Last Updated: August 6, 2020
We at EVERFI, Inc. (“EVERFI,” “we,” “us,” “our”) care about you (“you”, (“user”, “learner”, and/or "business professional" as appropriate)) and how your personal information is used and shared. We take your privacy seriously and are committed to creating a safe and secure environment for learners of all ages. This Policy is designed to help you understand what information we collect, why we collect it, and what we do with it. Thank you for taking the time to carefully read it.
- ABOUT EVERFI
EVERFI is a leading critical skills education company. We empower learners of all ages with the skills necessary to be successful in life and work. This Policy applies to all EVERFI products, services, and websites (collectively the “Service”). This Policy describes how EVERFI collects, uses and discloses the information it collects via the Service. In some instances, our Service may be accessible via a third party website, including that of an Authorized Entity (defined below). This Policy does not apply to how a third party or an Authorized Entity collects, uses, or discloses any information related to Service users.
By using the Service, you acknowledge that EVERFI will handle your personal information as described in this Policy. Your use of our Service, and any dispute over privacy, is subject to this Policy and our Terms of Service located at https://www.everfi.com/, which may from time to time be amended.
- PERSONAL INFORMATION WE COLLECT
EVERFI’s digital learning platform offers educational courses on different critical skills in the K-12, Higher Education, and Adult markets. We may collect information about you directly from you and automatically through your usage.
Information We Collect Directly from Learners:
Where you register with us, or communicate to us, depending on the Service, we may collect the following information:
- Contact information and common identifiers: Such as name, address, and email address;
- Login details: Including username and password;
- Employment details (depending on the offering): Including information about a user’s employment, company details and details of whether an individual is an educator. This may reveal general salary bandings based on industry knowledge;
- Education history;
- Demographic information: For example where an offering asks an individual to specify a banding of credit score rating for financial health courses;
- Preferences: Based on user-specific implementations and information about user activities within the Service, including information about the content modules a user views, starts or finishes (including data and time stamps), assessments or scores, and related information, and other information about a user’s activities and use of the Service in order to ensure our digital learning is appropriately teaching the desired critical skill.
Where additional data is collected for a specific course, we will provide further details in our contractual terms.
EVERFI educational assessments and surveys may ask questions based on race, ethnicity, sexual preference. This information is considered a special category under the General Data Protection Regulation; therefore we will only collect it where you choose to provide this information and consent to us receiving it – the questions are always optional. When we receive the surveys, we take steps to fully anonymize it and will only share responses on a fully anonymized and aggregated basis. In our K-12 and Higher Education markets, EVERFI extracts information from survey data before analyzing such data in an aggregated research setting.
Information We Collect Automatically
Information Business Professionals May Provide:
If you want to request a demo of any Service and/or have a conversation with one of our product experts to learn how EVERFI can power your education initiatives, you can provide us with:
- Contact Information: first name, last name, email address, phone number;
- Job Details: job title and a note of which industry you are in;
- Communications preferences.
Information Obtained from Third Parties/Public Sources:
We use third party service providers to enhance and enrich our marketing database of business professionals who have requested further information on our products. They may use information that is made public by you for example via LinkedIn.
- HOW WE USE PERSONAL INFORMATION
EVERFI generally uses the information we collect as follows:
- To provide the Service directly to learners (where applicable).
- To create log-in details for learners (where we are contracting with a sponsoring organization such as a financial institution or higher education institution i.e. a university), to communicate with you about your use of the Service (including via email); to respond to your inquiries; to send you surveys; to fulfill your requests; and for other customer service or internal purposes.
- To troubleshoot any technical issues you might experience while using our Service.
- Where you are a business professional (e.g. sponsoring organization such as a financial institution or higher education institution i.e. a university), to send you communications about digital courses, services and other information we think may interest you where you have requested a demo and with additional information where we have appropriate permissions. We may also enrich our marketing database using publicly available information to tailor our communications and ensure these are relevant to your industry and of interest to you.
- To better understand how users access and use our Service, in order to improve our Service, to respond to user desires and preferences, and for other research and analytical purposes.
- To develop aggregated reports and related analysis regarding user activities.
- To tailor the educational content and information that we may send or display to you, to offer personalized help and instructions, and to otherwise personalize your learning experience while using our Service.
- To comply with applicable legal obligations, including responding to a subpoena or court order.
- SHARING OF PERSONAL INFORMATION WITH THIRD PARTIES
We share the information we collect as follows:
Authorized Entities. If you access the Service through, or are granted access to the Service by a school, school district, college, university, person, institution, employer, or other organization (an “Authorized Entity”), we will share the information we collect about you with the Authorized Entity or its representatives. Such information may include, but will not be limited to: course progress/completion; assessment scores; email address; user ID/identifying tag or username (if applicable); additional aggregated data the Authorized Entity requests.
Social Media Sharing. If a user chooses to share information such as assessment scores through social media outlets, such as Facebook and Twitter, third parties may receive information about a user’s performance on the Service, such as information about digital learning badges and prizes received in connection with the Service.
Third-Party Sponsors. In the K-12 market and, in certain instances, the Higher Education market, EVERFI works with third-party sponsors to bring the Service to some users free-of-charge. In such situations, EVERFI will only share anonymized and aggregated user information. This anonymized and aggregated information may include demographic and geographic profiles to assess the learning progress of categories of Service users.
Legal Disclosures. We may disclose a Service user’s information (including personal information) where we believe that we are required to do so in order to comply with an applicable statute, regulation, rule or law, a subpoena, a warrant or administrative request, a court or regulatory order, or other valid legal processes. We may also disclose personal information where we believe it is necessary to identify, contact or bring legal action against someone who may be violating the Terms of Service for our Service, to detect fraud, for assistance with a delinquent account, as evidence in litigation in which we are involved, or to protect the safety and/or security of our users, the Service or the general public.
Service Providers. We may employ independent contractors, vendors and suppliers to provide specific services related to the Service, such as hosting and maintaining the Service, providing credit card processing and fraud screening, and developing applications for the Service, email services and marketing enrichment services.
International Transfers. EVERFI is a U.S. company and the information we collect will be transferred to, stored and processed in the U.S., as well as other international locations where we have affiliates and service providers. The U.S. and other jurisdictions to where we transfer your information may not offer an equivalent level of data protection as in your home country. As a result, where the personal information that we collect through or in connection with the Service is processed in the United States or collected directly by EverFi. Inc in the U.S., we will take steps to ensure that the information receives the same level of protection as if it remained within your home country. If you are a Data Subject in the European Union or the United Kingdom, you have a right to receive details of those steps where your data is transferred outside the European Union or United Kingdom, (e.g. to request a copy where the safeguard is documented, for example the Standard Contractual Clauses approved by the European Commission - and we will implement additional measures if required to ensure that there is adequate protection of your data).
Aggregate and De-Identified Information. We may also provide aggregate, anonymous or de-identified information about users and the Service for marketing and research purposes. For example, we might inform third parties regarding the number of unique users who visit the Service, the demographic breakdown of our registered users of the Service, and the educational progress of categories of users.
Do-Not-Track Signals. Our platform does not recognize “do-not-track” requests; however, we do not track your activities after you leave our platform.
Local Shared Objects. We may use local shared objects (“LSOs”), such as Flash LSOs to store your preferences and to personalize your visit. LSOs are different from browser cookies because of the amount and type of data stored. Typically, you cannot control, delete, or disable LSOs through your web browser. For more information or to learn how to manage your Flash LSO settings, go to the Adobe Flash Player Help Page, choose “Global Storage Settings Panel” and follow the instructions.
Clear GIFs, pixel tags and other technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages and cannot be disabled through your browser. We may use clear GIFs (a.k.a. web beacons, web bugs or pixel tags), in connection with our Service to, among other things, track the activities of users, help us manage content, and compile statistics about usage. We, and our service providers may also use clear GIFs in HTML emails to our customers to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
- HOW WE LINK AND INTERACT WITH OTHER WEBSITES
Our Service may contain links to other websites not owned or operated by EVERFI, and may provide Service users with access to other websites and services. This may include providing users with the ability to share and automatically post updates (including updates about badges and prizes received in connection with the Service) through social media outlets, such as Facebook and Twitter. Please be aware that we are not responsible for the privacy practices of such third-party websites or services and any access to and use of such linked websites is not governed by this Policy. We encourage you to read the privacy policies or statements of each and every website you visit.
- HOW WE PROTECT PERSONAL INFORMATION
EVERFI implements reasonable and appropriate physical, administrative and technical safeguards to help us protect your personal information from unauthorized access, use and disclosure, and to maintain accuracy and ensure the appropriate use of your information. Where appropriate, these safeguards include encryption. However, no data transmissions over the Internet can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of any information you transmit to us and you do so at your own risk. We believe that we have put in place appropriate physical, electronic, and managerial procedures to help safeguard and help prevent unauthorized access, maintain data security, and correctly use the information we collect online.
You should think carefully before posting any information in any Public Area. What you post can be seen, disclosed to or collected by others and may be used by others in ways we cannot control or predict. As with any public forum on any website, the information you post may also show up in third-party search engines like Google.
- INFORMATION FOR INDIVIDUALS IN THE UNITED KINGDOM AND EUROPEAN UNION
In some instances EVERFI, Inc., which is headquartered in the United States at 2300 N Street NW, Suite 410C, Washington DC 20037 acts as a controller, in particular:
- when we are carrying out marketing activities to business professionals and conducting profiling activities to ensure our marketing is relevant; and
- where we issue course surveys and/or assessments and otherwise undertake data analytics to ensure we can improve our Services.
Where we act as a controller, data protection laws require us to have a legal basis to do so. The following legal basis pertains to our collection and processing of data in the capacity of a controller:
- Our use of your personal information is in our legitimate interest as a commercial organization to perform our contractual requirements with our clients to make improvements to our products and services and enhance the customer and educational experience. This applies to our processing activities described in sections 3B, 3C, 3D (save where we need consent by local law), 3E, 3F and 3G.
- Our use of your personal information is necessary to comply with a relevant legal or regulatory obligation that we have in particular where we are required to disclose personal information to a court, tax authority or regulatory body in the event of an investigation. This applies to our processing activities described in sections 3H and 3I.
- Our use of your personal information is in accordance with your consent. This applies to our processing activities described in section 3A and 3D (where required by local law).
- In certain circumstances, we may also process demographic information revealing data about diversity pursuant to paragraph 8 of part 2 of Schedule 1 of the Data Protection Act 2018 in the UK to ensure equality of opportunity or treatment and for statistical purposes in the wider public interest - this will always be proportionate to the aim pursued.
Your Legal Rights. Subject to certain exemptions, and dependent upon the processing activity we are undertaking, you have certain rights in relation to the personal data we process for you in the capacity of a controller as follows:
Right to access, correct, and delete your personal information: You have the right to request access to the personal information that we hold about you and: (a) the source of your personal information; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred. You also have the right to request that we correct any inaccuracies or delete your information. We are not required to comply with your request to erase personal information if the processing of your personal information is necessary for compliance with a legal obligation or for the establishment, exercise, or defense of legal claims.
Right to restrict the processing of your personal information: You have the right to restrict the use of your personal information when (i) you contest the accuracy of the data; (ii) the use is unlawful but you do not want us to erase the data; (iii) we no longer need the personal information for the relevant purposes, but we require it for the establishment, exercise, or defense of legal claims; or (iv) you have objected to our personal information use justified on our legitimate interests verification as to whether we have a compelling interest to continue to use your data. We can continue to use your personal information following a request for restriction, where: (a) we have your consent; or (b) to establish, exercise or defend legal claims; or (c) to protect the rights of another natural or legal person.
Right to data portability: To the extent that we process your information: (i) based on your consent or under a contract; and (ii) through automated means, you have the right to receive such personal information in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller.
Right to object to the processing of your personal information: You can object to any processing of your personal information which has our legitimate interests as its legal basis if you believe your fundamental rights and freedoms outweigh our legitimate interests. If you raise an objection we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
How to Exercise Your Rights: If you would like to exercise any of the rights described above, please send us a request at email@example.com or fill out this form. In your message, please indicate the right you would like to exercise and the information to which it relates. We may ask you for additional information to confirm your identity and for security purposes before disclosing the personal information requested to you. We reserve the right to charge a fee where permitted by law, for instance, if your request is manifestly unfounded or excessive. We may not always be able to fully address your request, for example, if it would affect the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
Right to lodge a complaint with your local supervisory authority: You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal information. We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
Retention. We will keep your information accurate, complete and up to date. We will retain your data for the period necessary to fulfill the different purposes outlined in section 3, typically for students this will be a period of four years and for corporate organizations will be as long as we are contracted to maintain data. Where we are required to do so to meet legal and regulatory requirements, we will retain your data for longer periods of time, but only where permitted to do so, including so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a possibility of legal action relating to your data or dealings.
- CALIFORNIA PRIVACY RIGHTS
The California Consumer Privacy Act provides some California residents with the additional rights listed below.
Right to Know. You have the right to know and see what data we have collected about you over the past twelve (12) months, including:
- The categories of personal information we have collected about you;
- The categories of sources from which the personal information is collected;
- The business or commercial purpose for collecting your personal information;
- The categories of third parties with whom we have shared your personal information; and
- The specific pieces of personal information we have collected about you.
We do not sell your personal information.
Right to Delete. You have the right to request that we delete the personal information we have collected from you (and direct our service providers to do the same). There are a number of exceptions, however, that include, but are not limited to, when the information is necessary for us or a third party to do any of the following:
- Provide you with a good or service, or otherwise perform a contract between us and you;
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;
- Fix our system in the case of a bug;
- Protect the free speech rights of you or other users;
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et seq.);
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interests that adheres to all other applicable ethics and privacy laws;
- To enable solely internal uses that are reasonably aligned with the expectations of you and us based on your relationship with EVERFI
- Comply with a legal obligation; or
- Make other internal and lawful uses of the information that are compatible with the context in which you provided it.
Other Rights. You have the right to request and obtain from us once a year, free of charge, information about the personal information (if any) we disclose to third parties for their own direct marketing purposes in the preceding calendar year. If applicable, this information would include a list of the categories of personal information that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year. You also have the right not to be discriminated against for exercising any of the rights listed above.
Exercising Your California Privacy Rights. To request access to or deletion of your personal information, or to exercise any other data rights under California law, you may write to us at firstname.lastname@example.org or fill out this form. Please include your full name and email address associated with your use of the EVERFI’s digital learning platform, along with why you are writing, so that we can process your request in an efficient manner.
Response Timing and Format. We aim to respond to a consumer request for access or deletion within 45 days of receiving that request. If we require more time, we will inform you of the reason and extension period in writing.
- HOW TO CONTACT US
Request to Remove or Update Data
If you mistakenly post personal information in a Public Area or if parents want to request the deletion of their student’s data, you can send us an email to request that we remove it by contacting us at email@example.com. If you would like to amend your profile information, you may log in to your account and do so or email us at firstname.lastname@example.org. You should understand that in some cases, we may retain copies of such information in our systems or databases where required or permitted by law.
Request to Opt-Out of Emails
Where we have permission, we may send periodic marketing emails to you. You may opt-out of such communications by following the opt-out instructions contained in the email or by contacting us at email@example.com. Please note that it may take up to 10 business days for us to process opt-out requests. If you opt-out of receiving emails about recommendations or other content we think may interest you, we will still send you service emails about your EVERFI account or any services you have requested or received from us.