Avetta, LLC Privacy Policy

This updated Privacy Policy was first deployed on September 28, 2016.

  1. Scope of this Privacy Policy
  2. Collection of Information
  3. Use of Your Personal Data
  4. Sharing or Disclosing Your Personal Data
  5. Children’s Privacy
  6. Your Choices and Selecting Your Privacy Preferences
  7. Access to and Accuracy of Your Personal Data – Exercising Your Rights
  8. Security
  9. Changes to this Privacy Policy
  10. Cross Border Transfer of Data
  11. Contacting Us
  12. U.S.–Swiss Safe Harbor Privacy Policy

1. Scope of this Privacy Policy

This privacy policy (“Privacy Policy”) describes how Avetta, LLC and its worldwide affiliated group companies, whether acting as data controllers or as data processors on behalf of our customers (collectively, “Avetta”) will use the personal data collected when you visit the Avetta websites, application websites and mobile platforms that contain a link to this Privacy Policy (each, a “Service”) or provide goods or services to Avetta. A Service may supplement this Privacy Policy with additional privacy terms or with additional privacy notices in connection with certain features of that Service. This Privacy Policy does not apply to websites, applications or mobile platforms that are operated by third parties, even if linked to a Service. We encourage you to review the privacy policies posted on those websites, applications and mobile platforms.

2. Collection of Information

Avetta may collect information, which may include personal data, from you in two ways: directly from your input and/or automatically through a Service’s technologies.

a. Information provided by you

The types of information Avetta collects directly from you may include the following as well as any other information type that we expressly request, such as by entering and submitting the information to a Service:

  • Contact information, such as your name, email address, and telephone number;
  • Usernames and passwords;
  • Payment information, such as a credit or debit card number;
  • Educational and employment background information, including information required for background tests or other employment-related screenings;
  • Comments and feedback;
  • Interests and communication preferences; and
  • Any other information that you provide to Avetta through a Service.

Your failure to provide such information may prevent us from providing a Service to you or purchasing goods or services from you. To the extent that you provide personal data about someone other than yourself, you warrant that you are duly authorized to provide such personal data to us for the purposes described in this Privacy Policy.

b. Information Collected Automatically

Each Service automatically collects certain information regarding your use of that Service. Examples of information collected automatically include:

  • Internet Protocol (“IP”) address used to connect your computer to the Internet;
  • Computer, device and connection information, such as browser type and version, operating system, mobile platform and unique device identifier (“UDID”) and other technical identifiers;
  • Uniform Resource Locator (“URL”) click stream data, including date and time, and content you viewed or searched for on a Service;
  • Location information for location–aware Services to provide you with more relevant content for where you are in the world.

We may use and disclose automatically collected information for any purpose as set forth in this Privacy Policy, except where we are restricted by applicable law. If we combine any automatically collected information with personal data, the combined information will be treated by us as personal data. We may also use aggregated information for any purpose insofar as this information does not identify specific individuals and so is not personal data.

c. Cookies and Web Beacons

The Service may also automatically collect information through the use of cookies or similar technologies, such as web beacons. Cookies are small text files that a website sends to the browser on your computer or mobile device when you first visit a web page so that the website can recognize your device the next time you visit. Most websites typically use the following:

  • “Session” cookies, which are temporary and deleted when you close your browser;
  • “Persistent” cookies, which remain until you delete them or they expire;
  • Web beacons, which are electronic images also known as single–pixel gifs.

In general, cookies, web beacons and similar technologies do not contain personal data, but when you furnish your personal data through a Service, this information may be linked to the non–personal data stored in cookies sent to your browser from the Service.

Avetta and its service providers use these technologies for various purposes, including: facilitating the login process; administering, customizing and improving the Service; personalizing the browsing experience; advertising, promotions and surveys; reporting and paying royalties and license fees to third–party providers and content distributors; as well as tracking and analyzing user preferences and trends.

There are a number of ways to manage cookies. On selected Avetta websites, a cookies banner will appear on the home page to ask your consent to set any cookies that are not required to enable you to visit the website and remember your preferences. In addition, the “help” portion of the toolbar on most browsers will tell you how to stop accepting cookies, how to be notified when you receive a new browser cookie, and how to disable existing browser cookies. However, if you block cookies, you may not be able to register, login or make full use of the Service. You can also use your mobile device’s settings to manage the available privacy options.

Our HTML–formatted emails may contain a web beacon to tell us whether our emails are opened and verify any clicks through to links or advertisements within the email. We may use this information for purposes including determining which of our emails are more interesting to users, to query whether users who do not open our emails wish to continue receiving them and to inform our advertisers in aggregate how many users have clicked on their advertisements. The web beacon will be deleted when you delete the email. Emails in plain text rather than HTML will not include the web beacon.

3. Use of Your Personal Data

We use the personal data collected to complete various actions:

  • to register you as a user of a Service;
  • to review eligibility to use a Service;
  • to assist you in soliciting, bidding for or completing a transaction or order;
  • to provide and improve service and support;
  • to update you on relevant new services and benefits (with your specific, prior opt–in consent, where required);
  • to personalize the Service and to select content to be communicated to you or to use features on the Service such as sharing content with a friend or colleague;
  • to contact you regarding our products or services or other products and services from third parties (with your specific, prior opt–in consent, where required);
  • to invite you to participate in surveys, sweepstakes, competitions and similar promotions (with your specific, prior opt–in consent, where required);
  • to conduct business with our service providers;
  • for data analysis, audits, developing new products, enhancing the Service, identifying usage trends and determining the effectiveness of our promotional campaigns, or in other ways to which you have expressly agreed in a customer agreement with us;
  • to aggregate information in order to anonymize it for data analysis, audits, developing new products, enhancing the Service, identifying usage trends and determining the effectiveness of our promotional campaigns;
  • to prepare or implement reorganization or sale of assets or shares;
  • to prevent and detect security threats, fraud or other malicious activity; and
  • to comply with our legal obligations, respond to government or judicial requests for information (including in the context of private litigation), resolve disputes, and enforce our agreements.

We may on occasion also match or combine the personal data that you provide with information that we obtain from other sources or that is already in our records, whether collected online or offline or by predecessor or affiliated group companies, for the purposes described above.

4. Sharing or Disclosing Your Personal Data

We may share your personal data, or the Service may permit sharing, in the following ways:

  • Subscribers. Subscribers to a Service may be able to directly share personal data with each other, or make personal data available to all other subscribers. If the Service offers a content database or subscription service (“Subscription Service”) and you access the Subscription Service through a subscription, your personal data and certain usage data gathered through the Subscription Service may be shared with your institution for the purposes of usage analysis, subscription management, and testing and remediation. If your institution is a corporation or other business entity, additional usage data, such as the types of records you viewed and the number of searches you ran, also may be shared for the purposes of cost attribution and departmental budgeting.
  • Operators. Some of our Services offer you the ability to create a profile and upload information to our database. Your profile and information may be then made available for searching, viewing over the Internet and downloading by our operator customers.
  • Agents, Representatives, Sponsors, and Business Partners. Your personal data may be accessible to our agents, representatives, sponsors and entities for which we are acting as an agent, licensee, joint venturer or publisher.
  • Service Providers. Your personal data may be accessible to our service providers and suppliers, which assist us with producing and delivering our products and services, operating our business, and marketing, promotion and communications. These providers and suppliers include, for example, editors, reviewers, credit, debit and payment card processors, payments processors, customer support, email service providers, IT service providers, banks and shipping agents.
  • Other Third Parties: We may share personal data with other third parties if we expressly told you about such potential disclosure at the point at which you submitted the personal data to us. If you do not want us to share your personal data with these companies, you may contact us at: privacy@avetta.com.
  • Compliance with Law and Similar Obligations. We may share personal data in order to: (i) respond to or comply with any law, regulation, subpoena or court order, or government or judicial request (including in the context of private litigation); (ii) investigate and help prevent security threats, fraud or other malicious activity; (iii) enforce and protect the rights and properties of Avetta or its affiliates; or (iv) protect the rights or personal safety of our employees and third parties on or using our property. Where relevant, we may share or transfer your personal data in order to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements.
  • Change in Corporate Circumstances. If Avetta, the Service or a related asset or line of business is acquired by, transferred to or merged with another company, or otherwise reorganized, your personal data may be disclosed to the prospective or actual purchasers, or other persons involved in the transaction. The Service also may provide access to social media features, message boards, chat, forums, blogs, profile pages and other services to which you are able to post personal data and materials. Any information you post or disclose through these services is public. Please be careful when disclosing personal data in these public areas.

5. Children’s Privacy

We do not knowingly collect personal data from children under the age of 18 and Avetta does not target its Services to children under 18.

6. Your Choices and Selecting Your Privacy Preferences

If you are a user of a Service, you can manage available communications preferences when you register with the relevant Service (including by providing your opt–in consent, where required), by updating your account preferences, or, where applicable, by using the “opt–out” or unsubscribe mechanism or other means provided within the communications that you receive. We reserve the right to notify you of changes or updates to the Service whenever necessary.

7. Access to and Accuracy of Your Personal Data – Exercising Your Rights

You may have the right under applicable law to obtain access to personal data about you that is governed by this Privacy Policy. You may also request to review and correct any of that personal data. Additional rights may also apply under applicable laws, such as rights to object to or block processing of your personal data. Contact privacy@avetta.com to exercise your rights.

If a Service allows registered users to access their registration information and make corrections or updates, the accuracy of such information is solely the responsibility of the user. Subject to any right you may have to access, review, correct, raise an objection or block personal data, no access is given to other personal data or data that may have been collected about users.

To protect your privacy and security, we will also take reasonable steps to verify your identity. To view and change the personal data that you directly provided to us, you can return to the webpage or application where you originally submitted your personal data and follow the instructions on that webpage or application, or contact us at the address listed below.

We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

8. Security

The security of your personal data is important to us. We use a variety of data security measures intended to ensure the confidentiality and integrity of your personal data.

9. Changes to this Privacy Policy

If we modify this Privacy Policy to reflect changes to our information practices, we will post the revised version here, with an updated revision date. We encourage you to periodically review this page for the latest information on our privacy practices.

10. Cross Border Transfer of Data

For the purposes described in Section 3 above, your personal data may be transferred to recipients mentioned in Section 4 above who are located in other countries that may have personal data protection rules that are less protective than the rules in your country.

For users of a Service, you acknowledge that Service subscribers may be located may be located in one of more than 110 countries in the world. By accepting this Privacy Policy and using the Service, you consent to the transfer of personal data to countries outside your country of residence consistent with the terms of this Privacy Policy.

For transfers of personal data from the EU to the United States, Avetta, LLC and Avetta Subsidiary Holdings, LLC have self–certified to the US Department of Commerce under the EU–U.S. Privacy Shield Framework and the U.S.–Swiss Safe Harbor Framework. Our Privacy Shield Notice is available here. The Safe Harbor Policy for Avetta, LLC and Avetta Subsidiary Holdings, LLC is in section 12 below.

11. Contacting Us

If you have comments or questions about this Privacy Policy or our processing of your information, please contact:

AVETTA, LLC
Attention: Privacy Officer
17671 Cowan, Suite 125
Irvine, California 92614, USA
Telephone: 1 949–936–4500
Email: privacy@avetta.com

12. U.S.–Swiss Safe Harbor Privacy Policy

Avetta, LLC and Avetta Subsidiary Holdings, LLC (together, “AVETTA”) recognizes and respects individuals and entities’ privacy and values the integrity of its customers, clients, contractors, vendors, suppliers and anyone who we conduct business with. The following U.S.–Swiss Safe Harbor Privacy Policy (the “Safe Harbor Policy”) details the principles our company follows with respect to transferring personal data from Switzerland to the United States, including our practices for collecting, using, maintaining and disclosing that personal data.

AVETTA has self–certified to the US Department of Commerce under the U.S.–Swiss Safe Harbor Framework and declare that it adheres to the Safe Harbor Principles of Notice; Choice; Onward Transfer; Access; Security; Data Integrity; and Enforcement. To learn more about the Safe Harbor Framework, and to view AVETTA’s certification, please visit http://www.export.gov/safeharbor/ and https://safeharbor.export.gov/swisslist.aspx, respectively.

  • Scope. This Safe Harbor Privacy Policy applies to all personal data received by AVETTA in the United States from Switzerland, in any format, including electronic, paper or verbal.
  • Definitions. For purposes of this Safe Harbor Policy, the following definitions shall apply:
    • “Agent” means any third–party data processor that processes data provided by AVETTA on its behalf and under its instructions, including, clients, customers, contractors, vendors and suppliers.
    • “Personal data” means any data or set of information that identifies or could be used by or on behalf of AVETTA to identify a living individual.
    • “Sensitive personal data” means any personal data that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or that concerns health or sex life, or information about criminal or administrative proceedings and sanctions.
  • Notice. Where AVETTA collects personal data directly from individuals in Switzerland, it will inform them about the purposes for which it collects and uses personal data about them, the types of non–Agent third parties, if any, to which AVETTA discloses that data; the choices and means, if any, AVETTA offers individuals for limiting the use and disclosure of personal data about them; and how to contact AVETTA. Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal data to AVETTA, or as soon as practicable thereafter. In any event, AVETTA will provide notice before it uses or discloses the personal data for a purpose other than that for which it was originally collected. AVETTA users personal data as described above in section 3 (Use of Your Personal Data) and discloses it as described in section 4 (Sharing or Disclosing Your Personal Data).
  • Choice. AVETTA will offer individuals the opportunity to choose (opt–out of) whether their personal data is (a) disclosed to a non–agent third party; or (b) used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For sensitive personal data, AVETTA will give individuals the opportunity to affirmatively and explicitly (opt–in to) consent to the disclosure of the information to a non–Agent third party or the use of the data for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. AVETTA will provide individuals with reasonable mechanisms to exercise their choices. For more information regarding how to exercise your choices, please see sections 6 (Your Choices and Selecting Your Privacy Preferences) and 7 (Access to and Accuracy of Your Personal Data – Exercising Your Rights) above.
  • Onward Transfers. AVETTA will obtain assurances from its Agents that they will safeguard personal data and adhere with the requirements set forth in this Safe Harbor Policy. Examples of appropriate assurances include:
    • a contract between us and the Agent that requires the Agent to provide at least the same level of protection as is required by the relevant Safe Harbor Principles;
    • the Agent being subject to Swiss Federal Act on Data Protection; and
    • Safe Harbor certification of the Agent.
    Where AVETTA has knowledge that an Agent is using or disclosing personal data in a manner contrary to this Safe Harbor Policy, AVETTA will take reasonable steps to prevent or stop the use or disclosure.
  • Security. AVETTA will take reasonable physical, electronic, and administrative safeguards to protect personal data in its possession from loss, misuse, unauthorized access, disclosure, alteration and destruction. AVETTA will take special care to ensure the security of sensitive personal data.
  • Data Integrity. AVETTA will use personal data only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. AVETTA will also take reasonable steps to ensure that personal data is relevant for its intended use, it is accurate, complete and current.
  • Access. Upon request, AVETTA will grant individuals reasonable access to personal data that it holds about them. In addition, AVETTA will take reasonable steps to permit individuals to correct, amend, or delete data that is inaccurate or incomplete. Our website allows you to edit your personal data by accessing the “my profile” feature once you log into your account. If you contact us with a request for access to your personal data, we will evaluate your request and we will respond within 30 days, if not sooner. We will retain your personal data for the minimum length of time as is necessary or required to comply with our legal obligations or enforce our agreements. For more information regarding your access capabilities, please see sections 6 (Your Choices and Selecting Your Privacy Preferences) and 7 (Access to and Accuracy of Your Personal Data – Exercising Your Rights) above.
  • Enforcement. AVETTA will conduct compliance audits of its relevant privacy practices to verify adherence to this Safe Harbor Policy. Any AVETTA employee that we determine has acted in violation of this Safe Harbor Policy will be subject to disciplinary action up to and including termination of employment. AVETTA encourages any interested persons to raise any questions or concerns using the contact information provided below. AVETTA will investigate and attempt to resolve any complaints and disputes regarding the use and disclosure of personal data in accordance with the provisions of this Safe Harbor Policy.

    In compliance with the U.S.–Swiss Safe Harbor Principles, AVETTA commits to resolve complaints about your privacy and our collection or use of your personal data. Swiss citizens with inquiries of complaints regarding this privacy policy should first contact AVETTA as described in section 11 (Contacting Us) above.

AVETTA, LLC has further committed to refer unresolved privacy complaints under the U.S.–Swiss Safe Harbor Principles to an independent dispute resolution mechanism. If you have an unresolved privacy or data use complaint that we have not addressed satisfactorily, please contact, free of charge, our U.S.–based third party dispute resolution provider, TRUSTe, at https://feedback-form.truste.com/watchdog/request.

AVETTA - Privacy Shield Notice

Date: September 28, 2016

Avetta, LLC and Avetta Subsidiary Holdings, LLC (together, “AVETTA”) comply with the EU-U.S. Privacy Shield Framework as set forth by the US Department of Commerce regarding the transfer of personal data from the EU to the US (“Personal Data”). “Personal Data” is data about an identified or identifiable individual that are within the scope of EU Directive 95/46/EC, received by an organization in the US from the EU, and recorded in any form. AVETTA has self-certified to the US Department of Commerce and declared its commitment to adhere to the Privacy Shield Principles of Notice; Choice; Accountability for Onward Transfer; Security; Data Integrity and Purpose Limitation; Access; and Recourse, Enforcement, and Liability (the “Principles”).

You can learn more about Privacy Shield at https://www.privacyshield.gov and see our Privacy Shield self-certification at https://www.privacyshield.gov/list. AVETTA’s self-certification to the Privacy Shield is subject to the investigatory and enforcement authority of the Federal Trade Commission.

Information We Process. In accordance with the Privacy Shield Principles, we collect the categories of information described in Section 2 (Collection of Information) of our Privacy Policy. We process this information for the purposes described in Section 3 (Use of Your Personal Data) of our Privacy Policy. The information we process may include Personal Data.

Accessing Personal Data. The Privacy Shield Principles provide individuals located in the EU whose Personal Data we process the right to access their Personal Data and to review, correct, amend, or delete their Personal Data. EU individuals who would like to access their Personal Data may contact us at privacy@avetta.com.

Transfers to Third Parties and Your Choices. As described in Section 4 (Sharing or Disclosing Your Personal Data) of our Privacy Policy, we may transfer Personal Data to third parties. We contractually require those third parties to provide the same level of protections to Personal Data as required under the Principles. AVETTA currently does not transfer Personal Data to a third party for its own use; if in the future it does, individuals may choose to opt out of this type of transfer by emailing us at privacy@avetta.com. AVETTA will remain liable under the Principles if a third party processes Personal Data in a manner inconsistent with the Principles, unless AVETTA proves that it is not responsible for the event giving rise to the damage.

In accordance with our legal obligations, we may also transfer, subject to a lawful request, Personal Data to public authorities for law enforcement or national security purposes.

Contacting Us, Complaints and Dispute Resolution. We encourage EU individuals who have questions or complaints about how we process their Personal Data under Privacy Shield to contact us as described in Section 11 (Contacting Us) of our Privacy Policy. We will work to resolve your issue as quickly as possible, but in any event no later than 45 days of receipt.

If you have an unresolved privacy or data use complaints that we have not addressed satisfactorily, please contact, free of charge, our US-based third party dispute resolution provider, TRUSTe, at https://feedback-form.truste.com/watchdog/request.

If you are an EU individual and unable to resolve any complaints through any of the above methods, you may invoke binding arbitration in accordance with the Privacy Shield Framework at https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint.