Privacy Policy
Effective: January 1, 2020
This privacy policy applies to NovoEd.com, http://www.novoed.com and the course sites on the NovoEd platform (the “Site”) and websites operated by NovoEd, Inc. (the “Company,” “us,” ”we,” or “our”).
The Site provides the “Service” as defined our Terms of Use.
We respect and protect the privacy of our users. We do not sell data belonging to our Users. This Privacy Policy explains how we collect and use your information and is part of our Terms of Use when you use our Site or Service.
- WHAT DATA DO WE COLLECT?
- HOW DO WE USE YOUR DATA?
- HOW DO WE SHARE YOUR DATA?
- THIRD PARTY SERVICE PROVIDERS
- HOW IS MY DATA PROTECTED?
- YOUR CHOICES
- PRIVACY SHIELD
- NOVOED COOKIE POLICY
- FULL TERMS OF SERVICE
What data do we collect?
Personal data
“Personal Data” means any information relating to an identified or identifiable natural person. We collect Personal Data from two categories of users of the Services: a) Administrators and Instructors for entities that contract with us or that might be interested in contracting with us or those we market to and who answer our inquiries (“Customers”), b) Persons (“Learners”) that our Customers desire to use our Services to provide learning and training. If you are using NovoEd’s website to take sample courses on behalf of a Customer, we treat you as falling under category (b) and are treated as such with respect to our Privacy Policy. When referred together, Learners and Customers are “Users”.
For Customers, we will collect Personal Data such as the names, customer ID, e-mail addresses, name of the entity they represent, phone numbers, and their IP Addresses. We also will collect and post content for Users in connection with the Service such as articles, checklists and courses (“Courses”).
For Learners, we collect Personal Data such as names, usernames, and email addresses. We also collect Learner IP addresses, names, emails, locations (country, state, city), school name or employer name; if applicable. We also collect a history of the Course(s) taken and completion of course activities and whether they logged in to view the course(s) (“Course History”). Learners may also submit content to share with other Learners or with Customers and instructors. The Courses have social tools such as discussions to allow Learners to interact and learn from each other. These discussions are logged.
If NovoEd offers you Courses under its own name (via this Site, for example), we treat you as a Learner and offer you the same rights as described in this policy.
Tracking data
We and our third-party service providers may collect certain tracking information about your use of our Site and Service. For example, we collect:
- Google Analytics: as User uses the app; tracking user clicking behavior; session length, device used, and estimation of country of origin based on IP address.
- Log information (including your IP address, browser type, Internet service provider, referring and exit pages, operating system, dates/time of access, pages visited, and time spent on those pages and related data)
- Information collected by cookies
- Web beacons (also called “Internet tags” or “clear gifs”; used to count visitors to our Site and which pages were viewed and links clicked)
- Embedded scripts (code temporarily downloaded onto your device to collect information about your interactions with the Service and thereafter deleted or deactivated)
Cookies
When you visit our Site we use cookies, or similar technologies like single-pixel gifs to record log data. We use both session-based and persistent cookies. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Session cookies are used to track the session and remember you so you don’t need to sign in every time. Persistent cookies last until you or your browser delete them or until they expire. They are unique and allow us to do site analytics and customization, among other things. If you access our Site through your browser, you can manage your cookie settings.
Here are some of the cookies services we use:
Google Analytics collects information about the use of the Services on our website. Google Analytics collects information such as how often Users visit this site, what pages they visit when they do so, and what other sites they used prior to coming to this site.
Google Analytics collects information about the use of the Services on our website. Google Analytics collects information such as how often Users visit this site, what pages they visit when they do so, and what other sites they used prior to coming to this site.
We use the information we get from Google Analytics only to improve this site, but in anonymous form. Google Analytics collects only the IP address assigned to you on the date you visit this site and assigns a user ID code, rather than your name or other identifying information and we anonymize IP addresses collected through Google Analytics so that we can collect the same information without storing exact IP addresses. We do not combine the information collected through the use of Google Analytics with personally identifiable information. Google uses this information to analyze your use of the website, to generate reports about website activities and to provide further services related to website and internet use. Google may also share such information with third parties to the extent it is legally required to do so and/or to the extent third parties process data on behalf of Google. Although Google Analytics plants a permanent cookie on your web browser to identify you as a unique user the next time you visit this site, the cookie cannot be used by anyone but Google. Google’s ability to use and share information collected by Google Analytics about your visits to this site is restricted by the Google Analytics Terms of Use and the Google Privacy Policy and Data Processing Amendment. You can prevent Google Analytics from recognizing you on return visits to this site by disabling cookies on your browser.
You may block Google Analytics on some browsers with the help of a browser add-on if you do not want us to use this Analytics tool. This add-on can be downloaded at: Google Analytics Opt-out Browser Add on at: ‘http://tools.google.com/dlpage/gaoptout?hl=en. For more information on Google Analytics and Google’s privacy practices, please review the Google Privacy and Terms policy at https://www.google.com/policies/privacy/
New Relic: We use New Relic to monitor the performance of the Services using anonymized data only. Please refer to New Relic’s Privacy Statement for more information.
ZenDesk. ZenDesk is our Customer support software and uses cookies to track interaction with customer support tools on our behalf. For more information go to their privacy policy.
For more information please check out our full cookie policy.
How do we use your data?
Analytics:
We utilize Tracking Information to access anonymous data to help us understand how our Services are used. We use Tracking Information to customize content for you and improve our Services. Google Analytics provides reports to us regarding website trends without identifying individual visitors.
Providing the Services:
We use your Personal Data to provide the Services, provide Customer service/support and communicate with you regarding the Services and new features. If you are a Customer or Learner, it enables us to track your use for customer service purposes. We use the Courses created by Customers and their instructors to provide the Services to Learners. If you are a Learner, we use your Personal Data and history of access to identify you, enable you to establish feedback using comments, and track your use of the Services for Customers.
Validating Access to Content:
For Customers, we use your Personal Data tied to Courses and Course History to validate your right to use our Services.
Learners must authenticate themselves with a username/password through NovoEd’s sign in or via single sign on integrations via SAML 2.0, or Google, or Facebook.
We use the Course History and history of access by Learners tied to their Personal Data to validate the identities of Learners and track their use to report to Customers as a part of our Services. As a learning content delivery platform, these are essential components of our Services.
Direct Marketing
If you are a NovoEd.com website visitor or have asked to receive information from NovoEd, we use Personal Data to communicate with you regarding the provision of the Services, but also to let you know about additional features and services we provide that may be of interest to you. If you do not wish to receive marketing communications, you may opt out at any time by following the unsubscribe link at the bottom of each email.
How do we share your data?
We will not sell, rent, or share Personal Data with third parties outside of our company without your consent, except in the following ways:
Customers and instructors and other learners
NovoEd Platform involves providing a software service to present Customer’s materials and course content Learners. This involves presenting the Courses and verifying that Learners have accessed and reviewed the content. We share Learner contact information and applicable search history and Learner Program/Course Information history with the Customer who owns the learning materials and not with other Customers.
When you register through the Site and submit your Personal Information to create an account, Learners, and Customers (including course instructor) will see your “Screen Name”. Learners and Customers and staff may also see the month and year you first registered with NovoEd, answers to profile questions you provide when you create an Account or register for a Course as well as your Course activity, Course assignments and other submissions, postings in forums and communications with other Account holders, Course instructors and staff. All of the foregoing is with regard to a specific Customer: the one who owns the learning materials and not with other Customers or Learners.
We may share Personal Information, and Tracking Data with Customers for the purpose of providing the Services. We may also provide Learners’ Personal Information to Customers (who are offering the course(s) that you have enrolled in via the NovoEd Platform. Each Customer has its own privacy policy. If you want to opt out of receiving communications from a Customer, consult their privacy policy or opt out using the opt out provision in their emails. Learner information is NOT shared with Customers in general; but only with each particular Customer associated with each particular Leaner.
Comments
If you post a comment or communicate with other Learners, it will be shared with other Learners accessing the Course Information or to the specific Learner to which you directed you message. Users can edit or delete a post/comment they create.
Charging for Services
The Company does not store any credit card data associated with any purchases processed on the Site.
Law enforcement and internal operations
Personal Data may be provided where we are required to do so by law, or if we believe in good faith that it is reasonably necessary (i) to respond to claims asserted against Company or to comply with a legal process (for example, discovery requests, subpoenas or warrants); (ii) to enforce or administer our policies and agreements with Users; (iii) for fraud prevention, risk assessment, investigation, customer support, product development and debugging purposes; or (iv) to protect the rights, property or safety of Company, its Users or members of the general public. We will use commercially reasonable efforts to notify Users about law enforcement or court ordered requests for data unless otherwise prohibited by law. However, nothing in this Privacy Policy is intended to limit any legal defenses or objections that you may have to any third-party request to compel disclosure of your information.
Business transfer
Company may sell, transfer or otherwise share some or all of its assets, including your Personal Data, in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy. Under such circumstances, Company will use commercially reasonable efforts to notify you if your personal information is to be disclosed or transferred and/or becomes subject to a different privacy policy.
Third parties service providers
We contract with other companies to perform functions or services for us. Our categories of service providers include software maintenance, security testing, data hosting, sending email messages, project management and customer service. We necessarily have to share your Personal Data with such third parties as required so that they can perform their functions. We take steps to ensure that these parties take protecting your privacy as seriously as we do, including entering into Data Processing Addendum(s), EU Model Clauses and/or ensuring they have EU-U.S. Privacy Shield certification since all of our service providers are in the United States.
How is my data protected?
We have implemented reasonable administrative, technical and physical security measures to protect your personal information against unauthorized access, destruction, or alteration. For example:
- Passwords are saved encrypted in the database.
- Data is kept on secure servers located in the US. Access to this data is controlled using RSA key pairs and AWS security groups; and limited to only a few Company employees.
- All data is encrypted in transit
- Restricting staff access to Personal Data on a need to know basis with access monitored by logs.
- Regular staff privacy and security training.
- Third party Penetration testing.
However, because no security system can be 100% effective, we cannot completely guarantee the security of any information we store, process or transmit.
Your choices:
Data subject rights for learners: NovoEd is only a processor of your personal data.
NovoEd provides a learning platform for our Customers. We process data at our Customer’s direction and the Customers are the controllers of the Personal Data of Learners who enroll in their courses. Customers use our tools to decide what Learner information is tracked and determine the purpose for which Learner Personal Data is collected. If you are a Learner accessing the Services to take Courses from a Customer and are located in the European Economic Area and would like to exercise any of your Data Subject Rights listed below, please contact the Customer whose Course you enrolled in directly.
Right to Review and Rectify Your Personal Data.
Customers can see a history of what articles and Courses Learners view or complete as well as their Account Information.
You can update most of your Account Information by logging on to your account. However, if additional assistance is required to change or delete inaccuracies related to other Personal Data or you would like to know what other information about you was collected, please contact the Customer or if your information was gathered when using NovoEd.com then contact NovoEd here.
Right to Remove or Withdraw Consent (GDPR).
If you are located in the European Economic Area you may have the right to withdraw consent where such consent is required to share or use data and you may request that we delete your Personal Data through your account or if you cannot, by contacting NovoEd here.
However, if you have included Personal Information in Course content, social activities, or in Course assignments or information or communications shared with other Account holders or with Course instructors or staff, you may not be able to update, correct or delete this information from the Site. Please contact the Customer directly.
We only email Customers and do not contact Learners with marketing opportunities. If you are a Customer and receive newsletter or marketing communications from us and no longer wish to receive them, please follow the removal instructions in the email or change your account settings. Customers can delete their Account Information by contacting NovoEd to remove their account. However, since Personal Data and Customer Course History is required for us to provide the Services, deleting it will also terminate your access to the Services. Learners and Customers should know that deleting your Personal Data does not mean that all of it will be removed if you have sent any of it to other Learners.
We take steps to delete Personal Data that is no longer necessary to provide the Services by deleting it within 120 days of your terminating your account. We may be required by law, to retain it to exercise or defend legal claims, or contractual obligations with our Customers to retain some information in connection with our obligation to provide the Services. We may de-identify and anonymize some data for purposes of retaining it.
Data Portability
If you would like us to transmit your Personal Data to another company providing similar services, please first contact the Customer which offered the Course. Then we will work with them to do so.
Right to redress
If you are a subject of the European Union or European Economic Area and you believe we have violated any data protection laws that apply to you, you have a right to file a complaint with your Data Protection Authority office.
Processing learner data for customers
Our Services involve the processing of Personal Data on behalf of the Customer that offers you Course(s). When we do so, we are acting as Processors for the Controller (the Customer). We take steps to ensure that Personal Data subject to GDPR is processed in accordance with Controller instructions and GDPR. We enter into Data Processing Addendum(s) incorporating EU Standard Contractual Clauses governing the processing, transmission and use of such End User Personal Data. If you wish to exercise your data subject rights to review, rectify, delete or port your End User Personal Data please contact the Controller to make such request. If you make the request to us, we will work with the Controller to process and evaluate such request.
Transnational transfer of data
If you are providing your Personal Data to us directly to use our Site or Services, we will transmit your data, including your Personal Data, to the United States in order to fulfill our obligations to you.
Privacy Shield
Full Privacy Shield Policy is available here.
Commitment to comply with Privacy Shield framework
NovoEd complies with the EU-U.S. Privacy Shield Framework Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. NovoEd has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/
In compliance with the Privacy Shield Principles, NovoEd commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact NovoEd here.
Privacy Shield Complaints for EU individuals
NovoEd has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU.
The Federal Trade Commission has jurisdiction over NovoEd’s compliance with the Privacy Shield.
DISCLOSURES / ONWARD TRANSFERS OF PERSONAL DATA
Except as otherwise provided herein, NovoEd discloses Personal Data only to Third Parties who need to know such data and only for the scope of the initial transaction and not for other purposes. Such recipients must agree to confidentiality obligations. NovoEd may provide Personal Data to Third Parties that act as agents, consultants, and contractors to perform tasks on behalf of and under our instructions. For example, NovoEd stores Personal Data in the facilities operated by Third Parties. Such Third Parties must agree to use such Personal Data only for the purposes for which they have been engaged by NovoEd and they must either:
- Comply with the Privacy Shield principles or another mechanism permitted by the applicable EU data protection law(s) for transfers and processing of Personal Data;
- Or agree to provide adequate protections for the Personal Data that are no less protective than those set out in this Policy;
NovoEd also may disclose Personal Data for other purposes or to other Third Parties when a User has consented to or requested such disclosure. Please be aware that NovoEd may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
In cases of onward transfers of data, received pursuant to the EU-U.S. Privacy Shield, NovoEd is potentially liable.
ENFORCEMENT AND DISPUTE RESOLUTION
In compliance with the US-EU Principles, NovoEd commits to resolve complaints about your privacy and our collection or use of your personal information. EU individuals with questions or concerns about the use of their Personal Data should contact us here. The Federal Trade Commission has jurisdiction over NovoEd’s compliance with the Privacy Shield. If a User’s question or concern cannot be satisfied through this process NovoEd has further committed to refer unresolved privacy complaints under US-EU Privacy Shield to an independent dispute resolution mechanism operated by the Federal Trade Commission (FTC).
Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
Additional privacy information
Your California Privacy Rights
NovoEd complies with the California Consumer Privacy Act (CCPA).
Effective January 1, 2020, the California Consumer Privacy Act of 2018 (the “CCPA”) allows consumers who are California residents, upon a verifiable consumer request, to request a business to:
- Delete any personal information about the consumer which the business has collected from the consumer;
- Disclose to the consumer certain information about the personal information that the business collects from the consumer; and
- Direct a business that sells personal information about the consumer to third parties not to sell the consumer’s personal information
NovoEd does not sell any consumer personal information to third parties.
The following CCPA policy applies to California residents who have used NovoEd.com to submit personal information or to take NovoEd-sponsored courses. If you are a Learner who is taking course(s) from an organization other than NovoEd, please contact your course provider and not Novoed.
To submit a data access or data deletion request, please contact us here. Please note that these requests apply only to information that NovoEd holds as a “controller.” Please note that you must verify your identity before NovoEd will process your request. You may be required to provide email confirmation or other information in order for us to verify your identity. Consistent with California law, if you choose to exercise your rights, you will not receive discriminatory treatment by NovoEd.
Under certain circumstances, you may designate an authorized agent to make a request on your behalf. In order to designate an authorized agent to make a request on your behalf, you must provide a valid power of attorney, your valid government issued identification, and the authorized agent’s valid government issued identification to allow NovoEd to verify that the agent is authorized to make the request on your behalf.
If you have any questions about NovoEd’s privacy policies and practices, please contact us here.
California’s Shine the Light Law
CA Civil Code § 1798.83 permits California residents to request and obtain from NovoEd once a year, free of charge, a list of the third parties to whom NovoEd may have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those third parties. Except as explained above, NovoEd does not share personal information with third parties other than the course providers who sponsor the course(s) you have enrolled in.
California residents may make a written request to Company about whether Company has disclosed any Personal Information to any third parties during the prior calendar year. To make such a request, please contact us here, or write to:
NovoEd, Inc.
150 Sutter Street # 206
San Francisco, CA 94104
(415) 366-7762
Third party websites
Our Site may link to other websites as part of our Site or a Customers’ course content. YouTube is an example. When you click on one of these links, you are ‘clicking’ to another website. Company does not control the data collection or privacy practices of such third-party sites. We encourage you to read the privacy policies of any third-party sites, as their collection, use, and storage practices and policies may differ from ours.
Minors under 16 years of age
Company does not knowingly collect or store any personal information from or about children under the age of 16.
If you believe a child under the age of 16 has under any circumstances provided us with personal information and data, a parent or legal guardian can contact us here to request that their children’s information be deleted from our records.
Do not track
Do Not Track” or DNT is a feature enabled on some browsers that sends a signal to request that a web application disable its tracking or cross-site user tracking. At present, our Site does not respond to or alter its practices when a DNT signal is received.
Changes to privacy policy
Company reserves the right to amend this Privacy Policy at any time. If Company makes material changes to its Privacy Policy, we will notify you by (1) changing the Effective Date on our Privacy Policy and provide additional notification either (1) via email or other means as we may deem commercially reasonable.
Questions?
If you ever have any questions about our online Privacy Policy, please contact us. We respect your rights and privacy; and will be happy to answer any questions or concerns you might have. You may direct any such questions here.