PRIVACY POLICY

EVERFI Privacy Shield Notice

EVERFI Inc. (“EVERFI,” “we,” “us,” “our”) complies with the U.S.-E.U. Privacy Shield Framework and the U.S.-Swiss Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information obtained from European Union member countries and Switzerland and transferred to the United States. EVERFI has certified that its processing of personal information from E.U. member countries and Switzerland is in accordance with the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability (the “Principles”). You may view our certification at https://www.privacyshield.gov/. We are subject to the investigatory and enforcement authority of the Federal Trade Commission.

Information We Process. As described in more detail in our Privacy Policy, we collect, in accordance with the Privacy Shield principles, the following categories of information: contact information and common identifiers, login details, company and employment details; education history; demographic information; user preferences and activities; and user device information.

We process this information for the purposes described in the How We Use Personal Information section of our privacy policy, including:

  • to provide and improve our services;
  • for customer service purposes;
  • to send communications about additional digital courses, services and other information where we have appropriate permissions;
  • for research and analytics purposes.

For more information on how we process personal information, please see our Privacy Policy

We also act as a data processor for our customers and Authorized Entities. Where we act as a data processor, we process E.U. and Swiss personal information per our customers’ instructions.

Accessing Personal Information. The Privacy Shield Principles provide individuals located in the E.U. and Switzerland whose personal information we process with the right to access their personal information in order to review, correct, amend or delete information processed under the Principles. E.U. and Swiss individuals who would like to access their personal information or to otherwise exercise their GDPR rights where we act as a data controller may contact us at [email protected].

If we process your personal information as a data processor, please contact the customer or Authorized Entity (as defined in our Privacy Privacy) that provided you with access to the EVERFI Services.

Transfers to Third Parties. As described in the Sharing of Personal Information with Third Parties section of our Privacy Policy, we transfer personal information from the E.U. and Switzerland to third parties, such as our service providers. We contractually require third parties to whom we transfer personal information to provide the same level of protections as the Principles. EVERFI remains responsible for the personal information we receive and transfer under Privacy Shield.

As described in our Privacy Policy, E.U. and Swiss users may choose (in other words, expressly consent) to share certain information, such as assessment scores, with social media outlets.

In accordance with our legal obligations, we may also transfer, subject to a lawful request, personal information to public authorities for law enforcement or national security purposes.

Contacting Us, Complaints and Dispute Resolution. EU and Swiss individuals who have questions or complaints about how we process their personal information may contact us at [email protected]. We will work to resolve your issue as quickly as possible, but in any event no later than 45 days of receipt.

If you are unable to resolve the issue directly with us directly, you may file, free of charge, a complaint with our independent dispute resolution provider, the International Centre for Dispute Resolution – American Arbitration Association (ICDR-AAA) located in the United States. For more information about ICDR/AAA’s dispute resolution process or to file a complaint, please visit https://go.adr.org/privacyshield.html.

E.U. and Swiss individuals may also submit complaints through their local Data Protection Authority (DPA). We will work with the Department of Commerce to resolve any complaints forwarded by a DPA.  Finally, if we are unable to resolve any complaints through any of the above methods, an E.U. or Swiss individual also may invoke binding arbitration in accordance with the Privacy Shield Frameworks. For more information about the binding arbitration process, please visit https://go.adr.org/privacyshieldannex.html for EU individuals or https://go.adr.org/Swiss-AnnexI.html for Swiss individuals.