Privacy Policy

Last modified - 07/21/2021
Archived versions [01/05/2020]

About This Privacy Policy

Global Risk Management Solutions, LLC (“GRMS”, “we” or “us”) takes privacy seriously and is committed to honoring yours. This Privacy Policy describes how we collect, use and share personal information in connection with operating our public website GlobalRMS.com, our supplier program enrollment websites, our online client and supplier portals for our risk assessment services, as well as any other online service we operate that links to this Policy (collectively, the “Services”). This Policy also describes related rights and choices you may have, but certain rights may not apply if you are using our Services as an agent of a supplier, client or other organization.

This Policy doesn’t apply to personal information included in the content that clients or their suppliers provide, or that we obtain on their behalf, for risk assessment purposes (“Client Personal Information”). We do not control the type or accuracy of supplier- or client-provided content. Each client and supplier is responsible for managing any Client Personal Information it submits to our platform, and for taking all measures necessary to comply with applicable privacy laws to ensure that we may lawfully process, use and disclose such Client Personal Information to provide our Services. Our Notice Of Client Data Processing explains our commitment to protecting Client Personal Information in our role as a service provider and data processor. If you believe that we have processed your personal information on behalf of a company who is our client, please review that company’s privacy policy and direct any inquiries there.

By using a Service, you consent to the practices described in this Policy unless further consent is required under applicable law.

What Is Personal Information?

Generally speaking, your personal information includes your unique identifiers (full name, phone number, driver’s license number, email address, etc.) and information about your characteristics, conditions or behavior that is associated within one of your identifiers or could reasonably be linked to you.

Non-personal information, on the other hand, has been de-identified, aggregated or anonymized so that it cannot reasonably be linked to an individual.

Personal Information We Collect


3.1 Information You Provide

We may collect the following types of personal information when you visit our website, set up or use an account for our risk assessment portal on behalf of a client or supplier, sign up to receive emails from us, fill out our webform, use our online referral feature, or contact us with questions or comments:

  • Contact information such as full name, phone number, address, email address
  • Other identifiers associated with enrollment, risk assessment initiation or creation of a user account, such as social security number, taxpayer ID number, employer ID number, user ID, and other login information
  • Payment card information, if you subscribe to a Service on behalf of a client or supplier, which is processed on our behalf by a trusted service provider
  • Professional or business information
  • Content in your comments, posts or communications
  • Any other personal information you may choose to share with us

If you decline to provide requested information, we may not be able to provide certain Services or features.

3.2 Information Logged Automatically

Like many online services, our Services may automatically collect some or all of the following types of information about you or your device in log files when you visit or use our site or other online services (“Log Data”). Log Data helps make site features work properly, and may include, among other things:

  • IP address
  • other online identifiers (cookie ID, mobile advertising ID)
  • device information (operating system, browser type)
  • browsing activity (the name of the site you visit before or after navigating to our site)
  • site usage (the pages you visit on our site, the time you spend there, and how you interact with site features)
  • location

Where feasible, we limit collection to non-personal Log Data, or we anonymize, aggregate, or otherwise de-identify Log Data before using or sharing it.

Some Log Data is collected through the use of cookies or other online "tracking" technologies. Learn more about cookies and how we use them in (Section 6 - Cookies and Online Tracking).

How We Use Personal Information

GRMS uses those categories of personal information for the following purposes, subject to any legal conditions that may apply in your area:

  • to provide our risk assessment Services to our clients and their contracting suppliers
  • to make our Service function correctly
  • to process payments for our Services
  • to secure parts of our Services that are restricted to authorized clients or suppliers
  • to communicate with clients or suppliers about a Service or additional services they may be interested in
  • to respond to inquiries
  • to analyze website usage and performance
  • to prevent fraud and enforce our terms of service
  • to communicate with you about special offers or other services you may be interested in
  • to analyze performance of our marketing efforts
  • to protect our legal rights, comply with our legal obligations, or comply with regulatory or legal demands for documents and information

We may use non-personal information to analyze website usage, improve our services, or for any other purpose.

How We Share Personal Information


5.1 Vendors

GRMS may share your information with vendors that perform services on our behalf, such as analyzing data, technical advice, providing marketing assistance, support for our services to clients, background investigations, data suppliers, providing screening services, processing credit card payments and providing customer service. Where necessary and appropriate, our agreements with vendors prohibit them from retaining, using, disclosing or otherwise processing the personal information GRMS shares with them for any other purpose.

5.2 Mandatory Disclosures And Legal Proceedings

GRMS may have a legal obligation to disclose personal information to government authorities or other third parties pursuant to a valid regulatory request, subpoena or court order. GRMS may also need to disclose and otherwise process your personal information in accordance with applicable law to prevent physical harm or financial loss, protect the vital interests of a person, enforce GRMS’ various policies or terms of use, protect GRMS’ property, services and legal rights, prevent fraud, support auditing, compliance and corporate governance functions, or comply with applicable law.

5.3 Change In Control Or Merger

We may transfer your information in the event of the sale of substantially all of the assets of our business to a third-party or in the event of a corporate merger, consolidation, acquisition or reorganization. However, in such event, any acquirer will be subject to the provisions of our commitments to you or we will not disclose your information.

5.4 With Your Direction Or Consent

We will share your personal information with other third parties as you may direct or otherwise consent.

Cookies And Online Tracking

A browser cookie is a small piece of data sent by a website that is stored in your device’s browser. Most cookies contain a unique identifier called a cookie ID which is a string of characters that websites associate with the browser on which the cookie is stored. This allows websites to distinguish the browser from other browsers that store different cookies, and to recognize each browser by its unique cookie ID.

The cookies used on our site come from our web domain, and serve the following purposes:

  • Essential – Essential Cookies support or enable security features, help detect malicious or fraudulent activity, and enable secure log-in.
  • Functional – Functional Cookies help the site work better for you by remembering your log-in details, and making sure the site looks consistent to you.
  • Analytics – Analytics Cookies help us learn how well the site is performing and to understand, improve, and research products, features, and services.

We don’t allow third party web domains to store cookies in your browser through our Services, and we don’t use pixels or any similar technologies that might allow third parties to track your online activity. However, if our website includes a link to a third party’s site and you choose to click on it, we have no control over cookies that third party may use, and you should consult the third party’s privacy policy.

Most browsers are set up to accept cookies by default but you can change your browser settings to block some or all types of cookies. If you block cookies, some features of our website or other sites may not function correctly for you.

California Residents


7.1 Third-Party Direct Marketing

If you are a California resident and have an established relationship with a business, you have a right to request information about the business’ disclosure of your personal information to third parties for the third parties’ direct marketing purposes. GRMS does not disclose personal information to third parties for their direct marketing purposes.

7.2 California Consumer Privacy Act

As of January 1, 2021, GRMS is not a “business” as defined in the California Consumer Privacy Act of 2018, as amended (the “CCPA”). As our business and operations expand, we are committed to reviewing applicability of the CCPA and other laws regarding privacy or data protection on at least an annual basis, and will update this Policy accordingly when necessary and appropriate.

Some of our clients may be covered businesses under the CCPA. For those clients, we collect or otherwise process personal information on their behalf as a "service provider" as defined in the CCPA. Our Notice Of Client Data Processing explains our commitment to safeguarding consumer privacy in our role as a service provider.

Data Subjects In The European Economic Area, United Kingdom or Switzerland

GRMS is headquartered in the United States. Our services are for business organizations; we do not offer goods or services to consumers or other natural persons in the European Economic Area (EEA) or elsewhere outside of the United States. If you visit our website or contact us, your personal data will be processed in the United States — which has neither sought nor received a finding of “adequacy” from the European Commission under Article 25 of the EU’s General Data Protection Regulation — and will be handled in accordance with this Policy and applicable U.S. law unless we have agreed otherwise in writing with you or with a client or supplier you are affiliated with.

Some of the data that we collect or otherwise process on behalf of clients may include Client Personal Information relating to natural persons who have rights under GDPR. GRMS processes such Client Personal Information strictly as a “data processor” to our client as that term is defined in the GDPR. Our Notice Of Client Data Processing describes our commitment to data protection in our role as a data processor.

"Do Not Track" Signals

Your browser may offer a Do Not Track (DNT) setting. If you turn that setting on, your browser sends a signal to websites indicating that you do not want to be tracked over time or across third party sites. We do not currently respond to these signals because there is not yet a common understanding of how to process them or a consensus on what “tracking” means.

Data Security

GRMS maintains reasonable security procedures and practices to protect personal information from unauthorized access, theft, loss, misuse, alteration or destruction. Despite these precautions however, we cannot guarantee that unauthorized persons will not obtain access to your personal data because “perfect security” is impossible in the digital age.

We encourage you to help maximize security by applying your own personal security measures. For more information about what you can do to protect your data, please see the tips and resources offered by the U.S. Federal Trade Commission at https://www.consumer.ftc.gov/topics/privacy-identity-online-security and the California Attorney General at https://www.oag.ca.gov/privacy/consumer-privacy-resources.

Links To Third Party Sites

Our website may provide links to third-party websites or information as a service to users. If you use these links, you will leave our site. Such links do not constitute or imply an endorsement, sponsorship or recommendation by GRMS of the third party, the third-party website or the information contained therein, and GRMS shall not be responsible or liable for your use thereof. Such use shall be subject to the terms of use and privacy policies applicable to those sites.

Children's Privacy

GRMS does not provide services or sell products to children under the age of eighteen (18). We do not knowingly collect or maintain any personal information from anyone under the age of eighteen (18). We will remove or delete any personal information we believe was submitted by any child under the age of eighteen (18).

Changes To This Policy

If our Privacy Policy or procedures change, we will immediately post those changes to our website. Any such changes will be effective immediately upon being posted, unless otherwise stated in the change. It is and will be your responsibility to review our Privacy Policy from time to time to make sure you are aware of any changes.

Contact Us

If you have any questions about our Privacy Policy, please do not hesitate to contact:

Global Risk Management Solutions
Attn: Legal Department
5271 California Ave. Suite 290
Irvine, CA 92617
United States
Phone: +1 949 759-8500
Email:  privacy@globalrms.com

Don't miss our future updates.