Privacy Policy
We recognize that your privacy is very important and take it seriously. This Privacy Policy discusses how Edutainment Media, Inc. (dba SkillDirector) collects, uses, maintains and discloses information collected from website visitors, and licensed users of the Self-Directed Learning Engine™ (SDLE) (together "Users"). It is intended to meet our duties of transparency under the “General Data Protection Regulation” (GDPR). SkillDirector adheres to the EU-U.S. Data Privacy Framework (DPF) Principles with regard to personal data transferred from the European and the Swiss-U.S. DPF Principles with regard to personal data transferred from Switzerland.
The purpose of this Privacy Policy is to provide Users with an understanding of what types of information we collect, how we treat it, and choices they may have related to this information. We reserve the right to change our Privacy Policy at any time. To stay updated on our current Privacy Policy, please visit this page often. If you have a question about how a certain type of information is handled, please e-mail us at: sdlesupport@skilldirector.com.
As part of our commitment to Data Privacy and the new Data Privacy Framework program between the US and the EU, UK, and Switzerland , we acknowledge that we are subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) with regards to our adherence to the Data Privacy Framework Program.
Information that we collect
Customer Record – Registered SDLE users provide us with their name, email, job role within the organization, and region. Depending on the implementation, users may also identify an additional assessing party for a 180 assessment (their manager or someone they identify to assess them).
User Inquiry Information – When Users contact us, for inquiries or support, we may ask for information that allows us to contact them, validate the seriousness of their inquiry and request specific information related to the reason they have contacted us. User Inquiry Information may be associated with other information, such as Cookies.
Survey Information – Users may be offered the opportunity to respond to surveys, questionnaires and other requests for information. The types of data that Users provide to us are set out in the survey request.
Statistical Information – All of our servers collect statistical information such as Users' IP addresses, dates Users visit, computers Users are using, and operating system, among other data.
Cookies – The SDLE uses session cookies. Session cookies exist in temporary memory while the user is reading and navigating the website. They enable the SDLE to keep track of your movement from page to page so you don't get asked for the same information you've already provided, and so you don’t have to re-authenticate over and over again. Web browsers normally delete session cookies when the user closes the browser. Cookies may be used in the future to track the length of time and which pages Users view. The equipment we use to provide Services to Users may also place cookies on their computers.
How we use information that we collect
Subpoenas and Other Demands for Information – SkillDirector is required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, as well as comply with demands for information as required by State and Federal law. Examples of these demands include subpoenas, warrants, and civil discovery demands. Information covered by our Privacy Policy may be disclosed following such a request if we determine, in our sole discretion, that such a disclosure is necessary or required. We may also disclose this information if it is necessary or required to protect our interests or the interests of our customers.
Customer Record – We use the Customer Record to identify Users personally. It is used throughout our business to provide services to Users. Information in your Customer Record will only be shared with third parties only if it is necessary to provide Third Party products to you. At this time, no Third Party products require such data.
User Inquiry Information - We use User Inquiry Information to identify Users personally. It is used throughout our business to provide services to Users. User Inquiry Information is shared with third parties in the following circumstances: to identify and fix problems with services we provide when we are not capable of doing so ourselves.
Survey Information – We use Survey Information to identify Users personally. We use it throughout our business to market new products and services to Users. Survey Information is not shared with third parties in ways that identify Users personally. To the extent we share Survey Information with third parties, it is done in aggregate.
Statistical Information – We do not use Statistical Information to identify Users personally. We use Statistical Information to operate our hardware and software, diagnose problems and administer our website. We may use aggregate Statistical Information to modify the application for better usability or enhancements.
Cookies – We may use Cookies to identify Users personally. We use the information provided by cookies to change the way the SDLE looks to Users; to keep Users logged in to certain areas of our website; to ensure continued connection to the Equipment; and to collect demographic data about where Users go on our website and how they behave. Cookies used by our Equipment are used to track and log activities on the Equipment and our Network for security, network maintenance and other related activities.
Data retention and security
Data is stored on a cloud server in a secure facility in the U.S. with all the top security measures and certifications, such as PCI DSS and SOC (formerly SAS 70) frameworks. Each of our customer’s data is physically separated at the database level. The application is logically separated. And each database requires authentication for each database connection. We keep the information covered by our Privacy Policy indefinitely. Our customers may purge information at any time – the application is owned by us, customer data is owned by the customer. We only delete data when requested by our customers. Information collected by the technologies described in this Privacy Policy is protected by SSL 128 bit encryption technology during transmission. Information kept by us in our business is protected using industry standard security measures. Our employees are required to keep information covered by this Privacy Policy confidential - unless disclosure is authorized in this Privacy Policy or by Users. No means of communication or information transmission or storage is totally secure. Because of this, we are not responsible for loss corruption or unauthorized acquisition and use of information covered by this Privacy Policy, or for any resulting damages, including unauthorized acquisition and use.
Accountability for Onward Transfers
While in general and every day business practice, SkillDirector does not transfer personal information to any third party agents for processing, should a third party be needed who is required to process personal data, SkillDirector ensures any such third party agrees to abide by the same data processing standards outlined herein and is responsible for any third party acting as an agent on our behalf.
As part of our commitment to the Data Privacy Framework Principles, we acknowledge our liability in cases of onward transfers of personal data to third parties. An onward transfer occurs when we transfer your personal information to a third party for purposes consistent with the original data processing purposes outlined in this Privacy Policy Statement.
Before disclosing your personal information to a third party, we will ensure that the third party is subject to contractual or legal obligations to provide at least the same level of privacy protection as required by the Data Privacy Framework Principles. We will take reasonable steps to ensure that third parties receiving your personal information process it in a manner consistent with our Data Privacy Framework obligations and limit their use of your data to the purposes for which it was originally collected.
Your Rights Relating To Your Personal Data
You have the right under this Privacy and Cookies Policy, and by law if you are within the European Union (EU), to:
Request access to your Personal Data. If you are within the EU, this enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected. In the SDLE, you have full control over correcting this data yourself.
Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right if you are within the EU to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
Object to processing of your Personal Data. This right exists where we are relying on a legitimate interest as the legal basis for our processing and there is something about your particular situation, which makes you want to object to processing of your Personal Data on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes. There is no direct marketing purposes for data in the SDLE.
Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your Personal Data. If you are within the EU, we will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent. This right only exists where we are relying on consent to process your Personal Data ("Consent Withdrawal"). If you withdraw your consent, we may not be able to provide you with access to the certain specific functionalities of our Site. We will advise you if this is the case at the time you withdraw your consent.
How to exercise your rights
If you want to exercise any of the rights described above, please e-mail us at: sdleprivacy@skilldirector.com.
Typically, you will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, except in relation to Consent Withdrawal, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive, or, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Complaints
If you would like to submit a complaint regarding this Privacy Policy or our practices in relation to your Personal Data, please contact us at: sdlesupport@skilldirector.com.
In compliance with the Data Privacy Framework Principles, SkillDirector commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Data Privacy Framework policy should first contact SkillDirector at: sdleprivacy@skilldirector.com
SkillDirector has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Data Privacy Framework complaints concerning human resources data transferred from the EU and Switzerland in the context of the employment relationship.
If you feel that your complaint has not been adequately resolved, please note that if you are in the EU the GDPR gives you the right to contact your local data protection supervisory authority, which for the UK, is the Information Commissioner's Office. You may also contact the Data Privacy Framework at: https://www.dataprivacyframework.gov/.
Any disputes requiring resolution will be handled, at no cost to you, through the EU Data Protection Authorities.
Under certain conditions, you may be entitled to invoke binding arbitration for complaints regarding Data Privacy Framework compliance not resolved by any of these other mechanisms. Please use this link for additional information regarding binding arbitration.
How long we store your Personal Data
We will retain your information for as long as your account is active or it is reasonably needed for the purposes set out in How We Use Information That We Collect unless you request that we remove your Personal Data as described in Your Rights Relating to Your Personal Data. We will only retain your Personal Data for so long as we reasonably need to use it for these purposes unless a longer retention period is required by law (for example for regulatory purposes). This may include keeping your Personal Data after you have deactivated your account for the period of time needed for us to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.
Data Privacy Framework
SkillDirector participates in the U.S.-EU Data Privacy Framework as well as the U.S.- Switzerland Data Privacy Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, United Kingdom, and Switzerland to the United States. SkillDirector has certified that it adheres to the principles of notice, choice, onward transfer, security, data integrity and purpose limitation, access, and recourse/enforcement/liability.
Please find a link to the full list of companies participating in Data Privacy Framework here.
This policy is effective as of Jan 1, 2014. Updated August 1, 2023.