Effective May 25, 2018
- How to Reach Us. Please contact us at the following address:
Data Protection Officer
400 Fairway Drive, Suite 101
Deerfield Beach, FL 33441, USA
Or at email@example.com
We collect only personal data that we believe to be strictly necessary in order to provide you with the Site services to which you indicate a desire to subscribe, or the Products which you desire to purchase/license. In each case, you are given the option of providing the personal data, if you wish us to fulfill delivery of the Site service or Product in question, or not provide it (except for certain technical data and website usage data, which are used to facilitate and enhance Site usage, and in most cases is only retained and used in the aggregate generally anonymized and de-identified).
- How We Collect This Data. Much of the data we collect from you is collected on the Site. For example:
a. If you click the “Get in Touch” bar on the Trivantis Complete webpage, regarding the Product Trivantis Complete or another solution, we collect your Name, Email Address, Phone, Company, State if applicable, and Country.
b. If you click “Free Trial” on the Lectora Online channel on the Products webpages, we collect your Name, Email Address, Company and Phone.
c. If you click “Buy Now” on the Lectora Online channel or any other Product channel or the Shop webpage, you must fill in Name, Email Address, Company, Phone, Physical Address, and also the requested billing information, including Credit Card information.
d. If you click Upgrade on the Lectora Inspire or Lectora Publisher channel, in addition to Name, Email Address, Company and Phone, you must input your Lectora Product License Key.
e. If you already have a Trivantis account, or a Product account (such as CourseMill), you will be asked to input your User ID and Password.
f. If you wish to participate in the Trivantis Community, you will be asked to Register or Log In, and to Register you need to provide Email Address, Name, Company, Website or Linked URL, and to choose a Password.
g. If you wish to subscribe to the Trivantis Blog or to get offers and discounts by email on the Shop channel, you will be asked to provide your Email Address.
h. In general, these options (Free Trial or Request a Demo, Buy Now, Upgrade, Log In) exist for most Trivantis Products, and you drive what personal data you are asked to provide based on what you want to do relating to our solutions. We seek what is necessary to fulfill a contract with you, or in the case of Free Trials, to contact you afterwards, based on your consent.
- What Is the Basis for Our Personal Data Collection. We have explained what personal data we collect, how and why. Under certain laws applicable to European residents who may use our Site services and Products, such as the General Data Protection Regulation (GDPR), we need to clarify the basis for the collection of your personal data. In many cases of data collection described above, we collect the personal data we need to perform the contract we are about to enter with you, or which we have entered with you.
a. Contractual Basis: If you indicate that you want to purchase a Product from us, we need you to provide the identity, contact, financial and possibly transaction data described above, so that you can pay for the Product purchased and we can deliver it, although as mentioned, we do not retain any credit card data, which is provided and maintained on a third-party [payment processing] site with commercially appropriate security and data protection for such financial data. Therefore, this has a contractual basis: we need this information to be able to perform a contract with you.
b. Legitimate Interests: If you indicate that you want to participate in the Trivantis Community, or you want to receive special offers from Trivantis, then you understand that it is reasonable for us to collect the personal data necessary to be able to provide you with the offer or item or participation you have requested, even if it falls short of a contractual requirement. Moreover, when we collect data analytics to improve the user experience, we believe that our users recognize that there would be legitimate interests in our doing so.
c. Consent: When we obtain your data so that we can make further contact with you, so that you might choose to buy/subscribe to a Product, but there is no requirement that we collect your data to achieve this result, such as when we ask for your Email address before you can open a Demo, we will seek your consent, and you will have the rights to revoke that consent as indicated below. Often there is a marketing objective when we ask for your consent. And we also seek your consent when persistent cookies are placed on your device to ensure a better user experience.
- How We Use Your Personal Data. We primarily use personal data that you provide to us market, sell, license and deliver our Products or services to you, as described above, or to maintain, customize and add new resources and products and services that may be of interest to you, to enable you to participate in Site services such as the Trivantis Community, and to allow communication and interaction between you and Trivantis. In addition, we will share the personal data we collect from you under the following circumstances:
b. Asset/Equity Transfers. If we become involved in a merger, acquisition or other transaction involving the sale of some or all of Trivantis’ assets or equity, information on customers and Site users, including personal data collected from you through your use of the Site and its services, could be included in the transferred assets, subject to applicable law. Users of the Site will be notified via a prominent notice on the Site prior to a change of ownership or control that would involve a transfer of your information held by us, subject to applicable law, including any statutory periods restricting disclosure.
d. Marketing Purposes. We will occasionally use your personal data for our own marketing purposes, subject to applicable law, and subject to your clearly indicated right to opt-out of receiving any such communications from us. If you are a resident of the European Union, we will require your express consent in order to be able to send your marketing-related communications. See the expanded Marketing section below.
e. Usage Data. We may share Usage Data and other aggregated, anonymized information that shows patterns, trends, preferences, and other collective characteristics of our customers and Site users, with third parties. Disclosure of this information helps us and our marketing partners evaluate and tailor our communications, advertisements, services and general business practices to the needs of our Users.
f. Public Authorities. We may disclose your personal data in response to lawful requests by public authorities, including to meet national security or enforcement requirements.
b. Additional Information about Site Usage Data. Tracked information: our servers automatically track certain information about you as you use our Site, some of which may contain personal data. This information may include the URL that you just came from, which URL you go to next, what browser you are using, which webpages and services you use on the Site, how long you spend on particular webpages, and your IP address. Our Site logs track and collect aggregate and sometimes anonymized or de-identified Site usage data, such as the number of hits and visits to our Site (“Usage Data”). This information is used for internal purposes by technical support staff to provide better services to you, the public and Site visitors and may also be provided to third parties, but the statistics are aggregate and contain no individual personal data. We do not ask for, collect or knowingly receive sensitive personal data. To the extent that the aggregate and anonymized Usage Data is obtained from European residents and is not fully de-identified, either we will rely on the legitimate interests of Trivantis in collecting such data to provide a better Site experience, or we will ask for your express consent.
- How Marketing Uses Personal Data. We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
a. Promotional Offers from Us. We may use your Identity, Contact, Technical, Usage and Profile Data to determine what may be of interest to you. This is how we decide which products, services and offers may be relevant for you. You will receive marketing communications from us if you have requested information from us or purchased Products from us and, in each case, you have not opted out of receiving that marketing.
b. Third-party Marketing. We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
c. Opting Out. You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time. Where you opt out of receiving these marketing messages, this will not apply to personal data that you have provided to us as a result of a purchase of Products or similar transactions.
d. Change of purpose. We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
- How You May Control, Rectify and Erase Your Information; Data Portability.
a. Residents of European Union and Switzerland: Personal Data Control Rights. You have the rights to (i) request access to your personal data, and receive a copy of it and to check it we are lawfully processing it; (ii) request correction or rectification of your personal data, which means to have incomplete or inaccurate data we hold about you corrected, subject to our right to verify the accuracy of the new data you provide; (iii) request erasure of your personal data, where there is no good reason for us continuing to process it, where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we must erase your personal data to comply with applicable law.
b. Additional Commentary and Right to Restrict Processing. To provide a bit more detail, you can request rectification verbally or in writing, and we will respond within 30 days if your request is appropriate. While we are checking out your request, you have the right to ask that we restrict the processing of your personal data. After review, we may respond that we believe the personal data is accurate, and we will not be amending it. If we believe that your rectification request is manifestly unfounded or excessive, or repetitive, was may condition our response on your payment of a reasonable fee to deal with your request, or refuse to deal with it, explaining our decision. In either case, you can then make a complaint to the pertinent data protection authority as indicated below.
c. GDPR Rectification Requests. We suggest that you send any request to firstname.lastname@example.org, and call it “GDPR Rectification Request” in the header. This is not a legal requirement, but it increases the likelihood of a timely response if we can catalog your request. If your request is complex or part of multiple requests from you, we have the right to extend our response time by an additional two months provided we keep you informed. If we are uncertain or suspicious about the identity of the person making the rectification request, we can ask you for additional ID.
d. Right to Erasure: Some Limits. The right to “erasure” of your personal data is sometimes called the right to be forgotten. However, you only have the right to erasure if our basis for holding your personal data is consent, because your giving consent implies your right to reverse your consent. However, much of the personal data we hold is NOT based on your consent, but rather has another basis such as a contractual or legitimate interests basis. For example, if we hold personal data about you as a party to which we have fulfilled a license of software, and we are continuing to provide support services, we are under no obligation in such circumstance to remove your personal data (or existence) from the case record. In relation to a request for erasure, we will not charge any fee.
We mentioned above that you have the right to request us to restrict the processing of your data, and we will not charge a fee for this provided that the request is not excessive or unreasonable. You have this right in the following circumstances: (i) you contest the accuracy of the personal data; (ii) the personal data has been unlawfully processed, but instead of erasure, you want processing restricted; (iii) we no longer need the personal data, but you would like us to keep it in order to establish, exercise or defend a legal claim; or (iv) you object to our processing of personal data, but we have not yet responded to your request. At that point we will store but not process the data, and we will not lift the restriction until we have rendered a decision on the accuracy of the data or whether our grounds for resuming processing override your legitimate grounds for restriction. We will inform you of our decision before lifting the restriction.
e. Data Portability: if we process your personal data by automated means based on your consent, or performance of a contract, and not another legal basis, then you have the right to request that we provide you a copy of your personal data in a structured, commonly used, machine-readable form, such as a CSV file. We will do this free of charge. If it is technically feasible, you can request that we transmit the personal data directly to another organization, rather than to you. We will respond to your request within 30 days, unless the request is complex or you send us multiple requests, in which case we have the right upon notice to you to extend our response by another two months. We also have the right to obtain sufficient information about your identity to ensure that the request is not fraudulent. If we determine that access should be restricted, we will provide you with an explanation as to why we made that determination, and give you a contact point for any further inquiries. For example, if we are unable to separate confidential commercial information from your personal data, we have the right to deny or limit access to avoid revealing such confidential commercial information or redact the confidential commercial information. Moreover, we have the right to set reasonable limits on the number of times within a given period you have the right to make access requests, so as to limit repetitious or vexatious requests.
f. Data Protection Authority for EU Residents. Given that our only data center in the European Union is at Amazon Web Services in Ireland, we suggest that the Irish Data Protection Commissioner would be the appropriate Data Protection Authority (DPA) for recourse under the GDPR for any cross-border processing activity, or that involves citizens of more than one EU country, if you are dissatisfied with our handling of your request.
g. All Other Users (Outside EU). You have the right to access your personal data. You may choose to opt out of certain disclosure if you do not want your information to be disclosed to a third party or to be used for a purpose materially different than the purpose for which it was originally collected or subsequently authorized by you (unless the disclosure is merely to an agent performing tasks for us under our instructions or control). You may request that we update, correct, amend or delete any of the personal data or other information we have collected from you, or you may opt out of receiving Trivantis emails and other communications, by sending an email to us at email@example.com. We may choose not to fulfill any request that we determine is illegal or incorrect, where we need to maintain the personal data because of our contractual or legal obligations (e.g., personal data in case files), where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy, or where the rights of persons other than the individual would be violated, but our intention is to comply with opt-out requests, and other requests that seek to correct, update or delete your personal data, as fully as possible in accordance with applicable law.
h. Sensitive Personal Data. We do not ask for, collect or knowingly receive sensitive personal data, i.e., personal data specifying medical or health conditions, racial or ethnic origin, political opinions, religious beliefs, or information relating to sex life (unless this is part of case information that we administer). Organizations that seek or disclose such sensitive personal data must receive your affirmative express consent (opt in) before disclosing it to a third party or using it for a purpose other than that for which it was originally collected or subsequently authorized.
- Security. Any personal data that you provide to us is stored on servers located in secure third-party data centers with restricted access, and which are protected by protocols, procedures and best practices designed to ensure the security of such information. In addition, we restrict access to personal data to Trivantis employees, independent contractors and agents who need to know this information in order to develop, operate and maintain the Site and Products, and are subject to confidentiality obligations. For further information, please see Trivantis’s Information Security Policy here. However, no server, computer or communications network or system, or data transmission over the Internet, can be guaranteed to be 100% secure. As a result, while we strive to protect your information, we cannot guarantee the security of any information you transmit to us or through the use of the Site or any of the services. In the event that we believe that there has been a security breach involving your personal data, we would endeavor to notify you promptly in accordance with applicable law. In the event such notification is appropriate under the circumstances, we would first try to notify you at the latest email address we have for you on record, subject to legal requirements.
- Children’s Privacy. The Site is a general audience website not intended for any person under 18 years old. We do not knowingly collect personal data from any person under the age of 13.
Additional Questions? Contact Us