Your Personal Data
In the course of your relationship with us, we collect several types of Personal Data. “Personal Data” is information that can be used to identify you, either alone or in combination with other information. By way of example, we may collect and store the following types of Personal Data:
1. Information that you provide about yourself when registering for and/or purchasing our Services, which may include name, email address, mailing address, user ID, password, and payment information, except that for children under 13 years of age we do not collect mailing addresses, except for zip codes;
2. Your assessment results, career choices, background information, college choices, educational pathway choices, skills information, interests, job choices, and other data you provide to or receive from our Services.
When you connect to the Services, we are able to recognize the internet (IP) address of the computer providing you with internet access. Our use of this IP address may be to help diagnose problems with our server or otherwise administer our Services. This IP address may also be used to gather broad demographic information. Your IP address is never associated with you as an individual and never provided to another company or organization. When you download the App and install it on your mobile device(s) and/or associated computing device, you acknowledge that the App will access the Global Positioning Systems (“GPS”) functionality within your mobile device, and the App will subsequently share that GPS information with your associated computing device and with our cloud-based software and systems. This geolocation data collection and subsequent sharing of GPS information enables the core functionality of the App, and without receiving geolocation data from your mobile device, the App will not perform correctly.
Children’s Data: When we collect Personal Data from children under thirteen (13) years old, we take steps to protect children’s privacy, including:
- In accordance with applicable law and our practices, requiring that the school administration with whom we have contracted to provide the Services has obtained consent from parents/guardians prior to our collection, use, or disclosure of any Personal Data from children under thirteen (13);
- Limiting our collection of Personal Data from children to no more than is reasonably necessary to participate in an online activity;
- Giving parents/guardians the ability to request access to Personal Data that we have collected from their children and the ability to request that such Personal Data be changed or deleted; and
We strongly advise children never to provide any Personal Data in their usernames.
How We May Use Your Personal Data
For Legitimate Interests. We do not sell or rent your Personal Data to any third parties. We may identify you from your Personal Data and merge or co-mingle Personal Data and Non-Personal Data, for any lawful business purpose. Where you provide registration information, cookies can also be used to identify you when you log onto the Services or portions of the Services. Except as otherwise stated, we may use information we collect from you for the legitimate business purpose of providing our Services to you, including, but not limited to:
• to customize the Services to your preferences and to improve your overall experience (e.g., enabling your purchase; providing information, services, products, and user support that you have requested; managing and improving our website, mobile applications, software, and Services; providing customer support; alerting you about new products and services, event information, and career, interests, or education updates; inviting you to participate in specific research projects, conducting quality control; or conducting other research);
- to communicate with you to authenticate your account usage;
- to obtain verified consent from a child’s parent or guardian;
- to communicate information and promotional materials to you (where you have not expressed a preference otherwise);
- to identify career, interests, or education information and events pertinent as part of the Services;
- to check on your account status and maintain record of activities in connection with your use of the Site;
- to notify you of any changes to relevant agreements or policies;
- to enforce our agreements, terms, conditions, and policies;
- to prevent or investigate fraud (or for risk management purposes), or to comply with legal obligations, court order, or in order to exercise our legal claims or to defend against legal claims;
- to conduct aggregate analysis and develop business intelligence that helps us to enhance, operate, protect, make informed decisions and report on the performances of our Services;
- to describe our Services to current and prospective business partners and to other third parties for other lawful purposes; and
- for other purposes identified to you and as requested by you (please note that you have the right to withdraw your consent to such use at any time by contacting us via the contact information below).
With the Consent of a Data Subject within the EEA; or without consent, if a citizen of any other jurisdiction. If you are a Data Subject within the EEA and we have obtained your consent, we may also use your information in the following ways; and, if you are a citizen of any other jurisdiction, you acknowledge that we may use your information in the following ways:
- to send e-mail and postal mail to provide you with updates and news;
- to process any request, you make;
- to process any commercial transaction, including, but not limited to, fulfilling an order or subscription request; and
- to establish your account to use the Services and validate your username, e-mail, password, and/or other login credentials
- to respond to your requests
- to provide you with merchandise you have requested
- to fulfill your subscription purchase(s)
- to notify you of your contest or sweepstakes results
- to send you e-mail and postal mail supplying you with the most recent service information or to send you information about your order (e.g., order confirmations, shipment notifications, etc.)
- to notify you of any changes to relevant agreements or policies
- to process your Non-Personal Data as outlined as described throughout this Policy
We may use third-party e-mail providers to deliver these communications to you. This is an opt-in e-mail program. If you no longer want to receive these e-mail communications, you may opt-out of receiving email communications. We may, from time to time, invite you to participate in online surveys. The information requested in these surveys may include, but is not limited to, your opinions, beliefs, insights, ideas, activities, experience, purchase history, and purchase intent regarding products, events, and Services. The information collected by these surveys is used to research market trends, company growth, community needs, etc. Your input will help us to improve customer experience and shape development of our products and Services.
How We May Share Your Personal Data
If someone, including a parent or institutional purchaser, has purchased the Services for you and you accept the Service, we share status updates with them to indicate your progress, and make data available to them, including your assessment results, career choices, background information, college choices, educational pathway choices, skills information, interests, job choices, and other data you provide to or receive from our Services.
We do not release your identifiable Personal Data to anyone other than as directed by you and the purchaser of the Services without asking for and receiving explicit consent to do so from you (or a parent/guardian if the Personal Data pertains to a child under thirteen (13) years old), unless necessary to provide you our Services (e.g. credit card processing) or as required by law.
If you choose to complete a transaction on or through features on the Services using a credit or debit card, we may forward your information to third parties for services such as credit card or other payment processing. We utilize Stripe to process such payment transactions. To complete such payments, you will be required to provide Personal Data, together with your payment information (including but not limited to, your credit card number). For such transactions, Invigulus will only receive the transaction record (name, payment amount, date, time, etc.). Invigulus does not collect or store your payment information, including credit card number; rather, Stripe collects and stores the payment information you enter. To learn more about Stripe’s policies, you can visit its website here.
We give you the ability to share your identifiable Personal Data with your collaborators (e.g. parents, counselors, and others), prospective employers, friends, and others through sharing features; however, this is entirely controlled by you and optional within the Services. Only if you explicitly consent, we may share your Personal Data with third parties for the purpose of informing you about educational opportunities, careers, or other non-Invigulus services that may be relevant to you.
Personal Data You Share Through The Services
- We may give you the ability to connect with other individuals to share information. In addition, you may choose to disclose your own information through other means, such as a printable PDF report, including any part of your Personal Data to friends and/or family members, counselors, groups of individuals, third-party service providers, employers, educators, and/or other individuals. We recommend that you make such choices carefully.
- Your posts to community forums are publicly displayed, and you grant us a non-exclusive license to publicly use and display any material you post. We may make such posted material available to other companies, organizations, or individuals with whom we have relationships, and use such material in connection with the provision of our Services, except that we reserve the right to discontinue access to any or all community forums at any time and users under thirteen (13) years old may be denied such access entirely.
- Additionally, if you choose to access, visit, and/or use any third-party social networking service(s) that may be integrated with our Services, we may receive your Personal Data and other information about you and your computer, mobile, or other device that you have made available to those social networking services, including information about your contacts on those services.
- For example, some social networking services allow you to push content from our Service to your contacts or to pull information about your contacts so you can connect with them on or through our Service. Some social networking services also will facilitate your registration for our Service or enhance or personalize your experience on our Service. Your decision to use a social networking service in connection with our Service is voluntary. However, you should make sure you are comfortable with the information your third-party social networking services may make available to our Service by visiting those services’ privacy policies and/or modifying your privacy settings directly with those services.
- Personal Data, once released or shared, can be difficult to contain. We have no responsibility or liability for any consequences that may result because you release or share your Personal Data with a third party beyond our control. It is incumbent upon you to share Personal Data only with people you know and trust.
- If you have a multi-profile account, you should use caution in setting profile-level privacy settings. If you provide us information about others for the purposes of sharing your Personal Data, we will use the information you provide to contact such person on your behalf as part of the Services. You agree that under no circumstances will you provide us information about any individual who is under thirteen (13) years old.
- You must opt-out of some features to avoid notifications. We give you the opportunity to opt out of optional communications, either through our Service or by contacting our team at firstname.lastname@example.org. Likewise, if you are reading this because you have access to the Personal Data of a Invigulus customer through a reviewer account, we urge you to recognize your responsibility to protect the privacy of that customer, and you agree to use that Personal Data only for the purpose it is being shared with you.
Third-Party Service Providers
Service providers help us administer and provide the Services (for example, a web hosting company whose services we use to host our platform). These third-party services providers have access to your Personal Data only for the purpose of performing services on our behalf. We require these service providers to comply with all applicable data privacy laws and regulations and to use Personal Data only for the purposes for which it was disclosed. We require that any third-party service providers limit their use of your information solely to providing services to us and that they maintain the confidentiality, security, and integrity of your Data and not make unauthorized use or disclosure of the Data. Our third party service providers are as follows:
- Amazon Web Services, a subsidiary of Amazon – system hosting
- Google- system hosting and analytics
Children’s Data Privacy Policies
Invigulus is committed to protecting the privacy of children who use our Services. As the parent or guardian of a child under the age of thirteen (13), who has been signed up to use our Services, you have certain rights pursuant to COPPA regarding the collection, use, and/or disclosure of your child’s Personal
• You may review the Personal Data submitted by your child through our Services at any time by contacting our team at email@example.com. You may be required to provide verifiable confirmation of your identity in relation to the child whose data you seek to review.
• By contacting our team at firstname.lastname@example.org, you may direct us to delete your child’s Personal Data that Invigulus has collected through the Services or withdraw your consent to any further collection or use of the Personal Data.
• You always have the option of consenting to the collection and use of your child’s Personal Data through our Services, but not to our sharing of the Personal Data with any third parties. Unless you have alerted us to your preference otherwise regarding your child’s information, we may share or disclose Personal Data collected from children in a limited number of instances, including the following:
• We may share Personal Data with our service providers only as necessary for them to perform a business, professional, or technology support function for us.
• We may disclose Personal Data to the school administrators with whom we have contracted to provide the Services to the students.
• We may disclose Personal Data if required by law, for example, in response to a court order or a subpoena. To the extent permitted by applicable law, we also may disclose personal information collected from children (i) in response to a law enforcement or public agency’s (including schools or children services) request; (ii) if we believe disclosure may prevent the instigation of a crime,
4832-9172-1584 7 facilitate an investigation related to public safety or protect the safety of a child using our sites or applications; (iii) to protect the security or integrity of our sites, applications, and other technology, as well as the technology of our service providers; or (iv) enable us to take precautions against liability. As with all of our users of any age, we will never require a child to disclosure more Personal Data than is reasonably necessary to participate in our Services and we do not retain any Personal Data for any user longer than is required to fulfill the purposes for which the Personal Data was supplied to us. In certain circumstances, school administrators are permitted to act in the stead of parents and guardians for purposes of granting consent to the collection of Personal Data from children when we have contracted with the school to provide our Services. We contractually require that all of our school administration partners obtain verifiable parental consent from the parents and guardians of students under thirteen (13) years old prior to our providing our Services or collecting any Personal Data. As a matter of best practice, we also highly recommend that our school administration partners provide parents and guardians with notices of our policies and online services, as well as any direct notices that we provide to the school to fulfill our COPPA compliance requirements. Within the scope of the consent we have obtained from the school administrators, we will treat the Personal Data of children only in accordance with our instruction received from the school. This in no way limits your rights as a parent or guardian to review, request deletion of, or limit our usage of your child’s Personal Data, as described above.
On occasion, in order to respond to a question or request from a child, Invigulus may need to ask for the child’s online contact information, such as an email address. We will delete this information immediately after responding to the question or request. Whenever we collect a child’s online contact information for ongoing communications, such as to provide a newsletter with occasional updates about our website and/or Services, we will simultaneously require a parent/guardian email address in order to notify the parent/guardian about the collection and use of the child’s information, as well as to provide an opportunity to object to our further contacting the child. For more information about COPPA and general tips about protecting children’s online privacy, please visit the FTC’s website here.
How We Use Web Behavior Information
“Web Behavior Information” is information on how you use our Services (e.g. browser type, domains, page views) collected through log files, cookies, and web beacon technology during your visits to the
Invigulus website. We use Web Behavior Information to improve our Services and your overall experience and to track and monitor aggregate usage of our website and/or to target advertising for our products and services. We may also use your Web Behavior Information the same as other non-Personal Data (described below), so long as it is de-identified.
• Log Files. When you visit our website or use our mobile application, we gather certain information automatically and store it in log files. This information includes your Internet Protocol (IP) addresses, browser type, Internet Service Provider, referring/exit pages, operating system, date/time stamp, and clickstream data (i.e. a list of pages or URLs visited). We may link this information to your profile ID or account. We use this information to analyze trends, administer the site, track movements around the site, identify and resolve issues, and gather demographic information about our user base as a whole.
• Web Beacons. A web beacon is a clear graphic image that is loaded by your web browser when it accesses a website and that records your visit to a particular web page. We, or third parties that work for us, may place cookies and web beacons on our website, in emails, and in advertisements on other websites. The purpose of our web beacons is to support our Services and to promote our products and services through targeted advertisements. If you wish to disable web beacons, you may configure your browser to prevent loading them.
When children use our Services, we may also collect Web Behavior Information automatically. In the event that we collect (or allow others to collect) such information from children on Services for purposes other than those described above, we will notify parents/guardians and obtain verifiable parental consent prior to such collection.
We May Use De-Identified Information
We may use data and information about you that has been “de-identified” (data from which your name or any personally identifying information has been removed, or the data has been combined with other people’s data in such a way that it is no longer associated with you) for any purpose — it is no longer Personal Data.
We take security seriously. We use a range of reasonable physical, technical, and administrative measures to safeguard your Personal Data, in accordance with current technological and industry standards. In particular, all connections to and from our website and mobile application are encrypted using Secure Socket Layer (SSL) technology. Protecting your Personal Data is also your responsibility. You are responsible for safeguarding your password, secret questions and answers, and other authentication information you use to access our Services. You should not disclose your authentication information to any third party, and you should immediately notify us of any unauthorized use of your password. We cannot secure Personal Data that you release or that you request us to release.
Your Rights and Choices Regarding Your Personal Data
You may change, edit, update, or delete the information that you provided when you set up your account through our Service(s) through your account settings. If you no longer wish to receive our Services, you may close your account by sending a written request to email@example.com. When closing an account, we remove all Personal Data from your account (or profile) within thirty (30) days of our receipt of your request. We may continue to use de-identified Personal Data after you close your account for any lawful purpose.
If you reside in certain jurisdictions, such as the EEA, you may have additional rights and options with regard to accessing, reviewing, correcting, and updating your Personal Data, as well as how we use and disclose your Personal Data. As a Data Subject under GDPR, you have the right to request access to your Personal Data as it exists in our records by contacting our team at firstname.lastname@example.org. You also have the right to rectification, correction, or amendment of your Personal Data if it is inaccurate or incomplete. You may also have the right to erasure of your Personal Data; however, this is not always possible due to legal requirements and exceptions may apply.
A Data Subject may have the right to object to the processing of his or her Personal Data, for example, due to his or her particular situation, for direct marketing uses, or for scientific or historical research. In certain circumstances, Data Subjects may have the right to obtain a restriction on our processing of their Personal Data, in which case such Personal Data will, with the exception of storage, only be processed with the Data Subject’s consent or in circumstances such as our exercise or defense of legal claims or the protection of another person. Data Subjects may also have the right to request that we provide data portability for their Personal Data via a copy of the data in a commonly-used format and/or transfer their Personal Data directly to another data controller (where technically feasible). Exceptions to these rights may apply, for example, if the processing is necessary for a task carried out in the public interest. Finally, if a Data Subject has given his or her consent to our processing of his or her Personal Data for certain purposes, he or she has the right to withdraw consent to such use at any time by contacting us via the contact information below.
If you are not satisfied with how we manage your Personal Data, you have the right to make a complaint to a data protection regulator. A list of National Data Protection Authorities can be found here. You can also opt-out of receiving certain messages or notifications by contacting our Privacy Administrator at email@example.com. You can also click the “unsubscribe” button at the bottom of promotional email communications. Please note that you may not opt-out of receiving non-promotional messages regarding your account, such as technical notices, purchase confirmations, or Service-related emails. You can configure your browser to enable, disable or delete cookies. Please note that if you set your browser to disable cookies, you may not be able to access secure areas of the website and other parts of the website may also not work properly. You may also choose to stop or start receiving our newsletter or marketing emails by contacting us at firstname.lastname@example.org.
Geographic Data Transfers
We take steps to ensure that transfers of Personal Data are performed in accordance with applicable law and carefully managed to protect your privacy rights and interests. If you are a Data Subject, in some instances we may need to transfer your Personal Data outside the EEA. Transfers are limited to countries that are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangement are in place to protect your privacy rights. Therefore, where we transfer your Personal Data outside our corporate affiliates or to third parties who help provide our products and services, we obtain contractual commitments to protect your Personal Data under Data Protection Agreements and pursuant to standard contractual clauses. Some of these assurances are well recognized certification schemes, such as the EU—US Privacy Shield for the protection of Personal Data transferred from within the European Union to the United States. Where we receive requests for information from law enforcement or regulators, we carefully validate these requests before disclosing any Personal Data. Information Disclosure Required By Law 4832-9172-1584 10 Under certain circumstances Personal Data may be subject to disclosure pursuant to judicial or other government subpoenas, warrants, or orders, or in coordination with regulatory authorities. You acknowledge and agree that Invigulus is free to preserve and disclose any and all Personal Data to law enforcement agencies or others if required to do so by law or in the good faith belief that such preservation or disclosure is reasonably necessary.
Your California Privacy Rights
California Civil Code Section 1798.83 permits California residents to request and obtain a list of what Personal Data (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. Requests may be made only once a year and are free of charge. Under Section 1798.83, California residents are entitled to request and obtain such information, by e-mailing a request to email@example.com.
How to Contact Us