GPM Global · Policy Document · Updated March 10, 2025

GPM® Privacy Policy

At GPM, protecting your privacy is a core commitment. This Privacy Policy explains how we collect, use, share, and safeguard your personal information when you visit our websites, use our services, or interact with us. By using our services, you agree to the terms of this Privacy Policy.

1. Information We Collect

How We Collect It

Directly from you: When you sign up for services, download resources, make a purchase, contact us, or participate in surveys or training programs.

Automatically: Through cookies, server logs, and analytics tools when you visit our websites. See Section 3 for details.

From third parties: Business partners, service providers, certification bodies, and publicly available sources.

Types of Information

Personal identifiers	Name, address, email address, phone number.
Account details	Username and hashed or encrypted password.
Payment information	Billing address. GPM does not store credit card numbers or full payment card data. Payment processing is handled by PCI-compliant third-party processors who handle card data under their own security controls.
Technical data	IP address, browser type, operating system, device type, and referring URLs.
Usage data	Pages visited, time spent on site, content accessed, and interactions with our platforms.
Communication preferences	Your choices regarding marketing and other communications from GPM.

2. How We Use Your Information

We process your personal information on the following legal bases (as applicable under GDPR and equivalent laws):

Contract performance	Providing and managing the services you request, processing payments, and managing your account.
Legitimate interest	Improving our website, services, and user experience; conducting research and analysis; enforcing our terms of service; protecting GPM’s legal rights; detecting and preventing fraud or security incidents.
Consent	Sending marketing communications, newsletters, and promotional materials. You may withdraw consent at any time.
Legal obligation	Complying with applicable laws, regulations, and lawful requests from public authorities.

Automated decision-making: GPM does not use your personal data for fully automated decision-making or profiling that produces legal or similarly significant effects.

3. Cookies and Tracking Technologies

We use cookies and similar technologies for the following purposes:

Essential cookies: Required for the site to function. These cannot be disabled.

Analytics cookies: Analyze site traffic and user interactions to improve our services (e.g., Google Analytics).

Preference cookies: Remember your settings and preferences across sessions.

Where required by law (including the EU ePrivacy Directive and GDPR), we obtain your consent before placing non-essential cookies. You can control cookie preferences through your browser settings or our cookie consent tool. Disabling non-essential cookies may limit certain functionality on our site.

4. Sharing Your Information

We share your information only as described below. We do not sell your personal data to third parties.

Service Providers	Cloud hosting providers, payment processors, email platforms, and customer relationship management systems. These providers are contractually obligated to protect your data and use it only for the services they provide to GPM.
PMI-GPM Joint Venture	Where relevant to Joint Venture products and services, data may be shared with the PMI-GPM Joint Venture under applicable data sharing agreements.
Legal Authorities	When required by applicable law, court order, or to protect GPM’s rights, property, or safety.
Analytics Tools	Google Analytics and similar platforms that help us understand site usage. These tools may set their own cookies subject to their privacy policies.

5. Data Retention

We retain personal data only for as long as necessary for the purposes described in this policy. Our general retention practices are:

Account and certification records	Retained for the duration of your relationship with GPM and for up to 7 years following account closure, to satisfy legal and audit obligations.
Transaction records	Retained for up to 7 years to comply with tax and financial reporting obligations.
Marketing data	Retained until you withdraw consent or opt out, after which it is deleted or anonymized promptly.
Analytics and usage data	Typically retained in aggregated or anonymized form for up to 26 months.

When data is no longer required, it is securely deleted or irreversibly anonymized.

6. Your Privacy Rights

Rights Available to All Users

Access and Portability: Request a copy of the personal data we hold about you.

Correction: Request correction of inaccurate or incomplete data.

Deletion: Request deletion of your personal data, subject to legal retention obligations.

Opt-Out: Withdraw consent for marketing communications at any time using the unsubscribe link in any email or by contacting us directly.

Restrict or Object to Processing: Limit or oppose the use of your data for certain purposes.

EU / UK Users — GDPR Rights

EU and UK residents have additional rights under the General Data Protection Regulation (GDPR) and UK GDPR, including the right to lodge a complaint with your national supervisory authority. GPM processes EU/UK personal data on the legal bases described in Section 2. Where required, GPM uses Standard Contractual Clauses to govern cross-border data transfers.

California Residents — CCPA / CPRA Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including:

The right to know what personal information is collected, used, shared, or sold.

The right to correct inaccurate personal information.

The right to opt out of the sale or sharing of personal information (GPM does not sell personal data).

The right to limit the use and disclosure of sensitive personal information.

The right to non-discrimination for exercising your privacy rights.

To exercise any of these rights, contact us at This email address is being protected from spambots. You need JavaScript enabled to view it.. We will respond within the timeframes required by applicable law (generally 30 days for GDPR; 45 days for CCPA). We may need to verify your identity before processing your request.

7. Data Security

We use administrative, technical, and physical safeguards to protect your personal data against unauthorized access, disclosure, alteration, or destruction. These include encryption of data in transit, access controls, and regular security reviews.

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of it (where required by GDPR), and notify affected individuals without undue delay where the breach poses a high risk.

8. International Data Transfers

GPM operates globally. Your personal data may be transferred to and stored in countries outside your home country, including the United States. Where such transfers involve personal data from the EU or UK, GPM uses appropriate safeguards including Standard Contractual Clauses approved by the European Commission. For questions about specific transfer mechanisms, contact This email address is being protected from spambots. You need JavaScript enabled to view it..

9. Children’s Privacy

Our services are intended for users aged 16 and older. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, please contact us at This email address is being protected from spambots. You need JavaScript enabled to view it. and we will delete it promptly. Users in jurisdictions with a lower applicable age of digital consent (such as 13 under US COPPA) should be aware that our services are not directed at minors.

10. AI and Automated Processing

GPM does not use personal data collected through this site to train, fine-tune, or otherwise develop artificial intelligence or machine learning models. GPM does not sell or license personal data to AI companies or data brokers.

Where GPM uses AI-assisted tools internally for operational purposes (such as customer service or content analysis), such tools are used subject to appropriate data processing agreements and do not result in automated decisions that produce legal or similarly significant effects on individuals.

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technologies, legal requirements, or other factors. Changes will be posted on this page with an updated effective date. Where changes are material, we will provide direct notice by email or prominent notice on our site before the changes take effect.

Contact Us

For any questions, concerns, or to exercise your privacy rights, contact GPM’s privacy team:

Address	GPM Global · 41502 Orianna Lane, Novi, MI 48385, USA
Email	This email address is being protected from spambots. You need JavaScript enabled to view it.

GPM Global · Privacy Policy · Updated March 10, 2025

Making projects sustainable on a global scale since 2009.

Green Project Management® and GPM® are registered trademarks of GPM Global.
Sustainable Project Management™ is a trademark of GPM Global for training and professional development in project management.
PRiSM™, The GPM P5™ Standard for Sustainability in Project Management, GPM-b™, GPM-m™, PSM3™, and GPM360º™ are trademarks of GPM Global and may be used only with written consent.