Updated August 4th, 2020
Please read this Policy carefully as it contains important information on who we are, how and why we collect, store, use and share personal data, your rights in relation to your personal data, how to contact us and supervisory authorities in the event that you would like to report a concern about the way in which we process your data.
xDemic collects Personal Information when you choose to submit it through e-mail, an online form, or other method. We also collect information through cookies (see “xDemic Use of ‘Cookies’” section below for detail).
xDemic also maintains a log of certain information concerning visitors to our websites, including but not limited to, internet protocol (“IP”) address (a computer’s numerical Internet address), third party websites from which visitors access our website, type of web browsers used, and pages viewed. Such information may be treated as Personal Information.
Who are we?
xDemic is a Delaware corporation with offices in New York City. Our registered address is 1250 Broadway, 36th Floor, New York, NY 10001.
The xDemic Service is an internet-based, hosted platform designed to enable subscribers to the Service (“Issuers”) to issue digital badges and credentials (“Credentials”) to individuals who meet prescribed requirements (“Earners”), and for those Earners to display the Credentials online on the Service or on third party sites, as elected by Earners.
We may provide your information to trusted partners who work on behalf of, or with, xDemic under confidentiality agreements to help xDemic provide the Service. They may also assist xDemic in communicating with you about the Service and about offers from xDemic and our partners, where you have given us appropriate permissions.
For the purposes of the GDPR, xDemic is the ‘processor’ of certain types of Personally Identifiable Data provided by Issuers and the ‘controller’ of other types of Personally Identifiable Data provided directly to us by Earners. xDemic offers a Data Protection Addendum (DPA) for qualifying organizations available upon request by emailing email@example.com.
You may contact our Primary Point of Contact for data privacy and security with any questions, comments or concerns about this policy by sending an email to firstname.lastname@example.org.
Privacy Shield Compliance
xDemic participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. xDemic is committed to the Privacy Shield Principles of (1) notice, (2) consent, (3) accountability for onward transfer, (4) security, (5) data integrity and purpose limitation, (6) access and (7) recourse, enforcement and liability with respect to all Personal Data received from within the EU in reliance on the Privacy Shield. The Privacy Shield Principles require that we remain potentially liable if any third party processing Personal Data on our behalf fails to comply with these Privacy Shield Principles (except to the extent we are not responsible for the event giving rise to any alleged damage). To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List at www.privacyshield.gov.
xDemic is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. xDemic complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
xDemic is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission (FTC). In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website at www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
APEC Cross Border Privacy Rules System
INFORMATION YOU PROVIDE TO US
When registering for or using the Service, you may be prompted to give us information about yourself such as your name and email address. When you configure your account settings, you may enter additional information about yourself. You may also select user configuration settings that determine how the Service looks and functions. You may, at times, also send us an e-mail which may contain not only your e-mail address, but other information about you, including home or business addresses, telephone numbers, or account details. The information you give us may also include statements you make on the Service such as testimonials, services reviews, or other statements that may identify you personally.
We will provide you with a user ID (an e-mail address) and account activation e-mail for you to access the Service and create a user “profile” for use as described below. When you first sign onto the Service, you will be presented with your profile, which contains the information supplied to us. In addition to the required information, including name, email, password and country, you may provide some or all of the following information, including but not limited to, a photograph of yourself, a short “bio,” your zip code, current employer, current job title, birth year, your phone number, and your time zone. You will be able to update or correct any of the contact information in your profile. You may receive certain e-mails relating to your use of the Service. Your contact information is also added to xDemic’s directory of current and former users of the Service. If you receive another Credential from other Issuers, your user ID will be authorized to access the Service, and your contact information will be added to the participant list for that Issuer.
If you have consented or opted in to receiving news and updates from xDemic on professional growth or further education opportunities, you have the right at any time to prevent us from further contacting you by following the unsubscribe or opt-out instructions included in the relevant email or through the privacy tools provided to you through the Service.
We may use your Personal Information to contact you regarding your use of the Service, for customer support purposes, and to inform you of updates, modifications and other matters relating to the Service, and information about others services that we offer in accordance with your subscription preferences. You may decline to receive mail or e-mail from us that does not relate directly to your access to or use of the Service by selecting the opt-out link contained in any such e-mail or by contacting us at email@example.com.
You may request that xDemic provide third-parties access to your publicly accessible personal information. xDemic will not provide your personal information to a third-party without your consent.
INFORMATION WE COLLECT ABOUT YOU
xDemic also will maintain a history of your access to the Service, and certain actions taken by you while accessing the Service, a log of users’ IP addresses, the third-party Website from which users access the Service, the type of web browsers used to access the Service and the browser’s settings that may affect Service performance (collectively, “Usage Log Information”). For purposes of maintaining and enhancing Service performance and security, xDemic may use Usage Log Information, information about your browser, and other local computer settings. We also may use Usage Log Information to tailor our communications to you about the Service, and contact you in relation to providing support. We also may aggregate Usage Log Information to create or publish statistical analyses and reports about Service usage. We will not authorize the publication of Personal Information about any user without the prior written consent of such person.
INFORMATION WE RECEIVE FROM ISSUERS
Issuers provide Personal Information to us, including Credential requirements, and information about you to confirm that you have earned the applicable Credential. The use of information collected from Issuers shall be limited to the purpose of providing the service for which these Organizations have engaged xDemic.
If you are an Issuer, by using the Website or Services, you confirm that you have obtained prior, specific, and informed consent to provide Personal Information to us. We may request a copy or evidence of such consent.
xDemic collects information under the direction of the Issuer, or as provided directly to xDemic by the Earner. If you are a customer of one of the Issuers and would no longer like to be contacted by one of the Issuers that use our service, please contact the Issuer that you interact with directly.
An individual who seeks access, or who seeks to correct or amend inaccurate Credentials should direct their query to the Issuer. We retain Personal Information we process on behalf of the Issuers for as long as needed to provide services to the Issuers and the Earners. xDemic shall continue to make the Service available to Earners, including in cases where the Issuer terminates its use of the Service. Individual Credentials and an Earner’s entire account may be deleted by the Earner at any time directly through the Service. xDemic will retain this Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
INFORMATION ABOUT YOU RECEIVED FROM MOBILE APPLICATION
When you download and use the Service via our mobile application, we automatically collect information on the type of device you use, operating system version, user identification, and device identifier.
We may send you push notifications. You may turn off push notifications at the device level.
We use mobile analytics software to allow us to better understand the functionality of our mobile software on your phone. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We do not link the information we store within the analytics software to any Personal Information you submit within the mobile application.
We may statistically aggregate in non-person-specific form information collected to improve our websites, our quality controls, operations management, security processes, future marketing and promotional efforts, and the overall Service in attempt to better understand our users’ interests and preferences. In some cases, we may transfer this information to our third-party service providers. By using this Site, you consent to this non-person specific data aggregation and the use and transmission of this aggregated statistical data as outlined above.
INFORMATION ABOUT OTHER PEOPLE
If you provide information to us about any person other than yourself, such as your relatives, next of kin, your advisers, your suppliers, or your Earners, you must ensure that they understand how their information will be used, and that they have given their permission for you to disclose it to us and for you to allow us, and our outsourced service providers, to use it.
How do we use your personal data?
ADDITIONAL USES OF SERVICE INFORMATION
In addition to the uses described above of the information received in connection with your use of the Service, xDemic uses and, where specified, shares your information:
- To display Credentials. xDemic may use your information to display Credentials that you receive through the Service or through Third-Party Services, embeds that you make on the Service or third parties’ Website, or on social network services you link to your account.
- To provide support or other services that you have requested, and to respond to your inquiries.
- To engage in transactions with you, including contacting you about your account or transactions.
- To process transactions, xDemic may use financial, credit card and payment information that you provide. xDemic may need to share some of this information with suppliers, delivery services, credit card clearing houses and other third parties to complete the transactions.
- To notify you of relevant opportunities such as new product releases and service developments, related facts or programming that may be relevant to you.
- To provide online forums and social networks. The Service allows users the option to participate in interactive discussions and post comments and other content. Note that any information you share may become publicly accessible.
- To improve quality and facilitate use of the Service.
- To comply with legal requirements. In addition, we may also disclose information about you as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is reasonably necessary to enforce our rights or protect our operations or users or others investigate fraud, or in response to legal processes or governmental investigations in accordance with our internal policy on access by governmental authorities, or under exigent circumstances in response to a perceived significant threat to a person’s health or property.
The device you use to access the Website or Service may provide your location to us. This information may be shared with Issuers in connection with the issuance of Credentials, where location is relevant to completion of the achievement recognized by the Credential. If you no longer wish to share your location you may contact us at the information below or if you no longer wish have your location collected and used, you may turn this off at any time by going into your device settings.
The Service allows you to customize the information about yourself that is made accessible to others. When you establish an account, the Service applies default settings. Default settings also apply to new features introduced on the Service. Credentials issued to you will default to the “public” setting. You may activate a “private” setting such that the Credential will no longer be publicly accessed at any time, on a Credential-by-Credential basis. Until you terminate your use of the Service, the fact that you are a user, as indicated by the public display of your full name and avatar, is available to others on the Service. Review your privacy settings regularly to ensure that they match your preferences.
We protect the security of your information during transmission by using Transport Layer Security (TLS) and Secure Sockets Layer (SSL) software or other encryption technology, which encrypts information you input. Wherever appropriate, we obfuscate and/or encrypt information in our systems and/or during information transfer. xDemic regularly reviews the cryptographic protocols it uses to protect the privacy and security of your Personal Information.
Because of the nature of internet and for other reasons, we cannot guarantee the security of your Personal Information, so you should take precautions to protect it when you are on the internet, such as changing passwords often, using a combination of letters and numbers when creating passwords, using a secure browser and being sure to log off the Service when finished using a shared computer.
Information collected by Electronic Communications Protocols and Web Beacons
We may collect information about you and your use of the Service through electronic communications protocols, web beacons, cookies, embedded URLs, pixel tags and related devices or technologies.
As is true when you visit most websites, certain information is automatically generated and stored about your visits. Such information may include: network routing information (for example, where you came from); equipment information (for example, device type, operating system, browser type); IP address, and dates and times of your visits.
We may use your Personal Information to inform you about other xDemic services that might interest you and to gather feedback from you.
Do not send us any sensitive Personal Information (e.g., social security numbers or other national identifiers, or information related to racial or ethnic origin, political opinions, religious or philosophical beliefs, health, sex life or sexual orientation, genetic or biometric information, criminal background, or trade union membership).
xDemic Use of “cookies”
We use the following cookies:
- Strictly necessary cookies required for the operation of our Website. They include, for example, cookies that enable you to log into secure areas of our Website.
- Analytical/performance cookies that collect information about how you use our Website. They allow us to recognize and count the number of visitors and to see how visitors move around our Website. This helps us to improve the way our Website work. These cookies are sometimes placed by third party providers of web traffic analysis services, such as Google Analytics.
- Functionality cookies that remember choices you make and recognize you when you return. This enables us to personalize our content, greet you by name and remember your preferences (for example, your choice of language or region).
- Targeting cookies that collect information about your browsing habits such as the pages you have visited and the links you have followed. We use this information to make our Website more relevant to your interests, and, if we enable advertising, to make advertising more relevant to you, as well as to limit the number of times you see an ad. These cookies are usually placed by third-party advertising networks. They remember the other Website that you visit and this information is shared with third-party organizations, for example advertisers.
We use Google Analytics. For information on how Google processes and collects your information regarding this product and how you can opt-out, please see https://tools.google.com/dlpage/gaoptout .
xDemic and its service providers, vendors and partners, may use cross-device/cross-context tracking. For example, you might use multiple browsers on a single device, or use various devices (such as desktops, smartphones, and tablets), which can result in your having multiple accounts or profiles across these various contexts and devices. Cross-device/cross-context technology may be used to connect these various accounts or profiles and the corresponding data from the different contexts and devices.
Third-Party Cookies and Functions
How long will you keep your personal data?
ACCESS, RETENTION AND DELETION
Upon request xDemic will provide you with information about whether we hold any of your personal information. You may access, correct, or request deletion of your personal information by logging into your account or contacting us at firstname.lastname@example.org. We will respond to your request within a reasonable timeframe.
VIEWING OF DATA FOR SUPPORT
For the purpose of providing the Service and associated support including answering any questions you may have, xDemic may view and process your Personal Information from nations outside the EEA that are deemed by the EU to have non-adequate data protection laws, including the United States.
WHERE DO WE STORE YOUR PERSONAL DATA AND HOW IS IT PROTECTED?
We take reasonable steps to protect your personal data from loss or destruction.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our site; any transmission is at your own risk. Once we have received your personal data, we will use procedures and security features consistent with industry practices to try to prevent unauthorized access.
Your California Privacy Rights
If you reside in California, under California Civil Code Section 1798.83, a California resident with a business relationship with xDemic that is primarily for personal, family or household purposes, may request certain data regarding xDemic’s disclosure, if any, of Personal Information to third parties for the third parties’ direct marketing. To make such a request, please send an e-mail to email@example.com with “Request for California Privacy Information” in the subject line. You may make such a request once per calendar year. If applicable, we will provide you a list of the categories of Personal Information disclosed to third parties for their direct marketing during the immediately preceding calendar year, along with the third parties’ names and addresses. Not all Personal Information sharing is covered by Section 1798.83.
Your European Data Protection Rights
If you reside in the United Kingdom (UK) or a country within the European Union, or your Personal Information is processed in the UK or a country in the European Union, subject to certain exceptions, you have the following rights:
- Right to Access: Learn whether we are processing your Personal Information and, if so, to gain access to it and certain information about it.
- Right to Rectification: Have inaccurate Personal Information corrected or removed, and have incomplete Personal Information completed.
- Right to Erasure: Have your Personal Information erased when:
- It is no longer necessary for the purposes collected;
- You withdraw consent to process it;
- We have processed it unlawfully; or
- EU or Member State law to which we are subject requires erasure.
- Right to Restrict Processing: Restrict our processing of your Personal Information when:
- You contest its accuracy (for a period necessary to verify it);
- The processing is unlawful and you prefer restriction of use to erasure; or
- We no longer need the data, but you need it in connection with legal claims.
- Right to Data Portability: Obtain in usable form the Personal Information you gave us and, if technically feasible, require its transmittal directly to another controller that you designate.
- Right to Object: In certain circumstances, you have the right to object to the processing of your Personal Information. If you would like to object to the processing of your Personal Information, please contact us using the contact details provided below.
You also have the right to lodge a complaint with an EU member state data protection supervisory authority.
If you reside in the UK or a country within the European Union, or your Personal Information is processed in the UK or a country in the European Union, xDemic will, and will ensure that its data processors will, process your Personal Information in accordance with all applicable data protection legislation, including the GDPR.
Use by Minors
Parents may have the right to consent to the collection and use of personal information collected by our Issuers through our Services; parents should contact our Issuers with questions about consent requirements. Please note that we process Personal Information on behalf of our Issuers as part of providing our Services; therefore, if you do not consent to the collection and use of personal information for certain Services, you may not be able to use such Services.
xDemic seeks to comply with all applicable laws, including the Children’s Online Privacy Protection Act (“COPPA”). COPPA requires that online service providers obtain parental consent before they collect personally identifiable information online from children who are under 13. If you are an individual under 13, please do not send any personal information about yourself to us if you are not sure that your parent or guardian has provided consent to the Issuer of your Credential, and please do not send any personal information other than what we request from you in connection with the Services. If we learn we have collected personal information from an individual under 13 without parental consent being obtained or if we learn an individual under 13 has provided personal information beyond what we request from him or her, we will delete that information as quickly as possible. If you believe that an individual under 13 may have provided us personal information in violation of this paragraph, please contact us at firstname.lastname@example.org with “Notice of Underage Person” in the subject line.
You will be notified via email or a prominent notice on our website, of any change in ownership, uses of your personal information, and choices you may have regarding your personal information. You have the right to request that your Personal Information be removed from our records at any time.
1250 Broadway, 36th Floor
New York, NY 10001
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at feedback-form.truste.com/watchdog/request.