At IBM we recognize the importance of protecting your personal
information and are committed to processing it responsibly and in
compliance with applicable data protection laws in all countries in
which IBM operates.
With regard to the GRIT App:
WHAT KINDS OF PERSONAL DATA WE COLLECT AND WHERE IT IS COLLECTED FROM
We collect and use the following personal information to provide,
improve, and protect the GRIT App.
Account information. We collect, and associate with your account,
the information you provide to us when you do things such as sign up for
your account and create your profile.
Employment information. We collect, and associate with your
account, the information you provide to us when you do things related to
employment like your resume data and MOS information.
Contacts. You may choose to give us access to your contacts to
invite members to your squad. If you do, we’ll store those contacts on
Survey Data. You may choose to answer assessment questions, mood
questions or link your Twitter account. If you do, we’ll store this
information anonymously on our servers.
WHY WE COLLECT PERSONAL DATA AND WHAT WE DO WITH IT
The GRIT App tries to limit the collection, use and disclosure of
personal information to information that is necessary for the following
To communicate with you. We use the information we have to send you
notifications and remind you to take actions within the GRIT App. We
also use your information to respond to you when you contact us.
To communicate with your squad. If you add a squad member and their
contact information to your squad we will potentially contact them
to remind them to reach out to you.
To analyze scores for assessments and be able to trigger actions
like notifying the squad, reminding you about immediate help and
digital assistant resources.
To find jobs and perform skill gap analysis that match your skill
sets based on your resume and employment information.
For audit, quality control and legal and regulatory compliance
purposes including the protection of our interests in civil or
criminal proceedings, to resolve any disputes that we may have and
to enforce our agreements.
To conduct research, compile aggregate data, statistics and reports
and to perform analytics about the use of the GRIT App and service
standards. These forms of data, statistics and reports do not
contain any information that could reasonably be used to identify
We will retain personal information for as long as necessary for the
purpose for which it has been collected, or as long as we are required
and/or permitted to retain such information by law.
WHO WE SHARE PERSONAL DATA WITH
We may share information as discussed below, but we won’t sell it to
advertisers or other third parties.
Other users: The GRIT App display information like your name to
members in your squad. No personal information besides your name
will be shared with your squad at any point.
Law & Order and the Public Interest: We may disclose your
information to third parties if we determine that such disclosure is
reasonably necessary to: (a) comply with any applicable law,
regulation, legal process, or appropriate government request; (b)
protect any person from death or serious bodily injury; (c) prevent
fraud or abuse of the GRIT App or our users; (d) protect IBM’s
rights, property, safety, or interest; or (e) perform a task carried
out in the public interest.
WHAT KINDS OF DEVICE DATA WE COLLECT AND WHAT WE DO WITH IT
We also collect information from and about the devices you use to access
the GRIT App. This includes things like:
Personal information you may provide to download and use the App,
including your email address, name, and password
Information about your usage of the App, including crash logs and
Information about your device and its interaction with the App,
including the type of mobile device you use with the App, its unique
user ID, IP address, and operating system, and the type of mobile
Internet browsers in use
Information about the location of your device, including
IBM may use the Device information collected through this App in the
To review the quality and improve the functionality of the App
To better improve the way the App works with your device
To create new Apps
To provide anonymized user analytics and industry benchmarking
To share anonymized data with third parties
This Privacy Statement is supplemented by the
IBM Online Privacy Statement, which provides more information in the online context, including
recruitment. We may provide additional or more specific information on
the collection or use of personal information on websites or related to
a specific product or service.
Where we reference that we use your personal information in relation to
marketing, improvement or development of our products or services, for
reasons of safety and security, or regulatory requirements other than in
connection with your agreement or request, we do this on the basis of
our or a third party’s legitimate interests, or with your consent. When
we collect and use your personal information subject to the EU Privacy
Legislation this may have consequences for
Sharing of Personal Information
As a global organization offering a wide range of products and services,
with business processes, management structures and technical systems
that cross borders, IBM has implemented global policies, along with
standards and procedures, for consistent protection of personal
information. As a global company, we may share information about you
with our subsidiaries world-wide and transfer it to countries in the
world where we do business in accordance with this Privacy Statement.
Between IBM controlled subsidiaries we only grant access to personal
information on a need-to-know basis, necessary for the purposes for
which such access is granted. In some cases, IBM uses suppliers located
in various countries to collect, use, analyze and otherwise process
personal information on its behalf.
Where appropriate, IBM may also share your personal information with
selected partners to help us provide you, or the company you work for,
products or services, or to fulfill your requests, or with your consent.
When selecting our suppliers and partners, we take into account their
data handling processes.
If IBM decides to sell, buy, merge or otherwise reorganize businesses in
some countries, such a transaction may involve the disclosure of
personal information to prospective or actual purchasers, or the receipt
of such information from sellers. It is IBM's practice to require
appropriate protection for personal information in these types of
Please be aware that in certain circumstances, personal information may
be subject to disclosure to government agencies pursuant to judicial
proceeding, court order, or legal process. We may also share your
personal information to protect the rights or property of IBM, our
business partners, suppliers or clients, and others when we have
reasonable grounds to believe that such rights or property have been or
could be affected.
The international footprint of IBM involves a large number of transfers
of personal information between different subsidiaries, as well as to
third parties located in the countries where we do business. Some
countries have implemented transfer restrictions for personal
information, in connection with which IBM takes various measures,
Where required, IBM implements Standard Contractual Clauses approved
by the EU Commission, or similar contractual clauses in other
jurisdictions. This includes transfers to suppliers or other third
parties. You can request a copy of the EU Standard Contractual
While the EU-U.S. and Swiss-U.S. Privacy Shield Framework may no longer
be used or relied upon for transfer of personal information, IBM
continues to comply with all EU-U.S. Privacy Shield Framework and
Swiss-U.S. Privacy Shield Framework obligations. More information can be
US Department of Commerce.
Information Security and Accuracy
We intend to protect your personal information and to maintain its
accuracy. IBM implements reasonable physical, administrative and
technical safeguards to help us protect your personal information from
unauthorized access, use and disclosure. For example, we encrypt certain
sensitive personal information such as credit card information when we
transmit such information over the Internet. We also require that our
suppliers protect such information from unauthorized access, use and
We will not retain personal information longer than necessary to fulfill
the purposes for which it is processed, including the security of our
processing complying with legal and regulatory obligations (e.g. audit,
accounting and statutory retention terms), handling disputes, and for
the establishment, exercise or defense of legal claims in the countries
where we do business.
Because the circumstances may vary depending on the context and the
services, the information provided in
Online Privacy Statement
or provided in a specific notice may provide more detailed information
on applicable retention terms.
How to contact us
If you have a question related to this Privacy Statement, please contact
us by using this
Your message will be forwarded to the appropriate member of IBM's Data
Privacy Team, such as Data Protection Officers or members of their
Where this is relevant, the controller of your personal information is
International Business Machines Corporation (IBM Corp.), 1 North Castle
Drive Armonk, New York, United States, unless indicated otherwise. Where
IBM Corp. or a subsidiary it controls is required under data protection
law to appoint a legal representative in the EEA or the UK, the
representative for the EEA will be IBM International Group B.V., Johan
Huizingalaan 765, 1066 VH Amsterdam, The Netherlands; and the
representative for the UK will be IBM United Kingdom Limited, PO Box 41,
North Harbour, Portsmouth, Hampshire, PO6 3AU, United Kingdom.
IBM Corp. is not the controller in situations such as:
Personal information processed in connection with a contractual
relationship, or with entering into a contractual relationship with
a specific IBM subsidiary. In this case the controller of personal
information is the IBM contracting company, which is the legal
entity with which you or your employer have, or will have, the
Personal information collected on the physical site or location of
an IBM subsidiary. In this case that subsidiary is the controller of
the personal information.
You can request to access, update, or correct, and in certain
circumstances, to delete your personal information. You also have the
right to object to direct marketing. You can access the request process
You may have additional rights pursuant to your local law applicable to
the processing. More information can be found
Right to Lodge a Complaint
In the event you consider our processing of your personal information
not to be compliant with the applicable data protection laws, you can
lodge a complaint:
With the competent data protection authority. The name and contact
details of the Data Protection Authorities in the European Union can
Changes to our Privacy Statements
We may update this Privacy Statement from time to time to reflect
changes to our data governance practices. The revised Privacy Statement
will be posted here with an updated revision date. We encourage you to
check back periodically for any changes or updates. If we make a
material change to our Privacy Statement, we will post a notice at the
top of this page for 30 days. By continuing to use our websites after
such revision takes effect we consider that you have read and understand
The Squad feature of GRIT is supporting the VA Network of Support pilot
program. As your privacy is very important to us, if you are a NOS pilot
participant and will opt in to use your Squad to support this
initiative, please see the NOS Pilot Privacy Statement