always have the opportunity to refuse to provide such identifiers, except of course for the duly authorized purposes for which such identifiers were created.

    The adequacy of the form of consent depends upon the circumstances and the type of information that is being collected. Generally speaking, the more sensitive the information (such as heath information or employment evaluations), the more explicit or manifest is the form of consent that is required. In obtaining consent, the reasonable expectations of the individual must also be taken into account. Consent shall not be obtained through deception.

    In principle, the processing of personal data concerning racial and ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or details about the health or sexual orientation of the individual concerned based on implied consent is not permitted, except when the processing of this data is required or allowed by law, as these are particularly sensitive categories of personal information. Furthermore, processing of such sensitive categories of personal data is also permitted when it is necessary for the establishment, exercise, defense of legal claims or litigation, unless the legitimate interest of the individual to exclude the processing and usage of her or his personal data prevails. Otherwise, these sensitive data categories can also be processed if the data subject has given explicit consent.

    An individual may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. The individual shall be informed of the implications of such withdrawal. Morley staff shall ensure that individuals are provided with clear and conspicuous, readily available and affordable mechanisms in order to withdraw their consent. In all circumstances, individuals must have the opportunity to opt out any disclosure of personal information to third parties, even for the same purpose for which it was originally collected, or where Morley proposes to use the information for a purpose different from that for which the information was originally collected.

    Principle 4: Limiting Collection

    The collection of personal information shall be limited to that which is necessary for the purposes identified by Morley. The information shall be collected by fair and lawful means.

    Personal information shall not be collected indiscriminately. Both the amount and the type of information collected shall be limited to that which is necessary to fulfill the purposes identified.

    Principle 5: Limiting Use, Disclosure And Retention

    Personal information shall not be used or disclosed for purposes other than those for which the information was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfillment of those purposes.

    All disclosure to agents and subcontractors shall made in accordance with the terms set out under Principle 1 of this Policy.

    Persons who have access to personal information shall only be those whose function and responsibility specifically include the handling of such personal information. The right of access is restricted according to the nature and scope of the individual function and responsibility.

    Personal information that is no longer required to fulfill the identified purposes should be destroyed, erased or made anonymous.

    As one of the purposes for which Morley collects, uses and/or discloses personal information is the operation of its business, in the event that all or part of the assets of Morley are sold to a new owner, all personal information, or that part of the personal information associated with the assets being sold, will be transferred (disclosed) to the new owner, subject to certain conditions. Either the new owner must agree to maintain and abide by Morley's then existing Privacy Policy for a minimum of six months, or the new owner must agree to Morley sending notices to all of its current customers advising them of the proposed transfer, the new owner's privacy policy and providing its customers with an easy and effective means of withdrawing their personal information from the transfer, at Morley's option.

    Principle 6: Accuracy

    Personal information shall be accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.

    This is particularly important where the information is being used to make some evaluation or judgment about the individual, such as granting credit. The extent to which the personal information shall be accurate, complete and up-to-date will depend upon the use of the information taking into account the interests of the individual.

    Personal information that is used on an ongoing basis, including information that is disclosed to third parties, should generally be accurate and up-to-date.

    Where there are reasonable grounds for believing that the personal information is inaccurate having regard to the purpose for which it is to be used, the personal information shall not be used for such purpose unless the data is corrected or updated, otherwise the data shall be erased. If materially inaccurate data has been earlier disclosed to any third party, even with consent, the third party shall be informed of the subsequent determination and provided with particulars of any correction.

    Principle 7: Safeguards

    Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.

    The security safeguards shall protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification. The nature of the safeguards will vary according to the sensitivity of the information. Morley will monitor security developments and reassess the risks at regular intervals.

    The methods of protection will include physical measures, organizational measures and technological measures. All personal information shall be handled on a "need-to-know" basis and each Morley staff person shall be responsible for the protection of the personal information used in his or her job function.

    Morley shall regularly make all of its staff aware of the importance of maintaining the security of personal information.

    Care shall be used in the disposal or destruction of personal information to prevent unauthorized parties from gaining access to the information.

    Principle 8: Openness

    Morley shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.

    Morley shall be open about its policies and practices with respect to the management of personal information. Individuals shall be able to acquire information about Morley's policies and practices without unreasonable effort. This information shall be made available in a form that is generally understandable.

    The information made available must include:

    1. The correct legal name of Morley;
    2. How the individual may contact the Privacy Officer with respect to complaints or inquiries;
    3. Advice that the individual can gain access to the personal information held by Morley by writing to the Privacy Officer, confirming and verifying his or her identity, and requesting the specified information;
    4. A description of the type of personal information held by Morley, including a general account of its use;
    5. A copy of any brochures or other information that explains Morley's policies, standards or codes; and
    6. What personal information is generally made available to related organizations;
    7. Advice that the individual may refuse to consent to any of the collection, use or disclosure of the individual's personal information, any consequences of such choices, and how to exercise such choice.

    Specifically on or before the collection of any personal information, the individual must be informed of the items in a, b, c, f and g. See also Principle 2.

    This information is also to be made available on the Web site.

    Principle 9: Individual Access

    Upon request, an individual shall be informed of the existence, use and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

    Before granting an individual access to the personal information, a Morley staff person must consult the Chief Privacy Officer or that person's delegate. There are restrictions on the grant of access in national laws, and in Schedule "B" where access would reveal personal information about a third party that cannot be severed from the information about the individual making the request, and in certain other circumstances there needs to be notification of governmental institutions before release.

    Access may also be refused where the information is protected by solicitor-client privilege; where revealing the information would also reveal confidential commercial information; where revealing the information could reasonably be expected to threaten the life or security of another individual; if the information was collected during an investigation of a breach of an agreement or a contravention of the laws of a specific country on the reasonable expectation that the knowledge or consent of the individual would compromise the availability or accuracy of the information; or where the information was generated in the course of a formal dispute resolution process.

    Upon such a request, Morley shall inform an individual whether or not Morley holds personal information about the individual. When disclosure is made to the individual, the organization shall provide an account of the use that has been made or is being made of the information and an account of the third parties to which the information has been disclosed. Before providing any information to the requestor, Morley must verify and satisfy itself as to the individual's identity.

    Where the request for access is with respect to personal information collected, used or disclosed in the course of serving a client of Morley (other than where the personal information was collected as part of a blind market research study, or a promise of non-disclosure was otherwise made) or other third party, the customer or other third party shall immediately be provided with a copy of the request.

    Morley shall respond to an individual's request within the time prescribed in the national law of the individual's place of residence, or if no time period is specified, within thirty (30) days and at minimal or no cost to the individual. Morley may require a reasonable payment for the information provided only if it has informed the individual in advance of the approximate cost and the individual has advised Morley that the request is not being withdrawn.

    When an individual successfully demonstrates the inaccuracy or incompleteness of personal information, Morley must amend the information as required. Depending upon the nature of the information challenged, amendment could involve the correction, deletion or addition of information. Where appropriate, the amended information shall be transmitted to third parties having access to the information in question.

    When a challenge is not resolved to the satisfaction of the customer, the substance of the unresolved challenge shall be recorded by the member of Morley. When appropriate, the existence of the unresolved challenge should be transmitted to third parties having access to the information in question.

    Principle 10: Challenging Compliance

    An individual shall be able to address a challenge concerning compliance with the above privacy principles to the Chief Privacy Officer.

    The individual accountable for Morley's compliance is the Chief Privacy Officer as appointed by the Privacy Committee from time to time. The members of the Privacy Committee are appointed by the Board of Directors of Morley. The Privacy Committee shall establish procedures to receive and respond to complaints or inquiries about Morley's policies and practices relating to the handling of personal information.

    Morley staff shall inform individuals who make inquiries or lodge complaints of the existence of the relevant complaint mechanisms of Morley. Morley shall investigate all complaints. If a complaint is found to be justified through either the internal or external complaint review process, Morley shall take appropriate measures, including amending its policies and practices if necessary.

    Where the complaint arises out of a customer matter, the customer shall be informed immediately of such measures.

  • Date Adopted: June 1, 2004


    The exceptions to the consent requirement for the collection, use and/or disclosure of personal information in this Schedule are subject to, and subordinate to, the laws of the relevant jurisdiction. In the event that the laws of such jurisdiction are more restrictive than the exemptions in this Schedule "A," then the more restrictive laws of the jurisdiction shall govern.

    Collection and Use

    The consent of the individual shall not be required for the collection of personal information where (note that all these exceptions also apply to disclosures):

    1. The collection or use is clearly in the interests of the individual and consent cannot be obtained in a timely way.
    2. The collection or use is necessary for the medical treatment of the individual and the individual is unable to give consent.
    3. It is reasonable to expect that collection or use with consent would compromise the availability or the accuracy of the personal information and the collection or use is reasonable for an investigation or a proceeding.
    4. The personal information is collected by observation at a performance, a sports meet or a similar event at which the individual voluntarily appears and which is open to the public.
    5. The collection or use is necessary to determine the individual's suitability to receive an honor, award or similar benefit, or to be selected for an athletic or artistic purpose.
    6. The collection or use is required or authorized by law.
    7. The personal information is necessary to facilitate the collection of a debt owed to Morley or the payment of a debt owed by Morley.
    8. The use is necessary to respond to an emergency that threatens the life, health or security an individual.


    In addition to and including any of circumstances described above, the consent of the individual shall not be required for the disclosure of personal information where:

    1. The disclosure is for the purpose of complying with a subpoena, warrant or order issued or made by a court, person or body with jurisdiction to compel the production of personal information.
    2. The disclosure is to a public body or law enforcement agency in a relevant jurisdiction, concerning an offense under the laws of such jurisdiction to assist in an investigation, or in the making of a decision to undertake an investigation to determine whether an offense has taken place or to prepare for the laying of a charge or the prosecution of the offense.
    3. There are reasonable grounds to believe that compelling circumstances exist that affect the health or safety of any individual and if notice of disclosure is mailed to the last known address of the individual to whom the personal information relates.
    4. The disclosure is for the purpose of contacting the next of kin or a friend of an injured, ill or deceased individual.
    5. The disclosure is to an archival institution if the collection of the personal information is reasonable for archival purposes.


    When interpreting these exceptions in this Privacy Policy:

    1. "investigation"- means an investigation related to a breach of an agreement; a contravention of the laws of a relevant jurisdiction; or a circumstance or conduct that may result in a remedy or relief being available under an enactment, under common law or in equity; or the prevention of fraud; if it is reasonable to believe that the breach, contravention, circumstance, conduct, fraud or other improper practice may occur or may have occurred.
    2. "proceeding"- means a civil, a criminal or an administrative proceeding that is related to the allegation of a breach of an agreement, a contravention of an enactment of a relevant jurisdiction, or a wrong or breach of a duty for which a remedy is claimed under an enactment, under the common law or in equity.


    The limitations on affording an individual access to the personal information that Morley holds or has control over regarding the individual in this Schedule are subject to, and subordinate to, the laws of the relevant jurisdiction.


    Notwithstanding the provisions of Principle 9 of the Privacy Policy, Morley is not required to disclose personal information in the following circumstances:

    1. The personal information is protected by solicitor-client privilege.
    2. The disclosure of the personal information would reveal confidential commercial information that if disclosed, could, in the opinion of a reasonable person, harm the competitive position of Morley.
    3. The personal information was collected without consent, as is allowed under Schedule "A" to this Privacy Policy, for the purposes of an investigation (as defined in Schedule "A") and the investigation and associated proceedings and appeals have not been completed.
    4. The information relates to existing or anticipated legal proceedings between Morley and the individual, and the information would not be accessible by the process of discovery in those proceedings.
    5. The personal information was collected or created by a mediator or arbitrator in the conduct of a mediation or arbitration for which he or she was appointed to act under a collective agreement, under an enactment, under an agreement or by a court.
    6. Providing access would reveal the intentions of Morley in relation to negotiations with the individual in such a way as to prejudice those negotiations.
    7. The request for access is frivolous or vexatious.


    Notwithstanding the provisions of Principle 9 of the Privacy Policy, Morley shall not disclose personal information in the following circumstances:

    1. The disclosure could reasonably be expected to threaten the safety or physical or mental health of an individual, other than the individual who made the request.
    2. The disclosure can reasonably be expected to cause immediate or grave harm to the safety or to the physical or mental health of the individual who made the request.
    3. The disclosure would reveal personal information about another individual.
    4. The disclosure would reveal the identity of an individual who has provided personal information about another individual, and the individual providing the information does not consent to the disclosure of his or her identity.

    However, Morley will disclose any remaining personal information regarding an individual where it is able to sever and remove the prohibited and restricted information referred to in this Schedule "B".