Elevate Inc. (“Elevate”) Privacy Policy

Revised 12-14-2018

Where This Policy Applies. This Privacy Policy applies to websites, assessments, and other services operated or controlled by Elevate Inc. For simplicity, Elevate, Inc. is referred to as “Elevate” or “We” and the website, assessment, and services are referred to as "the Website and Assessments" in this Privacy Policy.

Personal Data We Collect About You.  Personal data is any information that relates to an identified or identifiable individual.  We collect data in the following ways:

When you create an account, you provide us with your login credentials, including your full name, email address, and account log-in credentials.

When you make payments or conduct transactions, we will receive your transaction information.  The information we collect will include payment method information, such as your debit, credit card number, bank account information, or other financial information, cardholder name, purchase amount, date of purchase, and payment method.  Payment methods differ and may require the collection of different categories of information. 

When we conduct fraud monitoring, prevention and detection activities, we may receive personal data about you and/or the cardholder, such as name, address, phone number, and country, as necessary to confirm your identity and prevent fraud.  Our fraud monitoring, detection and prevention services may use technology that helps us assess the risk associated with an attempted transaction that enabled on Elevate’s Website or the Applications that collect information.

When you participate in surveys or focus groups, you give us your insights into our products and services, responses to our questions, and testimonials.

When you choose to submit information to us via other methods, including through social media online forums or by giving us business card or contact details via events, functions or personal contact, we may also receive personal information about you, or your organization.

When you choose to participate in our promotions, events or contests, we collect the information that you use to register or enter.

If you contact our customer care team, we collect the information you give us during the interaction.

Information We Collect By “Cookies” or Other Technology.  Elevate uses Cookies and other technologies to function effectively, and these technologies automatically record information about your use of the Website.  The information recorded includes:

1. Browser and device data, such as IP address, device type, operating system and Internet browser type, screen resolution, operating system name and version, device manufacturer and model, language, plug-ins, add-ons and the language version of the Website and Assessment you are visiting and utilizing.
2. Usage data, such as time spent on the Website and Assessments, pages visited, links clicked, language preferences, and the pages that led or referred you to the Website.
3. We also may collect information about your online activities on the Website connected devices, apps and other online features and services. We use Google Analytics on the Website to help us analyze your use of the Website and diagnose technical issues.

How We Use Information:  The main reason we use your information is to deliver and improve our services. Read on for a more detailed explanation of the various reasons we use your information, together with practical examples.

1. To administer your account and allow you to log on to our Website and use the Assessments;
2. Create and manage your account;
3. Provide you with customer support and respond to your requests;
4. Complete your transactions;
5. Communicate with you about our services, including order management and billing;
6. To ensure a consistent experience across your devices;
7. Link the various devices you use so that you can enjoy a consistent experience of our services on all of them. We do this by linking devices and browser data, such as when you log into your account on different devices or by using partial or full IP address, browser version and similar data about your devices to help identify and link them;
8. To serve you relevant offers and ads;
9. Administer sweepstakes, contests, discounts, or other offers;
10. Communicate with you by email, phone, social media, or mobile device about products or services that we think may interest you;
11. To improve our services and develop new ones;
12. Administer focus groups, surveys and research;
13. To prevent, detect and fight fraud or other illegal or unauthorized activities;
14. To ensure legal compliance; and
15. Comply with legal requirements.

Legitimate interests: We may use your information where we have legitimate interests to do so. For instance, we analyze users' behavior on our services to continuously improve our offerings, we suggest offers we think might interest you, and we process information for administrative, fraud detection, and other legal purposes.

Consent: From time to time, we may ask for your consent to use your information for certain specific reasons. You may withdraw your consent at any time by contacting us at the address provided at the end of this Privacy Policy.

How We Share Information:

With our service providers and partners.  We use third parties to help us operate and improve our services. These third parties assist us with various tasks, including data hosting and maintenance, analytics, customer care, marketing, advertising, payment processing and security operations.

We may also share information with partners who distribute and assist us in advertising our services. For instance, we may share limited information on you in hashed, non-human readable form to advertising partners.

We follow a strict vetting process prior to engaging any service provider or working with any partner. All of our service providers and partners must agree to strict confidentiality obligations.

For corporate transactions.  We may transfer your information if we are involved, whether in whole or in part, in a merger, sale, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or other change of ownership or control. 

When required by law.  We may disclose your information if reasonably necessary: (i) to comply with a legal process, such as a court order, subpoena or search warrant, government / law enforcement investigation or other legal requirements; (ii) to assist in the prevention or detection of crime (subject in each case to applicable law); or (iii) to protect the safety of any person.

To enforce legal rights.  We may also share information: (i) if disclosure would mitigate our liability in an actual or threatened lawsuit; (ii) as necessary to protect our legal rights and legal rights of our users, business partners, or other interested parties; (iii) to enforce our agreements with you; and (iv) to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing.

With your consent or at your request.  We may ask for your consent to share your information with third parties. In any such case, we will make it clear why we want to share the information.

We may use and share non-personal information (meaning information that, by itself, does not identify who you are such as device information, general demographics, general behavioral data, geolocation in de-identified form), as well as personal information in hashed, non-human readable form, under any of the above circumstances. We may also share this information with third parties (notably advertisers) to develop and deliver targeted advertising on our services and on websites or applications of third parties, and to analyze and report on advertising you see. We may combine this information with additional non-personal information or personal information in hashed, non-human readable form collected from other sources

Cross-Border Data Transfers.  Sharing of information sometimes involves cross-border data transfers, for instance from the United States of America to other countries and jurisdictions. As an example, where the service allows for users to be located in the European Economic Area ("EEA"), their personal information is transferred to countries outside of the EEA. We use standard contract clauses approved by the European Commission or other suitable safeguard to permit data transfers from the EEA to other countries. Standard contractual clauses are commitments between companies transferring personal data, binding them to protect the privacy and security of your data.

We want you to be aware of your privacy rights. Here are a few key points to remember:

Reviewing your information. Applicable privacy laws may give you the right to review the personal information we keep about you (depending on the jurisdiction, this may be called right of access, right of portability, or variations of those terms). You can request a copy of your personal information by putting in such a request here.

Keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. If you wish to receive information relating to another user, such as a copy of any messages you received from him or her through our service, the other user will have to contact our Privacy Officer to provide their written consent before the information is released.

Also, we may not be able to accommodate certain requests to object to the processing of personal information, notably where such requests would not allow us to provide our service to you anymore. For instance, we cannot provide our service if we do not have your date of birth.

Accountability. In certain countries, including in the European Union, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how we process your personal information. The data protection authority you can lodge a complaint with notably may be that of your habitual residence, where you work or where we are established.

California Residents.  If you are a California resident, you can request a notice disclosing the categories of personal information about you that we have shared with third parties for their direct marketing purposes during the preceding calendar year. To request this notice, please submit your request here. Please allow 30 days for a response. For your protection and the protection of all our users, we may ask you to provide proof of identity before we can answer such a request.

How We Protect Your Information.  We work hard to protect you from unauthorized access to or alteration, disclosure or destruction of your personal information. As with all technology companies, although we take steps to secure your information, we do not promise, and you should not expect, that your personal information will always remain secure.

We regularly monitor our systems for possible vulnerabilities and attacks and regularly review our information collection, storage, and processing practices to update our physical, technical and organizational security measures.

We may suspend your use of all or part of the services without notice if we suspect or detect any breach of security. If you believe that your account or information is no longer secure, please notify us immediately here.

How Long We Retain Your Information.  We keep your name and email address for no longer than 3 years, and we may delete it at any time before that date.  We maintain your assessment data, retrievable by your name and email address, for the limited period that you have access to the website.  We retain the results of your assessment, without any identifying name or email address for as long as we need it for any legitimate business purposes and specifically to help us make our assessments better.

We adhere strictly to the policy above, except in rare instances where legal requirement (such as court orders or subpoenas) demand that we keep information longer than the time frame listed above; or if we must keep it to evidence our compliance with applicable law; or if there is an outstanding issue, claim, or dispute requiring us to keep the relevant information until it is resolved; or the information must be kept for our legitimate business interests, such as fraud prevention and enhancing users' safety and security. For example, information may need to be kept to prevent a user who was banned for unsafe behavior or security incidents from opening a new account.

Keep in mind that even though our systems are designed to carry out data deletion processes according to the above guidelines, we cannot promise that all data will be deleted within a specific timeframe due to technical constraints 

Privacy Policy Changes.  Because we're always looking for new and innovative ways to assist in your career development and improve employee engagement, this policy may change over time. We will notify you before any material changes take effect so that you have time to review the changes.