Training
Training Overview For ERG Leaders For Executive Sponsors Heritage & Awareness Day Programming For Leadership Summits ERG University ERG Intelligence
Memberships
Membership Overview ERG Leaders Program Oversight Managers Inclusive Organizations
Certification
Certification Overview ERG Leader Certification ERG Oversight Manager Certification Expert ERG Trainer Certification
Events
ERG Learning Labs SynERGy Oversight Managers Summit Oversight Manager Regional Roundtables ERG Solution Partner Day
About
ELA Overview ELA's Global Training Faculty ELA Global Community Free Resources ELA Solution Partners Find an ERG/DEI Job
Contact

 

Privacy Policy


ERG Leadership Alliance (the “Company”) respects the privacy concerns of the users of its website, www.ergleadershipalliance.com, and the services provided therein (the “Site”). The Company thus provides this privacy statement to explain what information is gathered during a visit to the Site and how such information may be used.


Use of Information: As a general policy, no personal identifiable information, such as your name, address, or e-mail address, is automatically collected from your visit to the Site. However, certain non-personal information is recorded by the standard operation of the Company’s internet servers. Information such as the type of browser being used, its operating system, and your IP address is gathered in order to enhance your online experience. The Site’s various mailing lists, downloads, special offers, contests, registration forms, and surveys may request that you give us contact information such as your name, mailing and/or e-mail address, demographic information such as your age and gender, and personal preference information such as your preferred software and interests. Information submitted at the time of submission will be used by the Company only as necessary for our legitimate business interests, including without limitation the improvement of our products, services, and the contents of the Site. The Company may also share such information with our business and promotional partners to further those interests. Personally identifiable information is never sold or leased to any third party. With your permission, we may use your contact information to send you information about our company and products. You may always opt out of receiving future mailings as provided below. The Company does not store any credit card information it may receive in regard to a specific transaction and/or billing arrangement except as necessary to complete and satisfy its rights and obligations with regard to such transaction, billing arrangement, and/or as otherwise authorized by a user.

The Company may disclose user information in special cases when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference (either intentionally or unintentionally) with the Company’s rights or property, other users of the Site, or anyone else that could be harmed by such activities.

The Company may also be required to disclose personal information in response to lawful requests by public authorities, including meeting national security or law enforcement requirements.

Please also note that third parties who provide and/or publish content via the ERG Leadership Alliance shall be deemed the data controllers for any personal data contained in the content uploaded by any such party to the Company’s ERG Leadership Alliance (“Third Party Content”) and any other personal data processed in relation to such Third Party Content. This privacy policy only concerns the processing for which the Company is a data controller. If you have any questions regarding personal data contained in the Third Party Content, please contact the third-party provider responsible for such Third Party Content.

Children Age 16 and Under: The Company recognizes the special obligation to protect personally identifiable information obtained from children age 16 and under. AS SUCH, IF YOU ARE 16 YEARS OLD OR YOUNGER, THE COMPANY REQUESTS THAT YOU NOT SUBMIT ANY PERSONAL INFORMATION TO THE SITE OR TO THE COMPANY. If the Company discovers that a child age 16 or younger has signed up on the Site or provided us with personally identifiable information, we will delete that child’s identifiable information from our records.

Use of Cookies: Cookies are pieces of information that a website transfers to an individual’s computer hard drive for recordkeeping purposes. Cookies make using our Site easier by, among other things, saving your passwords and preferences for you. These cookies are restricted for use only on our Site and do not transfer any personal information to any other party. Most browsers are initially set up to accept cookies. You can, however, reset your browser to refuse all cookies or indicate when a cookie is being sent. Please consult the technical information relevant to your browser for instructions. If you choose to disable your cookies setting or refuse to accept a cookie, some parts of the Site may not function properly or may be considerably slower.

Malware/Spyware/Viruses: Neither the Company nor the Site knowingly permits the use of malware, spyware, viruses, and/or other similar types of software.

Links to External Sites: The Company is not responsible for the content or practices of third-party websites that may be linked to the Site. The Company is also not responsible for any information that you might share with such linked websites. You should refer to each website’s respective privacy policies and practices prior to disclosing any information.

Bulletin Boards and Chat Areas: Guests of the Site are solely responsible for the content of messages they post on the Company’s forums, such as chat rooms and bulletin boards. Users should be aware that when they voluntarily disclose personal information (e.g., username, e-mail address, phone number) on the bulletin boards or in the chat areas, that information can be collected and used by others and may result in unsolicited messages from other people. You are responsible for the personal information you choose to submit in these instances. Please take care when using these features.

Choice/Opt-Out: The Site may provide you with the opportunity to opt-in to receive communications from us at the point where we request information about you. You always have the option of removing your name from any e-mail list in order to discontinue any such future communications. In order to ensure immediate removal from any list, please follow the specific instructions set forth within the communications you receive from the Company which you no longer wish to receive. If you are unsuccessful in completing the instructions specified in any such communication, please e-mail us at [email protected], including a copy of the undesired email attached to the request, and state that you wish to be removed from the mailing list.

Transfer of Information Across National Borders: Our site and various information we collect are operated on servers located in various jurisdictions, including the United States. When you access or use the Site and/or our services, personal information about you may be transferred outside the country in which you are situated to these other locations. The Company’s policies ensure that such personal information is protected to the same standard when processed by any Company entity or office around the world. We also ensure that appropriate contracts containing standard data protection clauses approved by the European Commission to protect that information and the rights of individuals are in place with any and all third-party service providers we may use.

Your Access to and Control Over Your Personally Identifiable Information: At any time, but only once per calendar year, or as otherwise required under applicable law, users may contact the Company to review the personally identifiable information that Company has collected about you. If you discover any errors, please notify the Company and the information will be corrected. To review the personally identifiable information that the Company has collected about you, please send an email to [email protected] with the subject line: “Personal Information Review Request.” Users may also request that the Company delete a user account(s) or if you have not established a user account, your email address, and any related data at any time. If you wish to delete your user account(s), please email us at [email protected] with the words “Delete Account” in the subject line. If you do not have a user account and wish to delete your email address or other personally identifiable information that you might have provided through your use of the Site, any Games, and/or any Services, please email us at [email protected] with the words “Delete My Information” in the subject line.

You may also choose to confirm that the Company does not use your personal information in certain ways and/or to otherwise “opt-out” of certain uses of that personal information, including without limitation (i) when your personal may be disclosed to a third party unrelated to the Company and/or parties directly related to providing your Services and/or (ii) when your personal information may be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you. If you wish to limit your personal data in either such way or have other questions about how the Company may use your personal data, please contact us at [email protected] with the words “Privacy Request” in the subject line.

Contact Information for Complaints or Concerns: If you have any complaints or concerns about the Company or about this privacy statement, please contact: [email protected]

Information provided by you via general e-mail inquiries to the Company such as your e-mail address is used only to respond to your inquiries in the ordinary course of business, and is never shared with third parties.

If you are a resident of the EU and have an unresolved data privacy concern or personal information collection, use, or disclosure concern, you may file a complaint/inquiry with us at: [email protected].

Security/How Your Personally Identifiable Information Is Protected: Security for all personally identifiable information is extremely important to us. We have implemented technical, administrative, and physical security measures to attempt to protect your personal identifiable information from unauthorized access and improper use. We also protect your personal identifiable information offline. Only employees who need the information to perform a specific job (for example, customer service) are granted access to personally identifiable information. The computers/servers on which we store personally identifiable information are kept in a secure environment. We continually review all such measures and update them when appropriate. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, the Company cannot ensure or warrant the security of any information you transmit via the internet. By transmitting any such information to Company, you accept that you do so at your own risk.

Your Acceptance of These Terms: By using the Site, you accept the policies and restrictions set forth in this Online Privacy Policy. If you do not agree to this policy, please do not use the Site. This Online Privacy Policy may be revised from time to time by updating this posting. You are bound by any such revisions and should therefore periodically visit this page to review the then-current Online Privacy Policy to which you are bound.

GDPR Compliance:
For individuals that are from the UK, the EEA, Switzerland, or other regions that require a lawful basis for processing personal information (such as under GDPR Article 6), ELA’s legal basis for collecting and processing personal data of Clients, Client Contact and Visitors will depend on the nature of the personal data, the context in which we are collecting it, and the circumstances of the processing activity. When we collect, use, process or disclose your personal data, we will rely on one or more of the following legal grounds:

  • Performance of a contract (including any Client contract) – Where we need the personal data to perform our obligations under a Client master services agreement or other binding contract.
  • Consent – Where we have received your consent to do so.
  • Legitimate Interests – Where it is in our legitimate business interests (for example, to provide individuals with access to the our Platform, to improve our products and services, to send individuals information they have requested, to ensure the security of our Sites by preventing unauthorized access, or to enforce compliance with our terms of use and other policies), and such interests are not overridden by the individual’s data protection interests, or fundamental rights and freedoms.
  • Legal Requirement – If we are required to collect, use, process or disclose your personal data due to a legal or regulatory requirement, we may do so.

For example, where we are the processor for our Clients, our legal basis may be fulfilment of a contract or consent. Where we are the controller for Visitor personal data, our legal basis will be consent or legitimate interest.

Data Incident and Breach Response Policy and Plan
Effective July 2025
1. Purpose
This document outlines the policy and procedures of ERG Leadership Alliance, LLC for responding to personal data incidents and breaches. It is designed to ensure swift, appropriate, and compliant action in the event of a data incident, and to safeguard the rights and interests of all affected parties.
 

2. Scope
This policy applies to all employees, contractors, associates, and partners who process or manage personal data on behalf of ERG Leadership Alliance, LLC. It covers incidents involving electronic, paper-based, or verbal data disclosures.
 

3. Policy Overview
ERG Leadership Alliance, LLC is committed to protecting personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. In the event of a personal data breach, we follow the ICO’s recommended seven-step response framework to assess, contain, and manage the incident.

4. Definition of a Personal Data Breach
A personal data breach is a security incident that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data.


5. Data Incident and Breach Response Plan
Step 1: Remain Calm and Begin Documentation
Start a breach log immediately, even if the breach may not be reportable.
Record key details: what happened, when, who discovered it, and any immediate actions taken.

Step 2: Start the 72-Hour Clock
The clock starts from the point when the breach is discovered—not when it occurred.
Determine if the breach meets the threshold for reporting to the ICO.
Reporting must be completed without undue delay and within 72 hours if required.

Step 3: Establish the Facts
Investigate the breach to understand:
What data was affected.

How it happened.

Who is impacted.

Timeline of events.

Step 4: Contain the Breach
Take immediate steps to stop further data loss or exposure.

Recall or secure emails.

Retrieve or remotely wipe lost or stolen devices.

Change passwords or revoke access where appropriate.

Notify building security if physical documents are missing.


Step 5: Assess the Risk
Evaluate the potential harm to individuals, such as:

Identity theft.

Financial loss.

Emotional distress.

Reputational damage.

Use data risk assessment framework to determine the level of impact and likelihood of harm.

Step 6: Protect Affected Individuals
If appropriate, notify affected individuals with:
Clear explanation of what happened.

Steps they should take to protect themselves.

Support and advice being offered by ERG Leadership Alliance, LLC.

If the risk is high, notification must occur without undue delay, in accordance with GDPR.

Step 7: Report the Breach (if necessary)
If the breach is reportable:
Notify the ICO using the official reporting form.

Provide as much information as possible.

Include details of containment actions, risk assessment, and future mitigation plans.

Submit a follow-up report if additional information becomes available.

6. Ongoing Responsibilities
Review and Learn: After every breach, review the incident and update internal procedures to reduce the risk of recurrence.

Training: All staff are trained annually on data protection and breach response protocols.

Policy Review: This document is reviewed annually and after any reportable breach to ensure ongoing effectiveness and legal compliance.

7. Contact for Reporting
All data incidents must be reported immediately to the Data Protection Lead:

Name: Maureen Cidzik
Email: [email protected]
Phone: (+1) 508.925.0110

Updated: July 2025