Karen Geiger & Associates, Inc. Privacy Policy

This privacy policy sets out how Karen Geiger & Associates, Inc. uses and protects any information that you give us when you use this website or the EPIC platforms available through John Wiley & Sons, Inc.

Karen Geiger & Associates, Inc. is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.

Karen Geiger & Associates, Inc. may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective beginning May 23, 2018.

What we collect

We may collect the following information via this website:

  • name and mailing and/or billing address
  • contact information including email address
  • product order information
  • preference to be on our newsletter mailing list
  • credit card information

Wiley’s EPIC sites collect the following information:

  • name
  • email address
  • gender

Why we collect this information

We collect the information above solely for the purpose of 1) providing you with the products you have ordered, 2) giving you information that we think is relevant to you given your newsletter interest, or 3) to administer profiles you have requested.

 What we do with the information we gather

 We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:

Internal record keeping

We may use the information to improve our products and services.

We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have give us when you sign up for our newsletter.


We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. Our Trustwave certification is renewed annually and requires us to meet high credit card privacy and security standards.

Information we do not collect

We have disabled the activity log on Squarespace so website traffic is not captured.

We have also disabled analytic cookies from our website. Here’s what that means: A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We invited all subscribers to unsubscribe on May 23, 2018, and only add names to our mailing list who either opt in themselves or give us express permission to include them.

Controlling your personal information

You may choose to restrict the collection or use of your personal information in the following ways:

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.

If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible at the above address. We will promptly correct any information found to be incorrect.


Information about the General Data Protection Regulation

When does GDPR go into effect? The GDPR was approved and adopted by the EU Parliament in April 2016. The regulation will take effect after a two-year transition period and, unlike a Directive it does not require any enabling legislation to be passed by government; meaning it will be in force May 2018.

What is GDPR? GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens. Also businesses outside the EU who process the personal data of EU residents and offer them goods and services, irrespective of whether payment is required; or where the processing by a business relates to the monitoring of the behavior of EU residents in so far as their behavior takes place within the EU. It provides protection of EU citizens’ private information and provides them manageability.

Who are the EU member states? Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the UK.

Why do we care about GDPR? “Profiling” falls under GDPR. “Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements. 

What is the difference between data processor and data controller? A controller is the entity that determines the purposes, conditions and means of the processing of personal data, while the processor is an entity which processes personal data on behalf of the controller.

What types of data does the GDPR protect? GDPR will protect an individual’s data collected for profiling, name, email address, telephone number, login name, gender/race, and geographical data. GDPR also protects lots of other information about a person that we don’t necessarily collect: an individual’s unique national identification number, tax, passport or identity card, vehicle registration plate number, driver’s license number, biometric data: face, fingerprints, or handwriting, credit card numbers, date of birth and birthplace, genetic medical information, screen name, nickname, or handle, IP address (in some cases), qualifications, criminal record data, employment details.

The Right to be Forgotten…what’s that and what does it have to do with GDPR? The GDPR provides individuals the right to removal (“right to be forgotten”). The data subject shall have the right to obtain from the data controller the deletion of personal data concerning him or her without undue delay and at the latest within one month of the receipt. The controller shall have the obligation to erase personal data without undue delay and at the latest within one month of the receipt. Processes should be in place to fulfill the subject's rights under this regulation, including mechanisms to request and, if applicable, obtain, free of charge access to and update or deletion of personal data and the exercise of the right to object.

Who does GDPR apply to? The GDPR not only applies to organizations located within the EU but it will also apply to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location. A PriceWaterhouseCoopers survey showed that 92 percent of U.S. companies consider GDPR a top data protection priority.

Why is GDPR a concern for non-EU countries? Many of you have employees or business units in EU Countries who will be affected by GDPR. Individuals can file claims against U.S. companies that are non-compliant.

What happens if we are not in compliance with GDPR? The GDPR allows for steep penalties of up to €20 million or 4 percent of global annual turnover, whichever is higher, for non-compliance.