Last Updated: June 24, 2019
BrainStorm, Inc. (“Brainstorm,” “we”, “us” and “our”) is committed to protecting your privacy. BrainStorm is a U.S.-based corporation that provides change management solutions through its online, cloud-based QuickHelp™ software application and electronic instructional content (“QuickHelp”), as well as instructor-led training (“ILT”) and an immersive cloud-based training and facilitator bootcamp (“CIE”).
In order to provide the best experience possible, BrainStorm collects and processes different kinds of personal information and data. Please read this Policy carefully to understand our policies and practices regarding your information and how we will treat it. BrainStorm will collect and process personal information only after you provide your consent by clicking the “Yes, I agree” button below. If you do not agree with our policies and practices, your choice is to not use our Services. As discussed below, this Policy may change from time to time. Your continued use of the Services after we make changes is deemed to be acceptance of those changes, so please check the Policy periodically for updates. If you ever wish to withdraw you consent, you can access that feature in your user “Settings” in QuickHelp.
- Our QuickHelp™ platform
- ILT or CIE events
- Our service and support for our software, training and services
- Our other communications to you, including when you interact with us through our Websites, or when we communicate by phone, email, live chat and social media
(collectively referred to as our “Services”). The policy also describes the choices available to you regarding the use of, your access to, sharing of and deletion of personal information and how to update and correct your personal information.
As discussed below, this policy may change from time to time. Your continued use of our Services after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.
EU-U.S. and Swiss-U.S. Privacy Shield Frameworks
BrainStorm complies with the EU- U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and/or Switzerland, as applicable, to the United States. BrainStorm has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
The Federal Trade Commission (“FTC”) has jurisdiction over BrainStorm’s compliance with the Privacy Shield Principles. BrainStorm is also subject to the investigatory and enforcement powers of FTC. In addition, BrainStorm is required to disclose personal information in response to lawful requests by public authorities, including to meet national security and/or law enforcement requirements.
In compliance with the Privacy Shield Principles, BrainStorm commits to resolve complaints about your privacy and our collection or use of your personal information. European Union and/or Swiss individuals with inquiries or complaints regarding this Policy should first contact BrainStorm at firstname.lastname@example.org or by postal mail at:
Ten South Center Street
American Fork, UT 84003
BrainStorm has further committed to refer unresolved Privacy Shield complaints to an alternative dispute resolution provider located in the United States. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge), JAMs, as the following link: https://www.jamsadr.com/eu-us-privacy-shield.
Under certain conditions (more fully described on the Privacy Shield website – please click here for information regarding the Privacy Shield), you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
BrainStorm complies with the Privacy Shield Principles for all onward transfers of personal data from the European Union and Switzerland to any third parties acting as an agent on its behalf. BrainStorm remains liable under the Privacy Shield Principles if an agent processes personal information covered by this Policy in a manner inconsistent with the Privacy Shield Principles, except where BrainStorm is not responsible for the event giving rise to the damage.
INFORMATION BRAINSTORM COLLECTS
We collect personal information from you in several ways. You provide us with certain personal information when you register for access and otherwise use our Services. Some of this personal information is provided directly by you during the initial intake survey and profile set-up, and includes without limitation your name, username, password, email address, department, job title/role, and basic characteristics of your role. BrainStorm also collects personal information automatically as you interact with our Services. We may collect personal information from you when you register as a user or to learn more about our products, request a demo, provide comments and suggestions, sign up for newsletters, enter promotions, interact with us on our social media channels, order products or services, request and use maintenance and support services, request white papers, sign up for events or seminars, submit content or send us feedback. If you do not want us to collect this information, please do not provide it. We directly collect the following types of information that you provide to us:
INFORMATION YOU PROVIDE TO US
- QuickHelp. We collect your name, email address, job title, department, the assets you view and SkillPaths you complete, and assign points and badges based off your activity on our platform.
- User information. This means personal information collected about users of the Services and includes contact information such as name, e-mail address, contents of emails, address, and phone number or other information that you might provide to us in an online form, or when you contact us by e-mail, telephone, live chat or through our social media accounts. User information also includes your login credentials, the details of how you use our Services, and information you provide us to license or purchase our Services, to receive marketing from us and for us to deliver our Services.
- Business account information. This means business-contact personal information such as name, title, job function, business name, business address, business e-mail address, and business phone number that we collect about people we serve or work with, including without limitation actual and prospective customers, alliance and channel partners, contractors, vendors, service providers and other parties interested in BrainStorm or its products and services. We use this personal information to support your account, respond to your inquiries, perform accounting functions, provide you with information about us, our products, and Services, and to otherwise maintain our business relationship with you.
- Customer personal information. This means personal information that is owned by our customers and provided to or collected by us to provide our Services. BrainStorm respects the privacy of all customer personal information and views it as the customer’s property. With respect to information collected through our Services at the direction of customers, our use of the customer personal information shall be limited to the purpose of providing the service for which the customer has engaged BrainStorm. We do not control what customer personal information we may receive and host, nor what steps the customer has taken to ensure that the data is reliable for its intended use, non-infringing, accurate, complete, and current. If data is customer personal information, an individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his query to BrainStorm’s customer. BrainStorm will use customer personal information to fulfill obligations under our agreements with the customer and to identify other BrainStorm products or services which may benefit the customer. For instance, we may be engaged by the customer to help upload its data, to assist with configuration, or to provide support services. We may also transfer customer personal information to other service providers that help us provide our service. Transfers of customer personal information to subsequent third parties are covered by the service agreements with our customers. If a customer provides any personal information about any third parties to BrainStorm, the customer is responsible for providing any notices and obtaining any consents required by applicable law necessary for BrainStorm to access, and use, process, and disclose and otherwise process that customer personal information under this policy.
- ILT and CIE. In order to register you for ILT and/or CIE events, we may collect you name, title, email address, company name, phone number, and your employee identification number.
INFORMATION WE AUTOMATICALLY COLLECT FROM YOU WHEN YOU USE THE SERVICES.
The information we collect automatically is statistical information and may include personal information, or we may maintain it or associate it with personal information we collect in other ways or receive from third parties. If you do not want us to collect this information, please do not use the Services.
- What are cookies? “Cookies” are small text files that are stored by your web browser on your computer's hard drive or on your mobile device when you visit a website. Our Services use both session cookies and persistent cookies. Session cookies are temporary cookies that expire (and are automatically erased) when you close your browser. Persistent cookies usually have an expiration date far into the future and thus stay in your browser until they expire, or until you delete them.
- We use strictly necessary cookies – which enable Services you have selected. We use certain cookies which are essential to the operation of our Services. For example, these types of cookies enable you to log into secure areas of our Services, provide the necessary security your visit to our Services requires, and help ensure the content of the pages you request load quickly. Without these cookies, Services that you have asked for cannot be provided as required.
- Functional Cookies- – which remember your choices to improve your experience. We use certaincookies to allow our Services to remember choices you make, such as, remembering your preferred language, the type of device you are using, the region you are in and your username or ID for our Services. The aim of these cookies is to provide you with a more personal experience so that you don't have to reset your preferences each time you visit us. As described below, you may disable any of these functional cookies; but if you do so, then various functions of our Services may be unavailable to you or may not work the way you want them to.
- Marketing/Targeting Cookies: – which collect anonymous / pseudonymous information for the purpose of display advertising. On our Services, we might use remarketing cookies of certain display advertising service providers. These serve the purpose of displaying advertisements to those users of third party websites which have previously visited one of our Services. For this purpose, we collect the information that a certain user has visited specific sites of our Services. This information will be linked to a marketing cookie – a text file which is placed on your device by the display advertising service provider. When you visit other websites, specific advertisements regarding our offers may be displayed to you based on your past visit to our Services.
- Conversion Tags: We have integrated respective conversion tags on our Services. These tags utilize cookies which were placed on your device by the display advertising service provider. When a user clicks on an ad leading to our Services, a temporary cookie is placed on his device. When you complete a certain action on our Services, this cookie will be recognized and a conversion will be recorded. We neither have influence on which exact data will be collected by these cookies nor do we know the full extent of the data collection. The respective display advertising network provider is solely responsible for the data collection and use of such data.
- Cookies that have been set in the past. If you have disabled one or more Analytics Cookies, we may still use information collected from cookies prior to your disabled preference being set; however, we will stop using the disabled cookie to collect any further information.
- Log files. We gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, device identifier, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp, clickstream data, and other usage data. We may combine this automatically-collected log information with other information we collect about you. If you reach out to us over the telephone or via facsimile, we may also log telephony information such as your phone number, forwarding calls, SMS routing information and types of calls.
c. Services Use. We may use technologies to automatically collect information from you when you use the Services. We collect this information to, among other things, provide you information and benchmarking based upon your usage of the Services, which are used in analyzing trends, administering the Services, tracking users’ utilization and to gather information about our customer user base as a whole.
HOW WE USE THE INFORMATION WE COLLECT
Wemayuseinformationcollectedfromor aboutyou for anyofthefollowingpurposes:
- We will use your information when it is necessary for us to perform a contract we are about to enter into or have entered into with you, including without limitation when we respond to your requests about entering into a contractual relationship, to help you create an account, to process your orders, to respond to your requests, to help you pay for our Services, to manage our relationship with you, to provide the Services and help you use the Services, to help you participate in and to process your contest or sweepstakes entry or pay a reward.
- We will use your information where needed to comply with legal or regulatory obligations, including without limitation, to comply with job applicant reporting or background check obligations and to manage our relationship with you by providing this Policy and any changes and updates thereto.
- We will use your information where necessary for our legitimate interests or those of a third party’s, and your interests and fundamental rights do not override those interests, including without limitation, to process and deliver your orders, to manage our relationship with you, to administer and protect our business and our Services, to deliver the Services, content and advertisements to you and to evaluate the effectiveness of the Services, content and advertising, to tailor the Services, content and advertising, to use data analytics and other automated processing to evaluate and improve the Services, to make recommendations to you and to process your job applicant and related information when you participate in the recruiting process.
- We will use your information when we have provided you with notice of processing and obtained your consent in a manner compliant with the requirements set forth in GDPR, including without limitation allowing you to opt-in and opt-out of the marketing of our Services to you. You may withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
We may rely on more than one lawful basis for processing your specific information that we collect from you for the uses set forth in this Policy.
- To respond to your requests or to tailor content. As you use the Services, you may request information from us. We will use your information to respond to your requests. These requests may include processing orders and processing downloads for whitepapers or product demonstrations or evaluations
- To provide services to you. These may include reports, consulting, educational, maintenance and support services for which you have inquired or contracted. For instance, as part of support services, our technical staff may require periodic access to services data to troubleshoot or monitor your system. We may provide technical support and related product information via customer support portal. We may require access to your systems to implement our Software. Any temporary copies of data accessed, used or created as a necessary part of these services are only maintained for time periods relevant to those purposes. As part of these services, we may be required to remotely access your systems or an individual computer in order to troubleshoot a support issue or have direct physical access as part of an onsite engagement. We may also use this data to provide you service and product updates and notices.
- To provide informational services. We may use personal information while providing online forums such as user groups and bulletin boards. We may also do so while delivering live or online events such as training seminars or conferences, including third-party events sponsored by BrainStorm.
- Prevent improper or illegal activity. We may use information to protect, investigate and deter against fraudulent, unauthorized or illegal activity.
- To meet legal requirements. BrainStorm may be required to provide personal information to comply with legally mandated reporting, subpoenas, court orders, or other legal process requirements.
- To market our products and services. We may inform you about our products, services or events and otherwise perform marketing activities. Further, we may use information for analytics purposes.
- Verify Users. We may use personal information to manage and verifyyour account and the identity of users of the Services.
- Local Storage of Information. Our Services may collect and store information locally on your device, including without limitation browser web storage and application data caches.
- Job applicants. We may use your information to comply with applicable laws and regulations, to negotiate and enter into an employment agreement with you, to process your job application and evaluate your candidacy, for our record keeping, analyzing the job recruitment process and other employment related processing, including retaining information for alternate job positions. We may use your information to make reasonable adjustments for candidates with a disability. We may also use your information to seek appropriate consent when legally required for processing special categories of data.
- Other purposes. We may use personal information for anyother legal, businessormarketingpurposesthat are notinconsistent with the termsof this Policy.
- But not for sale or rent. We do not sell or rent your information to third parties.
- Store Your Preferences and Settings. Settings that enable our products or services to operate correctly or that maintain your preferences over time may be stored on your device. We may save preferences, such as device (e.g., computer, laptop or mobile device) language, browser and multimedia player settings, so those do not have to be reset each time you return to the site. If you opt out of interest-based advertising, we store your opt-out preference in a cookie on your device. Cookies can help you fill out forms on our site. [PLUGINS? They also provide you with customized content in conjunction with our plugins.]
- Sign-in and Authentication. When you sign into one of our Services using your personal Brainstorm account, we store a unique ID number, and the time you signed in, in an encrypted cookie on your device. This cookie allows you to move from page to page within the site without having to sign in again on each page. You can also save your sign-in information so you do not have to sign in each time you return to the site.
- Storing Information You Provide to a Website. When you provide information, or add applications, products, software or services to a shopping cart when shopping on our Services, we store the data in a cookie to remember the products and information you have added.
- Social Media. Some of our Services include social media cookies, including those that enable users who are logged in to the social media service to share content via that service.
HOW WE SHARE YOUR INFORMATION WITH THIRD PARTIES
BrainStorm may disclose personal information in the following circumstances:
- QuickHelp. If you are using or have used QuickHelp, your name, job title, and the points and badges you earn may be visible (if enabled by your employer) to others within your organization through QuickHelp’s gamification feature and user ranking system. In addition, the specific assets you view and SkillPaths you complete, along with other personal information, will be visible by your organization’s administrators.
- Business Partners and Subcontractors. To business partners and subcontractors (such as third-partydistributors and resellers, vendors, suppliers andotherservice providers), who may use the information to fulfill product orders, develop and improve products, contact you about product orders or in connection with the performance, operation, and support of the Services or solutions, performing marketingor consulting services, or as otherwise appropriate in connection with a legitimate business need. Further, we may disclose personal information to service providers who host or facilitate the delivery of online training, seminars and webinars; email-delivery services and other technology providers; and third parties that may assist in the delivery of marketing materials, technical support services, or other products, services or other information. These companies are authorized to use your personal information only as necessary to provide these services. Unidentifiable information regarding your interaction with QuickHelp may be shared securely with trusted third-party services to enhance functionality in our platform.
- Third Party Analytics Providers. To third parties who conduct marketing studies and data analytics, including those that provide tools or code which facilitates our review and management of our cloud-based software, such as Google Analytics or similar software products from other providers. For more information about how Google collects and processes data when you visit websites or use apps that use Google technologies, please see “How Google uses data when you use our partners' sites or apps” at www.google.com/policies/privacy/partners.
- Resellers and Distributors. With authorized reseller partners and distributors so that they may follow up with you regarding BrainStorm products and services that you have purchased through them.
- Responseto Subpoenasor CourtOrders,orProtection of Our Rights.As required or permitted by law, or when we believe in our sole discretion that disclosure is necessary or appropriate to protect our rights, protect your safety or the safety of others, investigate fraud, comply with a judicial proceeding or subpoenas, court order, law-enforcement or government request, including to meet national security or law enforcement requirements, or other legal process.
- To Our Affiliates. Wemaysharesomeor allofyour informationwith oursubsidiaries andcorporateaffiliates, jointventures,or other companies that are or may become undercommoncontrol with us. Wewillrequiretheseentitiestocomplywiththetermsof thisPolicywith regardtotheiruseofyour information.
- Publicly Posted Content. If you post comments, images, and other content to a public-facing page, that information (associated with your user name) will be publicly viewable.
ACCESSING, CORRECTING, UPDATING, TRANSFERRING, RESTRICTING, DELETING & RETAINING YOUR PERSONAL INFORMATION:
As a data subject, you have certain rights available to you regarding your personal information, and we at BrainStorm aim to respect and honor those rights. If you notice an error in your personal data, you may rectify such errors by updating your settings under your user profile. Upon request, BrainStorm will provide you with information about whether we possess any of your personal information. To find out if we possess your personal information or to make a request to access, correct or update your personal information, please contact us at email@example.com with “Personal Information Request” in the subject line, and provide us with full details in relation to your request, including your contact information, your company’s name and any other detail you feel is relevant.
If you would like your personal information erased, restricted or transferred, or if you wish to withdraw your consent to our data collection and processing, or your personal information has been processed in violation of the Privacy Shield Principles please contact us at firstname.lastname@example.org with “Erase My Personal Data”, “Restrict or Transfer My Personal Data” or “Withdrawing My Consent to Data Collection/Processing” in the subject line, and articulate your specific request in the body of the email.
Upon request by e-mail or mail (to the addresses noted below), BrainStorm will provide you with reasonable access to your personal information, unless otherwise legally unable to do so. In addition, BrainStorm will take reasonable steps to permit individuals to correct, amend, transfer, restrict or delete information that is demonstrated to be inaccurate or incomplete. BrainStorm shall provide a response to your requests within 30 days of receiving such request.
We will retain your personal information and the data we process on behalf of our customers for as long as your account is active, your request to receive information from us has not been revoked or as needed to provide you services. We will retain and use this information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
If you delete any of your account information, we may retain certain information if required by law or for legitimate business purposes or to complete our contractual obligations to you.
If you become an inactive customer, or if we close or suspend your account, we will continue to adhere to the then current Policy when we collected your information so long as we retain it in our possession.
If your application for a job is successful, your information gathered during the recruitment process will be transferred to your human resources files subject to our internal human resources policies and procedures and retained as employment data. If your application is unsuccessful, we may, with your consent, keep your information on file for future employment opportunities. You may withdraw your consent at any time.
We may delete any or all of your information at any time without notice to you for any reason or no reason unless otherwise required by law or contract to retain it.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your information (or to exercise any of your other rights). This is a security measure to ensure that your information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We will attempt to respond to any request to access your information within 30 days. It may take us longer if your request is complex or you have made multiple requests in which circumstances we will notify you and keep you apprised of our progress.
If you are a California resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your personal information by BrainStorm or its affiliates to a third party for the third party’s direct marketing purposes. To make such a request, please send an email to email@example.com or write us at the address listed below.
PREFERENCES AND OPTING-OUT
- Communications/Marketing. Our Services provide visitors and customers the opportunity to opt-out of receiving specific types of communications from us and our partners at the point where we request information about the visitor or customer. If you have previously signed up to receive information about our Services, you may unsubscribe or opt out of all future marketing communications from us that do not relate to products or services you have already ordered by removing your contact and other information from our marketing and communications databases by (a) sending an email to firstname.lastname@example.org with “Unsubscribe or Opt-Out Request”; or (b) clicking the unsubscribe link on any email marketing communication you receive.
- QuickHelp Platform. You may access your account to make changes in your preferences.Before we send you any email from QuickHelp, you will be asked to “opt-in” to those communications. If you have opted-in to receiving email communications from QuickHelp, you may stop receiving those email communications by managing your email notification settings under your user profile.
- How to allow/deactivate cookies. You can also delete cookie files from your hard drive, or avoid them altogether, by configuring your browser to reject them or to notify you when a cookie is being placed on your hard drive. Most Internet browsers allow you to block cookies from your browser. If you do not agree to the use of these cookies, you can follow the instructions provided by your browser (usually located within the “Help”, “Tools” or “Edit” portion of the browser toolbar or options or by following the instructions for your browser set out here: http://www.allaboutcookies.org/). You may also visit the Network Advertising Initiative opt-out page at http://www.networkadvertising.org/choices/or use the automated disabling tool where available. However, some of the Services will not function well if cookies are disabled. Where the organization setting the cookie provides an automated disabling tool in respect of its cookie(s) we provide a link to its automated disabling tool below.
- How to opt out of targeted advertising. You can generally opt-out of receiving personalized ads from third party advertisers and ad networks who are members of the Network Advertising Initiative (NAI) or who follow the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising (DAA) by visiting the opt-out pages on the NAI website and DAA website. Also, if you do not want to have your information used for the purpose of serving you targeted ads, you may opt-out by clicking on TrustArc’s Your Advertising Choices page at http://preferences-mgr.truste.com/ or, if in the European Union, http://www.youronlinechoices.eu/. Please note this does not opt you out of being served advertising. Depending upon the Service, you may continue to receive generic ads. Not all features of the Services will function as intended if you reject cookies.
NO USE BY CHILDREN
The Services are not intended for users younger than 16. Wedo not knowinglycollectcontactinformationfromchildrenunderthe ageof 16 withoutverifiable parentalconsent. If webecomeawarethat a visitorundertheageof 16hassubmitted personal informationwithoutverifiableparental consent,wewill removehisor herinformationfromour files.
LINKS TO OTHER WEBSITES
DO NOT TRACK REQUESTS
Your Internetbrowser and mobile devicemayallow youtoadjust your browser settingsso that “donottrack”requests are sent to the websites you visit. BrainStorm respects your wishes and will not track user activity once “do not track” signals have been activated. Some of our Services, such as QuickHelp, may not function properly if you disable cookies or activate a “do not track” signal.
TRANSFER OF PERSONAL INFORMATION TO THE UNITED STATES
Your personal information will be transferred to the United States. BrainStorm will use standard contract clauses approved by the European Commission, adopt other means for such transfers permissible under European Union law, and seek your consent to legitimize data transfers from the EEA to the United States and other countries.
BrainStorm will take reasonable precautions to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the personal information. BrainStorm hosts QuickHelp in Microsoft’s cloud computing service known as Azure. Full details on Azure’s data center may be found here. We work to protect the security of your information during transmission by using Secure Sockets Layer (SSL) software, which encrypts information you input. However, no method of transmission or storage is 100% secure. While we strive to use commercially reasonable and appropriate means to protect your personal information, we cannot guarantee its absolute security.
If you have any questions about security on our website, you can e-mail us at email@example.com with "Questions about Data Security" in the subject line.
QUESTIONS? COMPLAINTS? HOW YOU CAN CONTACT US
Ten South Center Street
American Fork, Utah 84003
When we receive formal written complaints, we will contact the person who made the complaint to follow up. As appropriate, we work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve with our users directly.
If you are located in the EU, after May 25, 2018, you have the right to lodge a complaint with a supervisory authority in relation to the processing of your personal information, but we would appreciate the opportunity to speak with you first and resolve your issues.
CHANGES TO THIS POLICY
DATA PROTECTION OFFICER
You may reach our Data Protection Officer at firstname.lastname@example.org. You can also write to our Data Protection Officer at the following address:
Attn: Data Protection Officer
Ten South Center Street
American Fork, Utah 84003
Ten South Center Street
American Fork, Utah 84003