Last Updated: August 11, 2023
We at EVERFI, Inc. (“EVERFI,” “we,” “us,” “our”) care about you (“you”, “user”, “learner”, and/or "business professional" as appropriate) and how your personal information is used and shared. We take your privacy seriously and are committed to creating a safe and secure environment for learners of all ages. This Policy is designed to help you understand what information we collect, why we collect it, and what we do with it. Thank you for taking the time to carefully read it.
- ABOUT EVERFI
EVERFI is a leading critical skills education company. We empower learners of all ages with the skills necessary to be successful in life and work. This Policy applies to all EVERFI products, services, and websites (collectively the “Service”). This Policy describes how EVERFI collects, uses and discloses the information it collects via the Service. With respect to our Higher Education and Adult products only, our Service may be accessible via a third party website, including that of an Authorized Entity (defined below). This Policy does not apply to how a third party or an Authorized Entity collects, uses, or discloses any information related to Service users.
By using the Service, you acknowledge that EVERFI will handle your personal information as described in this Policy. Your use of our Service, and any dispute over privacy, is subject to this Policy and our Terms of Service located at https://www.everfi.com/, which may from time to time be amended.
- PERSONAL INFORMATION WE COLLECT
EVERFI’s digital learning platform offers educational courses on different critical skills in the K-12, Higher Education, and Adult markets. We may collect information about you directly from you and automatically through your usage.
Information We Collect:
Where you register with us, or communicate to us, depending on the Service, we may collect the following information:
- Contact information and common identifiers: Such as name, address, and email address;
- Login details:Including username and password;
- Employment details(depending on the offering): Including information about a user’s employment, company details and details of whether an individual is an educator. This may reveal general salary bandings based on industry knowledge;
- Education history;
- Demographic information: For example where an offering asks an individual to specify a banding of credit score rating for financial health courses, or asks an individual to specify income level or zip code;
- Preferences: Based on user-specific implementations and information about user activities within the Service, including information about the content modules a user views, starts or finishes (including data and time stamps), assessments or scores, and related information, and other information about a user’s activities and use of the Service in order to ensure our digital learning is appropriately teaching the desired critical skill.
With respect to our K-12 market, we may collect the following data:
- Date of birth (to support COPPA compliance), which is only stored as an over/under 13 flag within EVERFI’s system
- First name and first initial of last name (for under 13)
- First name and last name (for over 13)
- Email address (only for over 13)
Where additional data is collected for a specific course, we will provide further details in our contractual terms.
EVERFI educational assessments and surveys may ask questions based on race, ethnicity, and/or sexual preference. This information is considered a “sensitive” or “special category” data under applicable privacy laws; therefore we will only collect it where you choose to provide this information and consent to us receiving it – the questions are always optional.
When we receive the surveys, we take steps to fully de-identify it and will only share responses on a fully de-identified and aggregated basis. In our K-12 and Higher Education markets, EVERFI extracts any personal information from survey data before analyzing such data in an aggregated research setting.
EVERFI does not collect geolocation data, biometric data, or health data.
Information We Collect Automatically
Information Business Professionals May Provide:
If you want to request a demo of any Service and/or have a conversation with one of our product experts to learn how EVERFI can power your education initiatives, you can provide us with:
- Contact Information: first name, last name, email address, phone number;
- Job Details: job title and a note of which industry you are in;
- Communications preferences.
Information Obtained from Third Parties/Public Sources:
We use third party service providers to enhance and enrich our marketing database of business professionals who have requested further information on our products. They may use information that is made public by you for example via LinkedIn. We do not obtain or use any identifiable information about children for marketing purposes.
- HOW WE USE PERSONAL INFORMATION
EVERFI generally uses the information we collect as follows:
- To provide the Service directly to learners (where applicable).
- To create log-in details for learners (where we are contracting with a sponsoring organization such as a financial institution or higher education institution i.e. a university), to communicate with you about your use of the Service (including via email); to respond to your inquiries; to send you surveys; to fulfill your requests; and for other customer service or internal purposes.
- To troubleshoot any technical issues you might experience while using our Service.
- Where you are a business professional (e.g. sponsoring organization such as a financial institution or higher education institution i.e. a university), to send you communications about digital courses, services and other information we think may interest you where you have requested a demo and with additional information where we have appropriate permissions. We may also enrich our marketing database using publicly available information to tailor our communications and ensure these are relevant to your industry and of interest to you.
- To better understand how users access and use our Service, in order to improve our Service, to respond to user desires and preferences, and for other research and analytical purposes.
- To develop aggregated reports and related analysis regarding user activities.
- To tailor the educational content and information that we may send or display to you, to offer personalized help and instructions, and to otherwise personalize your learning experience while using our Service.
- To comply with applicable legal obligations, including responding to a subpoena or court order.
- SHARING OF PERSONAL INFORMATION WITH THIRD PARTIES
Except as described below in the section on “Teacher Personal Information,” EVERFI does not sell your personal information, or share your personal information for the purposes of targeted advertising.
We share the information we collect with the following third parties for the following business purposes:
Authorized Entities. If you access the Service through, or are granted access to the Service by, a school, school district, college, university, person, institution, employer, or other organization (an “Authorized Entity”), we will share the information we collect about you with the Authorized Entity or its representatives. Such information may include: course progress/completion; assessment scores; email address; user ID/identifying tag or username (if applicable); additional aggregated data the Authorized Entity requests.
Social Media Sharing. If a user chooses to share information such as assessment scores through social media outlets, such as Facebook and Twitter, third parties may receive information about a user’s performance on the Service, such as information about digital learning badges and prizes received in connection with the Service.
Third-Party Sponsors. In the K-12 market and, in certain instances, the Higher Education market, EVERFI works with third-party sponsors to bring the Service to some users free-of-charge. In such situations, EVERFI will only share anonymized and/or aggregated user information with those third-party sponsors. This may include aggregated and/or anonymous demographic and geographic profiles to demonstrate the learning progress of these categories of Service users. Student information is only shared with third-party sponsors upon parental consent.
Legal Disclosures. We may disclose a Service user’s information (including personal information) where we believe that we are required to do so in order to comply with an applicable statute, regulation, rule or law, a subpoena, a warrant or administrative request, a court or regulatory order, or other valid legal processes. We may also disclose personal information where we believe it is necessary to identify, contact or bring legal action against someone who may be violating the Terms of Service for our Service, to detect fraud, for assistance with a delinquent account, as evidence in litigation in which we are involved, or to protect the safety and/or security of our users, the Service or the general public.
Service Providers. We may employ independent contractors, vendors and suppliers to provide specific services related to the Service, such as hosting and maintaining the Service, providing credit card processing and fraud screening, and developing applications for the Service, email services and marketing enrichment services.
International Transfers. EVERFI is a U.S. company and the information we collect will be transferred to, stored and processed in the U.S., as well as other international locations where we have affiliates and service providers. The U.S. and other jurisdictions to where we transfer your information may not offer an equivalent level of data protection as in your home country. As a result, where the personal information that we collect through or in connection with the Service is processed in the United States or collected directly by EverFi. Inc in the U.S., we will take steps to ensure that the information receives the same level of protection as if it remained within your home country, such as using Standard Contractual Clauses and/or the United Kingdom’s International Data Transfer Agreement, where applicable. If you are a Data Subject in the European Union or the United Kingdom, you have a right to receive details of those steps where your data is transferred outside the European Union or United Kingdom, (e.g. to request a copy where the safeguard is documented, for example the Standard Contractual Clauses approved by the European Commission - and we will implement additional measures if required to ensure that there is adequate protection of your data).
Aggregate and De-Identified Information. We may also provide aggregate, anonymous and/or de-identified information about users and the Service for marketing and research purposes. For example, we might inform third parties regarding the number of unique users who visit the Service, the demographic breakdown of our registered users of the Service, and the educational progress of categories of users.
Teacher Personal Information. In our K-12 market, we share the email address of teachers using the Service with third parties, such as advertising networks, analytics and social media networks, for the purpose of sending targeted advertising to those teachers.
Information about opting out of the sale or sharing of your personal information can be found below and at https://www.blackbaud.com/company/Data-Subject-Rights-Request.
Global Privacy Control. Our website detects and honors the Global Privacy Control signal in accordance with applicable privacy laws. The Global Privacy Control is a signal that can be enabled in certain browsers or browser extensions.
Local Shared Objects. We may use local shared objects (“LSOs”), such as Flash LSOs to store your preferences and to personalize your visit. LSOs are different from browser cookies because of the amount and type of data stored. Typically, you cannot control, delete, or disable LSOs through your web browser. For more information or to learn how to manage your Flash LSO settings, go to the Adobe Flash Player Help Page, choose “Global Storage Settings Panel” and follow the instructions.
Clear GIFs, pixel tags and other technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages and cannot be disabled through your browser. We may use clear GIFs (a.k.a. web beacons, web bugs or pixel tags), in connection with our Service to, among other things, track the activities of users, help us manage content, and compile statistics about usage. We, and our service providers may also use clear GIFs in HTML emails to our customers to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
- HOW WE LINK AND INTERACT WITH OTHER WEBSITES
Our Service may contain links to other websites not owned or operated by EVERFI, and may provide Service users with access to other websites and services. This may include providing users with the ability to share and automatically post updates (including updates about badges and prizes received in connection with the Service) through social media outlets, such as Facebook and Twitter. Please be aware that we are not responsible for the privacy practices of such third-party websites or services and any access to and use of such linked websites is not governed by this Policy. We encourage you to read the privacy policies or statements of each and every website you visit.
- HOW WE PROTECT PERSONAL INFORMATION
EVERFI implements reasonable and appropriate physical, administrative and technical safeguards to help us protect your personal information from unauthorized access, use and disclosure, and to maintain accuracy and ensure the appropriate use of your information. EVERFI conducts vulnerability and penetration security testing. Where appropriate, these safeguards include encryption – EVERFI uses TLS encryption for data transfers. However, no data transmissions over the Internet can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of any information you transmit to us and you do so at your own risk. We believe that we have put in place appropriate physical, electronic, and managerial procedures to help safeguard and help prevent unauthorized access, maintain data security, and correctly use the information we collect online. EVERFI uses role-based access for staff, limited to users who require such access to perform their job responsibilities.
You should think carefully before posting any information in any Public Area. What you post can be seen, disclosed to or collected by others and may be used by others in ways we cannot control or predict. As with any public forum on any website, the information you post may also show up in third-party search engines like Google.
De-Identified Data. EVERFI will maintain and use de-identified data only in a de-identified form and not attempt to re-identify de-identified data.
- INFORMATION FOR INDIVIDUALS IN THE UNITED KINGDOM AND EUROPEAN UNION
In some instances EVERFI, Inc., which is headquartered in the United States at 2300 N Street NW, Suite 410C, Washington DC 20037 acts as a controller, in particular:
- when we are carrying out marketing activities to business professionals and conducting profiling activities to ensure our marketing is relevant; and
- where we issue course surveys and/or assessments and otherwise undertake data analytics to ensure we can improve our Services.
Where we act as a controller, data protection laws require us to have a legal basis to do so. The following legal basis pertains to our collection and processing of data in the capacity of a controller:
- Our use of your personal information is in our legitimate interestas a commercial organization to perform our contractual requirements with our clients to make improvements to our products and services and enhance the customer and educational experience. This applies to our processing activities described in sections 3B, 3C, 3D (save where we need consent by local law), 3E, 3F and 3G.
- Our use of your personal information is necessary to comply with a relevant legal or regulatory obligationthat we have in particular where we are required to disclose personal information to a court, tax authority or regulatory body in the event of an investigation. This applies to our processing activities described in sections 3H and 3I.
- Our use of your personal information is in accordance with your consent. This applies to our processing activities described in section 3A and 3D (where required by local law). You have the right to withdraw consent at any time.
- In certain circumstances, we may also process demographic information revealing data about diversity pursuant to paragraph 8 of part 2 of Schedule 1 of the Data Protection Act 2018 in the UK to ensure equality of opportunity or treatment and for statistical purposes in the wider public interest - this will always be proportionate to the aim pursued.
If you would like to find out more about the legal basis for processing personal information, please contact us [email protected] or fill out this form, or call our toll-free number at +1 844-532-0022. Our Data Protection Officer can be contacted at [email protected].
Your Legal Rights. Subject to certain exemptions, and dependent upon the processing activity we are undertaking, you have certain rights in relation to the personal data we process for you in the capacity of a controller as follows:
Right to access, correct, and delete your personal information: You have the right to request access to the personal information that we hold about you and: (a) the source of your personal information; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred. You also have the right to request that we correct any inaccuracies or delete your information. We are not required to comply with your request to erase personal information if the processing of your personal information is necessary for compliance with a legal obligation or for the establishment, exercise, or defense of legal claims.
Right to restrict the processing of your personal information: You have the right to restrict the use of your personal information when (i) you contest the accuracy of the data; (ii) the use is unlawful but you do not want us to erase the data; (iii) we no longer need the personal information for the relevant purposes, but we require it for the establishment, exercise, or defense of legal claims; or (iv) you have objected to our personal information use justified on our legitimate interests verification as to whether we have a compelling interest to continue to use your data. We can continue to use your personal information following a request for restriction, where: (a) we have your consent; or (b) to establish, exercise or defend legal claims; or (c) to protect the rights of another natural or legal person.
Right to data portability: To the extent that we process your information: (i) based on your consent or under a contract; and (ii) through automated means, you have the right to receive such personal information in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller.
Right to object to the processing of your personal information: You can object to any processing of your personal information which has our legitimate interests as its legal basis if you believe your fundamental rights and freedoms outweigh our legitimate interests. If you raise an objection we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
How to Exercise Your Rights: If you would like to exercise any of the rights described above, please send us a request at [email protected] or fill out this form. In your message, please indicate the right you would like to exercise and the information to which it relates. We may ask you for additional information to confirm your identity and for security purposes before disclosing the personal information requested to you. We reserve the right to charge a fee where permitted by law, for instance, if your request is manifestly unfounded or excessive. We may not always be able to fully address your request, for example, if it would affect the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
Right to lodge a complaint with your local supervisory authority: You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal information. We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
Retention. We will keep your information accurate, complete and up to date. We will retain your data for the period necessary to fulfill the different purposes outlined in section 3, typically for students this will be a period of four years and for corporate organizations will be as long as we are contracted to maintain data. Where we are required to do so to meet legal and regulatory requirements, we will retain your data for longer periods of time, but only where permitted to do so, including so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a possibility of legal action relating to your data or dealings. With respect to our K-12 markets, students’ personally identifiable information is retained only for educational purposes.
- US CONSUMER PRIVACY RIGHTS
Five states afford consumers in those states additional privacy protections. These states are:
- The California Consumer Privacy Act (the “CCPA”);
- The Colorado Privacy Act (the “CPA”);
- The Connecticut Act Concerning Personal Data Privacy and Online Monitoring (the “CTDPA”);
- The Utah Consumer Privacy Act (the “UCPA”); and
- The Virginia Consumer Data Protection Act (the “VCDPA”).
The additional privacy protections provided by those laws include: the right to know what information businesses collect disclose; the right to access a copy of your data; the right to request deletion or correction of your data; and the right to opt out of the sale of your data or the sharing of your data for purposes of targeted behavioral advertising. Businesses can’t discriminate against you for exercising any of these rights.
Except as set forth in the “Teacher Personal Information” section, We do not sell your personal information or share your personal information for purposes of targeted advertising.
Exercising Your Privacy Rights. To request access to or deletion of your personal information, or to exercise any other data rights under the laws set forth above, please see our Data Subject Rights Requests page at https://www.blackbaud.com/company/Data-Subject-Rights-Request or call our toll-free number at +1 844-532-0022. We will verify your identity where required prior to fulfilling your request, which may require government identification. Authorized agents may be used to submit rights requests, in which cases we will take steps to verify the consumer’s identity and that the agent has authority to act on the consumer’s behalf.
Response Timing and Format. We will respond to a consumer privacy request within the time period required under any applicable privacy laws. If we require more time, in accordance with applicable privacy laws, we will inform you of the reason and extension period in writing.
- HOW TO CONTACT US
Request to Remove or Update Data
If you mistakenly post personal information in a Public Area or if parents want to request the deletion of their student’s data, you can send us an email to request that we remove it by contacting us at [email protected]. If you would like to amend your profile information, you may log in to your account and do so or email us at [email protected]. You should understand that in some cases, we may retain copies of such information in our systems or databases where required or permitted by law.
Request to Opt-Out of Emails
Where we have permission, we may send periodic marketing emails to you. You may opt-out of such communications by following the opt-out instructions contained in the email or by contacting us at [email protected]. Please note that it may take up to 10 business days for us to process opt-out requests. If you opt-out of receiving emails about recommendations or other content we think may interest you, we will still send you service emails about your EVERFI account or any services you have requested or received from us.