OCEG Membership Agreement
By registering in the OCEG Site, you are entering into an OCEG Membership Agreement and Software License set out below, which is a contract between you and OCEG. You are agreeing to be a party to this contract by registering through any of the following actions:
- Submitting your registration either by filling out fields on the Site registration form, or by using your LinkedIn profile to register with one click/li>
- Registering to attend any OCEG webinar or to download any content from the OCEG Site
- Purchasing an OCEG All Access Pass (AAP)
- Registering an AAP using a coupon code that has been provided to you by OCEG, your employer, any OCEG training partner, or any OCEG GRC Solutions Council member company
If you do not wish to be bound by the terms of the OCEG Membership Agreement and Software License (hereinafter referred to as the or this Agreement) , you should not take any of the above listed actions. You are referred to as “Member” in the Agreement.
OCEG MEMBERSHIP AGREEMENT AND SOFTWARE LICENSE
In consideration of OCEG providing Member with a license to use the OCEG software service (hereinafter “the OCEG Site”) to obtain or access resources, training and webinars, Member agrees to the following terms:
- Intellectual Property and Use of Site Content
- OCEG makes the Site Content available to Member solely for personal use, including internal use within the organization where Member is employed. Site Content includes but is not limited to Illustrations, eBooks, Survey Reports, Infographics, Webinar Recordings and Slides, and On Demand Videos. If Member wishes to use any Site Content in public presentations or for commercial purposes, or wishes to customize any content for internal use in Member’s organization, please contact OCEG (or the relevant content contributing member) for use and licensing information.
- Member agrees that Member will not use any OCEG Site Content to market services, generate revenue or otherwise provide commercial services, either personally or through Member’s organization, without first obtaining a commercial use license from OCEG. If Member or Member’s organization improperly uses such Site Content for any commercial purpose, Member agrees that Member or Member’s organization will pay OCEG three times the fee for commercial use licenses for such item(s) at OCEG’s then prevailing license rates and to refrain from further use if so requested by OCEG.
- Member also agrees to not use for commercial purposes any Site Content that is the intellectual property of any other OCEG member without first gaining permission from such member (or member organization if a GRC Solutions Council member is the source of the material or content).
- There is some content on the Site, in particular a few of the open source standards, which OCEG provides under a “copyleft” agreement. Details are available at https://www.oceg.org/terms-of-use/advanced-license-permissions/ OCEG understands that some organizations are not able to use open source content and code in their products and/or projects. As such, even when there is a copyleft license, OCEG also offers other licenses that may allow Member to include this content in a Member or Member organization project/product. Contact [email protected] for details about licensing.
- Receipt and Use of Member Data
- Member agrees that OCEG may use Member’s personal data to:
- Serve Member by communicating with Member by email and in-app systems, including communications about available OCEG resources and events; forwarding of OCEG Member announcements offering resources and events; answering questions and offering information about GRC certifications held by or available to Member; and other communications regarding OCEG based on Member’s preferences and site use history
- Enforce the terms of this Agreement, for example regarding the limited licensing of Site Content for non-commercial
- Provide Member contact information and webinar participation information (such as answers to polls and questions asked) to sponsors of Site Content downloaded, or webinars attended by Member, for follow up contact by sponsors (Member may in some cases limit or reject future contact by sponsors when filling out registration forms on the OCEG site, or may otherwise directly unsubscribe from sponsor communications or ask sponsor to stop contact or remove their data from sponsor possession.)
- OCEG agrees that it will not sell or distribute Member data to any third party, except as such data is provided to Site Content sponsors in accordance with sub-paragraph c. above.
- Member Data Protection
- OCEG agrees to comply with all applicable laws and regulations concerning processing and protection of Member’s personal data and shall take all reasonable steps to protect Member’s personal data as required by applicable laws and regulations. OCEG shall maintain appropriate security measures to protect personal data, including appropriate technical and organizational measures, to protect against unauthorized or unlawful processing, access by individuals who are not in need of the data to do their job for OCEG, and against accidental loss, destruction or damage. Member data will be encrypted.
- OCEG may store Member data in systems provided by third party software-as-service providers located in the United States or elsewhere and shall confirm that such providers are managing the data in accordance with all applicable data protection laws and regulations.
- In the event of a data breach which involves Member personal data (Personal Data Breach), OCEG will: (i) promptly take all necessary and appropriate corrective action to remedy the underlying causes of the Personal Data Breach and make reasonable commercial efforts to ensure that such Personal Data Breach will not recur; (ii) notify Member without unreasonable delay, providing reasonable detail of the Personal Data Breach and likely impact on Data Subjects; and (iii) take any action required by applicable law.
- OCEG shall retain Member data as long as necessary to meet the stated uses of such data and to support OCEG legal and operational requirements, and statistical, historical and research uses. If Member downloads any Site Content and then asks OCEG to remove all of Member’s data, OCEG shall do so within a reasonable period of time, but shall indefinitely retain Member’s data in as much detail as necessary to ensure that OCEG can enforce the limited license terms of this Agreement. This includes records of details regarding what items were downloaded by Member (title of items and dates downloaded) and Member’s contact information. Also, is required by various certification authorities such as NASBA to maintain identifiable information about your participation in learning events including your registration, attendance and answers to any polls or surveys, and we shall do so to be able to comply and to satisfy any audit by such authorities.
- In no event does OCEG retain credit card data obtained if Member purchases an AAP or other items through the OCEG website. Such data is collected only by OCEG’s third party credit card processor and never enters OCEG’s possession.
- Member may request the following actions by using links provided in the Member profile on the OCEG site (top right of any page in the site):
- access to a copy of the information comprised in their personal data;
- have inaccurate personal data rectified, blocked, erased or destroyed
Other requests regarding Member data may be made by contacting OCEG at [email protected]. OCEG shall comply with requests in accordance with the provisions of data protection laws applicable to Member and Member’s data and shall apply any provided exemptions and provisions for fees related to such requests.
- Paid access (All Access Pass and other levels of access passes) requires payment which establishes Member’s enhanced access for twelve months.
- Company subscriptions or bundles (e.g., All Access Pass bundles) are established at the organizational level and a subscription manager for the organization will determine who within the organization may use the accompanying licenses. We are only able to share information about these subscriptions and bundles with the subscription manager.
- If Member purchases an All Access Pass or any other subscription-based access by credit card through our Site, Member agrees that the card will be automatically charged upon annual renewal dates and/or for scheduled monthly payments following the initial term. If Member wishes to cancel the subscription at any time after the initial term, Member may access "Account & Billing" features of Member’s profile (upper right corner of the Site) and click the Cancel button. Contact OCEG at [email protected] for assistance if needed. Member agrees to cancel prior to the renewal date and acknowledged that once a renewal charge has been processed, it will not be refunded and that all fees and charges are nonrefundable. Member also agrees to make any necessary changes to credit card information or update expiration dates prior to renewal dates through the “Orders & Billing Info” section of the OCEG Site.
By registering on the OCEG Site, downloading any content from the OCEG Site or registering for any OCEG webinar through the Site, you are entering into a binding contractual agreement with OCEG, which is the OCEG Membership Agreement and Software License that is set forth above. Read that Agreement before downloading or copying any content from the OCEG Site.
- Unlawful Site Use
- We may refuse to grant you a user name that impersonates someone else, is protected by trademark or other proprietary right law, or is vulgar or otherwise offensive.
- Use of Materials
- All materials and content on this Site, including all original documents to which links are provided, are the copyrighted work of OCEG, unless otherwise noted. Some content posted by OCEG is provided by members of OCEG or member companies on the OCEG GRC Solutions Council (collectively, all of the materials and content are hereinafter referred to as “Site Content”).
- As a condition of using the OCEG Site, you agree not to copy or create screenshots of any Site Content, or to create abstracts from, scrape or display headlines from the Site for use on another web Site or service. You agree not to post any Site Content to newsgroups, mail lists or electronic bulletin boards, without our prior written consent. To request consent for this and other matters, please contact us at [email protected]
- Documents or any other Site Content (with the exception of public exposure draft documents) may be downloaded, copied and distributed within your own organization on a limited basis for noncommercial purposes only, provided that any copies include the OCEG copyright notice in a clearly visible position. Public exposure draft documents may not be copied for distribution, but anyone may register and download their own copies from the Site. Downloading Site Content constitutes your consent to enter into the OCEG Membership Agreement, which is posted above. Please read the Agreement before proceeding to download any Site Content.
- Please note that some downloaded documents will be stamped with a single user noncommercial license and you may want to have others in your organization register and download their own copies instead of distributing your copy, so that you can be sure to prevent further redistribution of an item licensed to you.
- Commercial Use of Materials
- OCEG Site Content may not be copied or redistributed for commercial purposes or for compensation of any kind except as provided for in a commercial use license from OCEG. This means that you must first ensure that your organization has arranged a commercial use license before you use these materials in consulting engagements or use the content in any software application which you sell or otherwise make available to clients or customers.
- You also may not use any OCEG materials in presentations or publications which support marketing efforts by your organization without prior approval from OCEG.
- If you have questions about these terms, or would like information about licensing materials from OCEG, please contact us via email at [email protected]
- Third Party Web Sites, Services and Software
- We may link to or promote web sites or services from other companies on the OCEG Site or offer you the ability to download content or software from other companies. You agree that we are not responsible for, and do not control, those web sites, services, content and software and are not responsible for their actions.
- Your use of the OCEG Site after changes are made to this document means that you agree to be bound by such changes.
- If you are located outside of the United States, note that information that you provide to us is being sent to, collected and processed within the United States. By registering on the OCEG Site, you consent to your data being sent to the United States and managed pursuant to U.S. legal requirements.
- Fees and Payments
- You agree to pay All Access Pass subscription and any other charges incurred in connection with your username and password for OCEG at the rates in effect when the charges were incurred.
- If you’ve elected to pay by credit card, we will bill all charges to your credit card upon receipt of your application or purchase with an additional 3% fee for credit card use, except in the case of individual All Access Pass purchases.
- Upon commencement of an All Access Pass (AAP or premium access) subscription or organizational subscription (a bundle of AAPs), or purchase of any item, initiated either by phone, online, or e-mail, or postal mail, there are no cancellations and no refunds of fees or any portion thereof under any circumstances. AAPs may be cancelled at any time and if the AAP subscription is month-to-month, charges will be stopped as of the next month following cancellation. There is no pro rata refund if cancellation of an annually billed AAP is cancelled prior to the end of the then current membership year term (which is 12 months rolling from the date of initiation).
- An organization becomes bound as a paying member of the OCEG GRC Solutions Council, or as a purchaser of a bundle of AAPS, after either signing up with a representative by phone, or by faxing in an application form. Once the application has been submitted, regardless of whether or not the applying organization has remitted the payment, all sales are final and all fees are due. Questions about OCEG’s cancellation policy should be sent to [email protected]
- If you are authorized to access the OCEG Site through arrangements between your employer and us, some or all of these “Fees and Payments” terms may not apply to you. Please contact your employer representative to OCEG for details.
- Unauthorized Use of Your User Name
If you believe someone has accessed the OCEG Site using your user name and password without your authorization, please inform us at [email protected].
- Renewal and Automatic Billing
- If you have an individual or organizational AAP that is not set up for automatic renewal (e.g. you asked for an invoice and made payment by check), we will make reasonable attempts to contact you when your access subscription is due to expire and offer a simple process for renewing. If your membership or subscription expires before you accept our renewal offer, your access to OCEG and all of its services at the level of your membership or subscription will terminate without additional notice. Any special offers or discounts obtained upon your initial membership, subscription or any subsequent renewals may not necessarily be offered on renewal, and we reserve the right to change our fees at any time without notice.
IMPORTANT: If you purchase an All Access Pass or any other subscription based access by credit card through our Site, your card will be automatically charged upon annual renewal dates and/or for scheduled monthly payments following the initial term. If you wish to cancel your subscription at any time after the initial term, you may access "Account & Billing" features of your profile (upper right corner of the Site) and click the Cancel button. Please contact us at [email protected] if you have any trouble. Please make sure to cancel prior to the renewal date. Once a renewal charge has been processed, it will not be refunded. Also, please let us know if you wish to change your credit card or update expiration dates on it, prior to renewal dates.
- DISCLAIMERS OF WARRANTIES AND LIMITATIONS ON LIABILITY
YOU AGREE THAT YOUR ACCESS TO AND USE OF THE OCEG SITE AND THE CONTENT AVAILABLE THROUGH THE SITE IS ON AN “AS-IS”, “AS AVAILABLE” BASIS AND WE SPECIFICALLY DISCLAIM ANY REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ANY REPRESENTATIONS OR WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
INFORMATION GATHERED AND DISPLAYED ABOUT INDIVIDUAL COMPANIES, ORGANIZATIONS, GOVERNMENT AGENCIES, AND OTHER GROUPS IS AVAILABLE FOR INFORMATIONAL PURPOSES ONLY AND IS NOT INTENDED FOR TRADING PURPOSES OR FOR THE EVALUATION OF THOSE ORGANIZATIONS FOR ANY OTHER PURPOSE. OCEG SHALL NOT BE LIABLE FOR ANY ERRORS OR DELAYS IN CONTENT, OR FOR ANY ACTIONS TAKEN IN RELIANCE THEREON.
OCEG AND ITS SUBSIDIARIES, AFFILIATES, SHAREHOLDERS, DIRECTORS, OFFICERS, EMPLOYEES AND LICENSORS (“THE OCEG PARTIES”) WILL NOT BE LIABLE (JOINTLY OR SEVERALLY) TO YOU OR ANY OTHER PERSON AS A RESULT OF YOUR ACCESS OR USE OF THE OCEG SITE FOR INDIRECT, CONSEQUENTIAL, SPECIAL, INCIDENTAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS, LOST SAVINGS AND LOST REVENUES (COLLECTIVELY, THE “EXCLUDED DAMAGES”), WHETHER OR NOT CHARACTERIZED IN NEGLIGENCE, TORT, CONTRACT, OR OTHER THEORY OF LIABILITY, EVEN IF ANY OF THE OCEG PARTIES HAVE BEEN ADVISED OF THE POSSIBILITY OF OR COULD HAVE FORESEEN ANY OF THE EXCLUDED DAMAGES, AND IRRESPECTIVE OF ANY FAILURE OF AN ESSENTIAL PURPOSE OF A LIMITED REMEDY. IF ANY APPLICABLE AUTHORITY HOLDS ANY PORTION OF THIS SECTION TO BE UNENFORCEABLE, THEN THE OCEG PARTIES’ LIABILITY WILL BE LIMITED TO THE FULLEST POSSIBLE EXTENT PERMITTED BY APPLICABLE LAW.
- Digital Millennium Copyright Act Provisions
- If you are a copyright owner or an agent thereof and believe that any User Submission or other content infringes upon your copyrights, you may submit a notification pursuant to the Digital Millennium Copyright Act (“DMCA”) by providing our Copyright Agent with the following information in writing (see 17 U.S.C 512(c)(3) for further detail):
Counter-Notice. If you believe that your User Submission that was removed (or to which access was disabled) is not infringing, or that you have the authorization from the copyright owner, the copyright owner’s agent, or pursuant to the law, to post and use the content in your User Submission, you may send a counter-notice containing the following information to the Copyright Agent:
- A physical or electronic signature of a person authorized to act on behalf of the owner of an exclusive right that is allegedly infringed;
- Identification of the copyrighted work claimed to have been infringed, or, if multiple copyrighted works at the OCEG Site are covered by a single notification, a representative list of such works at the Site;
- Identification of the material that is claimed to be infringing or to be the subject of infringing activity and that is to be removed or access to which is to be disabled and information reasonably sufficient to permit the service provider to locate the material;
- Information reasonably sufficient to permit OCEG to contact you, such as an address, telephone number, and, if available, an electronic mail;
- A statement that you have a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law; and
- A statement that the information in the notification is accurate, and under penalty of perjury, that you are authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
- OCEG’s designated Copyright Agent to receive notifications of claimed infringement is: Carole Stern Switzer, 4144 N. 44th Street, Suite 6, Phoenix, AZ 85018 or [email protected] . For clarity, only DMCA notices should go to the Copyright Agent; any other feedback, comments, requests for technical support, and other communications should be directed to [email protected] . You acknowledge that if you fail to comply with all of the requirements of this Section 5(D), your DMCA notice may not be valid.
If a counter-notice is received by the Copyright Agent, OCEG may send a copy of the counter-notice to the original complaining party informing that person that it may replace the removed content or cease disabling it in 10 business days. Unless the copyright owner files an action seeking a court order against the content provider, member or user, the removed content may be replaced, or access to it restored, in 10 to 14 business days or more after receipt of the counter-notice, at OCEG’s sole discretion.
- Your physical or electronic signature;
- Identification of the content that has been removed or to which access has been disabled and the location at which the content appeared before it was removed or disabled;
- A statement that you have a good faith belief that the content was removed or disabled as a result of mistake or a misidentification of the content; and
- Your name, address, telephone number, and e-mail address, a statement that you consent to the jurisdiction of the federal court in Phoenix, Arizona, and a statement that you will accept service of process from the person who provided notification of the alleged infringement.
- This Agreement, and the OCEG Member Agreement if you have entered into such under the terms above, contain the final and entire agreement between us regarding your use of the OCEG Site and supersede all previous and contemporaneous verbal or written negotiations, understandings, or agreements regarding your use of the OCEG Site.
- We may discontinue or change the Site or its availability to you, at any time.
- This Agreement is personal to you, which means that you may not assign your rights or obligations under this Agreement to anyone. No third party is a beneficiary of this Agreement.
- You agree that this Agreement, as well as any and all claims arising from this Agreement will be governed by and construed in accordance with the laws of the State of Arizona, United States of America applicable to contracts made entirely within Arizona and wholly performed in Arizona, without regard to any conflict or choice of law principles. The sole jurisdiction and venue for any litigation arising out of this Agreement will be an appropriate federal or state court located in Phoenix, Arizona. This Agreement will not be governed by the United Nations Convention on Contracts for the International Sale of Goods.
OCEG seeks to ensure the ethical use of information collected online and to protect the privacy of those who register on or otherwise use our Site. In addition to the provisions regarding data of anyone who enters into an OCEG Member Agreement, We follow these privacy practices:
- Information we collect
When you register on the OCEG Site, we ask you to provide certain information in order to gain access to content and features on the Site. The following fields are required to subscribe:
- First & Last Name
- Company Name
- Title / Position (your job title)
- Billing / Credit Card Information (where applicable)
- E-mail Address
- Mailing Address and Phone Number
- User Name (which may be your email address)
We ask that you provide additional voluntary information to complete your profile so that we may serve you better. The more information you provide about your interests and your organization, the more we can provide content of interest to you.
Anonymous information is collected for every visitor to the OCEG site. This includes:
Release to Third Parties
- Device or System Information such as hardware model, operating system, device identifiers, browser type.
- Use information such as pages viewed, date and time,. IP numbers are used to determine domain type and in some cases, geographic region. We do not make any association between this information and a visitor's identity.
Use of Data
- You may disallow the release of personally identifiable information to third parties.
- We never provide contact information, or names, of any individuals or entities that participate in any OCEG benchmarking studies to anyone, except to the extent that you answer a question indicating that you want to be contacted to participate in future benchmarking or research with OCEG or any survey sponsor. Even in that case, the rest of your survey answers will not be provided to anyone with any identification of who provided the answers.
- From time to time, we send you email on behalf of GRC thought leaders and organizations, when they wish to send you information that is GRC related and of value to our members. If you wish to opt-out and prevent receiving such communications, you may do so by using the unsubscribe/manage link at the bottom of any communication or changing the communication preferences associated with your user name in the My Account section of the Site when you are logged in.
- We provide contact information of those who download sponsored materials or participate in sponsored webinars to the Sponsors of those products and events. If you are asked to register for such download or attendance by providing your contact information, it will be shared with the Sponsors who may use it to contact you, so if you don’t want that to happen, don’t download the item or register for the event.
- Completing the registration form for one of our events or download offers constitutes opting-in to your information being shared with the identified Sponsor of that item for the purpose of being further transferred, stored, processed and used within the Sponsor company and/or third parties that the Sponsor may choose at its reasonable discretion, for research and marketing activities. You are also opting-in to receiving promotional electronic communications, such as, but not limited to, phone calls, faxes, e-mail, newsletters and related materials, from the Sponsor or from third parties on behalf of the Sponsor.
- Personally identifiable information you give us will be used to:
We will release your personal information as ordered by any court of law, and we do not guarantee that we will provide prior or subsequent notice to you. We will not challenge, or defend against any action seeking, such a court order.
- Process billing and orders for products/services you choose to purchase on our Site
- Send you information you may request and/or personalize the content you see based on personal preferences
- Send you occasional updates about OCEG activities and developments and about those of other organizations that relate to governance, risk management, ethics, compliance and other business issues which we believe you will find valuable.
- Help us identify the time, date, Internet location, and system information you use during any purchase. This information will assist us in the event of fraud against your credit card.
- Provide us with aggregate information about use of our Site to help us understand what role in organizations (e.g., lawyer, auditor, etc.) and what types of organizations use our Site, so that we may improve its usability and value. We also use aggregate data from online surveys you choose to fill out for research and publication purposes. Individuals or firms are not identified in any such research or publication.
- We may include the names of subscribing companies (or companies of unidentified individual members) in promotional materials, but this would not include personally identifiable information.
- Meet audit needs of certification authorities for CPE program reviews.
- How we store and protect information
We have implemented reasonable measures to secure your personal information from accidental loss and from unauthorized access, use, alteration and disclosure. However, the transmission of information is not completely secure. We cannot guarantee the security of personal information transmitted to us, and any transmission of such information is at your own risk. Our website may contain links to third party websites and online services. We are not responsible for the privacy practices or content of third party websites.
OCEG’s policy is that our website may be used only by users who are over the age of 18. We do not intentionally collect any information from children or users that we have reason to believe are under the age of 18. However, if a parent learns that a child has submitted Personal Information to our website, the parent should contact us and that information will be deleted.
The OCEG Site contains links to other Sites, but we cannot be responsible for the privacy policies of other Sites. We encourage you to read the privacy statements of each Site you visit.
- Do Not Track’ notifications.
Some browsers allow you to automatically notify websites you visit not to track you using a “Do Not Track” signal. There is no consensus among industry participants as to what “Do Not Track” means in this context. Like many websites and online services, we currently do not alter our practices when we receive a “Do Not Track” signal from a visitor’s browser.
- Notification of Changes
Subject to certain exceptions prescribed by law, you have a right to access or request correction or deletion of most personal data that we have about you. In some circumstances, it may not be possible for us to provide you with all of your personal data. For instance, there may be instances where disclosing the requested information would impact the privacy of another individual. Where we cannot provide access to personal data held about you, we will tell you why.
If you think that any personal data we hold about you is inaccurate, you may contact us using the contact details below and we will take reasonable steps to ensure that the information is corrected. We may take steps to verify your identity before providing you access to your personal data.
If you send any request for access to or correction of your personal data, we will do our best to respond within a reasonable period after your request. We may retain all information you submit for backups, archiving, prevention of fraud, legal compliance or where we have a legitimate reason to do so.
- ask questions about this Privacy Statement or our privacy practices
- to obtain a copy of this Privacy Statement in paper format
- request access to information that we have about you
- correct any information you have provided
- delete information that we have about you
you may contact us electronically at [email protected]