Last Updated: August 13, 2018

We at EVERFI, Inc. (“EVERFI,” “we,” “us,” “our”) care about you (“you”, “user”, “learner”) and how your personal information is used and shared. We take your privacy seriously and are committed to creating a safe and secure environment for learners of all ages. This Policy is designed to help you understand what information we collect, why we collect it, and what we do with it.  Thank you for taking the time to carefully read it.

  1. ABOUT EVERFI
EVERFI is a leading critical skills education company. We empower learners of all ages with the skills necessary to be successful in life and work.  This Policy applies to all EVERFI products, services, and website (collectively the “Service”).  This Policy describes how EVERFI collects, uses and discloses the information it collects via the Service. In some instances, our Service may be accessible via a third party website, including that of an Authorized Entity (defined below). This Policy does not apply to how a third party or an Authorized Entity collects, uses, or discloses any information related to Service users. By using the Service, you acknowledge that EVERFI will handle your personal information as described in this Policy. Your use of our Service, and any dispute over privacy, is subject to this Policy and our Terms of Service, located at https://platform.everfi.net/registration/login, which may from time to time be amended.

EVERFI Websites

This Privacy Policy applies to all websites owned and operated by EVERFI, Inc.

  1. PERSONAL INFORMATION WE COLLECT
EVERFI’s digital learning platform offers educational courses on different critical skills in the K-12, Higher Education, and Adult markets. We may collect information about you directly from you and automatically through your usage. Information We Collect Directly: Where you register with us, or communicate to us, depending on the Service, we may collect the following information:
  • Contact information and common identifiers: Such as name, address, and email address;
  • Login details: Including username and password;
  • Employment details (depending on the offering): Including information about a user's employment, company details and details of whether individual is an educator. This may reveal general salary bandings based on industry knowledge;
  • Education history;
  • Demographic information: For example where an offering asks an individual to specify a banding of credit score rating for financial health courses;
  • Preferences: Based on user specific implementations and information about user activities within the Service, including information about the content modules a user views, starts or finishes (including data and time stamps), assessments or scores, and related information, and other information about a user’s activities and use of the Service in order to ensure our digital learning is appropriately teaching the desired critical skill.
Where additional data is collected for a specific course, we will provide further details in our contractual terms. EVERFI also collects data from our educational assessments and surveys, including demographic information (for example to analyze whether statistics can be drawn based on geographical location of users) to help us evaluate the effectiveness of our digital courses. In our K-12 and Higher Education markets, EVERFI extracts information from survey data before analyzing such data in an aggregated research setting. In our K-12 market, protecting the privacy of our younger learners is extremely important to us. To review our COPPA Privacy Policy, which applies to the personal information we knowingly collect from children under 13, please go here.  We do not knowingly collect data from EU individuals under the age of 16, and if we discover that this has been collected, we will take appropriate steps to delete it or where required, obtain parental or guardian consent. Information We Collect Automatically We collect information automatically about users via a variety of methods, such as cookies, web beacons, JavaScript, and log files. This information may include user IP addresses, browser types, domain names, device type, time stamp, referring URL and other log file information; user activities within the Service; aggregate and statistical information regarding overall server/visitor traffic and navigation patterns for the Service. Web servers collect this type of basic information automatically as part of Web log processes. For more information, see the “How We Use Cookies and Analytics” section below.
  1. HOW WE USE PERSONAL INFORMATION
EVERFI generally uses the information we collect as follows:
  1. To provide the Service; communicate with you about your use of the Service (including via email); to respond to your inquiries; to send you surveys; to fulfill your requests; and for other customer service or internal purposes.
  2. To troubleshoot any technical issues you might experience while using our Service.
  3. To send you communications about additional digital courses, services and other information we think may interest you where we have appropriate permissions.
  4. To better understand how users access and use our Service, in order to improve our Service, to respond to user desires and preferences, and for other research and analytical purposes.
  5. To develop aggregated reports and related analysis regarding user activities.
  6. To tailor the educational content and information that we may send or display to you, to offer personalized help and instructions, and to otherwise personalize your learning experience while using our Service.
  7. To comply with applicable legal obligations, including responding to a subpoena or court order.
  8. Where we believe it is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of our Terms of Use or this Policy.
 
  1. SHARING OF PERSONAL INFORMATION WITH THIRD PARTIES
We share the information we collect as follows: Authorized Entities. If you access the Service through, or are granted access to the Service by a school, school district, college, university, person, institution, employer, or other organization (an “Authorized Entity”), we will share the information we collect about you with the Authorized Entity or its representatives. Such information may include, but will not be limited to: course progress/completion; assessment scores; email address; user ID/identifying tag or username (if applicable); additional aggregated data the Authorized Entity requests. Social Media Sharing. If a user chooses to share information such as assessment scores through social media outlets, such as Facebook and Twitter, third parties may receive information about a user’s performance on the Service, such as information about digital learning badges and prizes received in connection with the Service. Third-Party Sponsors. In the K-12 market, EVERFI works with third-party sponsors to bring the Service to some users free-of-charge. In such situations, EVERFI will only share anonymized and aggregated user information. This anonymized and aggregated information may include demographic and geographic profiles to assess the learning progress of categories of Service users. Legal Disclosures. We may disclose a Service user’s information (including personal information) where we believe that we are required to do so in order to comply with an applicable statute, regulation, rule or law, a subpoena, a warrant or administrative request, a court or regulatory order, or other valid legal process. We may also disclose personal information where we believe it is necessary to identify, contact or bring legal action against someone who may be violating the Terms of Service for our Service, to detect fraud, for assistance with a delinquent account, as evidence in litigation in which we are involved, or to protect the safety and/or security of our users, the Service or the general public. Service Providers. We may employ independent contractors, vendors and suppliers to provide specific services related to the Service, such as hosting and maintaining the Service, providing credit card processing and fraud screening, and developing applications for the Service and email services. Business Transfers. We reserve the right to transfer information (including personal information) to a third party in the event of a sale, merger or other transfer of all or substantially all of the assets of EVERFI or any of its Affiliates (including as part of a bankruptcy proceeding). We may disclose personal information about Service users to our affiliated companies. Our affiliates’ use of your personal information will be in accordance with the terms of this Privacy Policy. International Transfers. EVERFI is a U.S. company and the information we collect will be transferred to, stored and processed in the U.S., as well as other international locations where we have affiliates and service providers. The U.S. and other jurisdictions to where we transfer your information may not offer an equivalent level of data protection as in your home country. As a result, where the personal information that we collect through or in connection with the Service is processed in the United States, we will take steps to ensure that the information receives the same level of protection as if it remained within your home country. If you are a European Data Subject, you have a right to receive details of those steps where your data is transferred outside the European Union, (e.g. to request a copy where the safeguard is documented, for example your consent or the Model Clauses). Aggregate and De-Identified Information. We may also provide aggregate, anonymous or de-identified information about users and the Service for marketing and research purposes. For example, we might inform third parties regarding the number of unique users who visit the Service, the demographic breakdown of our registered users of the Service, and the educational progress of categories of users.
  1. HOW WE USE COOKIES AND ANALYTICS
We  use cookies and other tracking mechanisms to track information about your use of our Service. Cookies. We  use cookies to track visitor activity on our platform. A cookie is a text file that a website transfers to your computer’s hard drive for record-keeping purposes. We, and our service providers, use cookies to track user activities on our Service, such as the pages visited and time spent on our Service. Most browsers allow users to refuse cookies. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. However, many of our Service will not function properly with cookies disabled. Do-Not-Track Signals. Our platform does not recognize “do-not-track” requests; however, we do not track your activities after you leave our platform. Local Shared Objects. We may use local shared objects (“LSOs”), such as Flash LSOs to store your preferences and to personalize your visit. LSOs are different from browser cookies because of the amount and type of data stored. Typically, you cannot control, delete, or disable LSOs through your web browser. For more information or to learn how to manage your Flash LSO settings, go to the Adobe Flash Player Help Page, choose “Global Storage Settings Panel” and follow the instructions. Clear GIFs, pixel tags and other technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages and cannot be disabled through your browser. We may use clear GIFs (a.k.a. web beacons, web bugs or pixel tags), in connection with our Service to, among other things, track the activities of users, help us manage content, and compile statistics about usage. We, and our service providers, may also use clear GIFs in HTML emails to our customers to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded. Third-Party Analytics. We use Google Analytics  to evaluate usage of our Service. We use this tool to help us improve our services, performance, and user experiences. This entity may use cookies and other tracking technologies to perform their services. To learn more about Google’s privacy practices, please review the Google privacy policy at https://www.google.com/policies/privacy/. You can also download the Google Analytics Opt-out Browser Add-on to prevent their data from being used by Google Analytics at https://tools.google.com/dlpage/gaoptout.
  1. HOW WE LINK AND INTERACT WITH OTHER WEBSITES
Our Service may contain links to other websites not owned or operated by EVERFI, and may provide Service users with access to other websites and services. This may include providing users with the ability to share and automatically post updates (including updates about badges and prizes received in connection with the Service) through social media outlets, such as Facebook and Twitter. Please be aware that we are not responsible for the privacy practices of such third-party websites or services and any access to and use of such linked websites is not governed by this Policy. We encourage you to read the privacy policies or statements of each and every website you visit.
  1. HOW WE PROTECT PERSONAL INFORMATION
EVERFI implements reasonable and appropriate physical, administrative and technical safeguards to help us protect your personal information from unauthorized access, use and disclosure, and to maintain accuracy and ensure appropriate use of your information. Where appropriate, these safeguards include encryption. However, no data transmissions over the Internet can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of any information you transmit to us and you do so at your own risk. We believe that we have put in place appropriate physical, electronic, and managerial procedures to help safeguard and help prevent unauthorized access, maintain data security, and correctly use the information we collect online. Public Area and User Generated Content. The Service may feature various community areas, open text areas, and other public forums (the “Public Areas“) where users can share information or post questions for others to answer. These Public Areas are open to the public and should not be considered private. We cannot prevent such information from being used in a manner that may violate this Privacy Policy, the law, or your personal privacy. We are not responsible for the results of such postings or for the accuracy of any information contained in those postings. You should think carefully before posting any information in any Public Area. What you post can be seen, disclosed to or collected by others and may be used by others in ways we cannot control or predict. As with any public forum on any website, the information you post may also show up in third-party search engines like Google.
  1. INFORMATION FOR EU INDIVIDUALS
The data controller of the information collected through the Service is EVERFI, Inc., which is headquartered in the United States at 3299 K Street NW, Suite 400, Washington DC 20007.  To exercise any rights that you may have with regard to your personal information, you may contact us privacy@everfi.com. The legal basis for using your personal information.  We collect your information as a data controller when we have a legal basis to do so. The following legal basis pertains to our collection of data:
  • Our use of your personal information is in our legitimate interest as a commercial organization to perform our contractual requirements with our clients to make improvements to our products and services and enhance the customer and educational experience. This applies to our processing activities described in sections 3A, 3B, 3C (save where we need consent by local law), 3D, 3E and 3F.
  • Our use of your personal information is necessary to comply with a relevant legal or regulatory obligation that we have in particular where we are required to disclose personal information to a court, tax authority or regulatory body in the event of an investigation. This applies to our processing activities described in sections 3G and 3H.
  • Our use of your personal information is in accordance with your consent. This applies to our processing activities described in section 3C (where required by local law).
If you would like to find out more about the legal basis for processing personal information, please contact us privacy@everfi.com. Your Legal Rights. Subject to certain exemptions, and dependent upon the processing activity we are undertaking, European Union individuals have certain rights in relation to personal information: Right to access, correct, and delete your personal information: You have the right to request access to the personal information that we hold about you and: (a) the source of your personal information; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred. You also have the right to request that we correct any inaccuracies or delete your information. We are not required to comply with your request to erase personal information if the processing of your personal information is necessary for compliance with a legal obligation or for the establishment, exercise, or defence of legal claims. Right to restrict the processing of your personal information: You have the right to restrict the use of your personal information when (i) you contest the accuracy of the data; (ii) the use is unlawful but you do not want us to erase the data; (iii) we no longer need the personal information for the relevant purposes, but we require it for the establishment, exercise, or defense of legal claims; or (iv) you have objected to our personal information use justified on our legitimate interests verification as to whether we have a compelling interest to continue to use your data. We can continue to use your personal information following a request for restriction, where: (a) we have your consent; or (b) to establish, exercise or defend legal claims; or (c) to protect the rights of another natural or legal person. Right to data portability: To the extent that we process your information: (i) based on your consent or under a contract; and (ii) through automated means, you have the right to receive such personal information in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller.
Right to object to the processing of your personal information: You can object to any processing of your personal information which has our legitimate interests as its legal basis if you believe your fundamental rights and freedoms outweigh our legitimate interests. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
Right to lodge a complaint with your local supervisory authority: You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal information. We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time. How to Exercise Your Rights: If you would like to exercise any of the rights described above, please send us a request privacy@everfi.com. In your message, please indicate the right you would like to exercise and the information to which it relates.  We may ask you for additional information to confirm your identity and for security purposes before disclosing the personal information requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive. We may not always be able to fully address your request, for example if it would affect the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way. Retention. We will keep your information accurate, complete and up to date. We will retain your data for the period necessary to fulfil the different purposes outlined in section 3, typically for students this will be a period of four years and for corporate organizations will be as long as we are contracted to maintain data. Where we are required to do so to meet legal and regulatory requirements, we will retain your data for longer periods of time, but only where permitted to do so, including so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a possibility of legal action relating to your data or dealings.
  1. CHANGES TO OUR PRIVACY POLICY
EVERFI may amend this Privacy Policy from time to time. We will provide notice of any material changes made to our Privacy Policy by prominently posting the revised Policy with an updated date of revision on our homepage. We encourage you to check this page periodically for any changes. If we make any material changes that affect information we have previously collected about you, we will provide you with notice (or in the case of a child, to your parent or legal guardian), via email or within the Service.
  1. HOW TO CONTACT US
If you have any questions about this Privacy Policy or our security measures at EVERFI, please contact us at privacy@everfi.com.  Our mailing address is 3299 K Street NW, Suite 400, Washington, DC 20007 and we can be reached by phone at 202-625-0011. Request to Remove or Update Data If you mistakenly post personal information in a Public Area or if parents want to request the deletion of their student’s data, you can send us an email to request that we remove it by contacting us at privacy@everfi.com. If you would like to amend your profile information, you may log in to your account and do so or email us at privacy@everfi.com. You should understand that in some cases, we may retain copies of such information in our systems or databases where required or permitted by law. Request to Opt-Out of Emails Where we have permission, we may send periodic marketing emails to you. You may opt-out of such communications by following the opt-out instructions contained in the email or by contacting us at privacy@everfi.com.  Please note that it may take up to 10 business days for us to process opt-out requests. If you opt-out of receiving emails about recommendations or other content we think may interest you, we will still send you service emails about your EVERFI account or any services you have requested or received from us. California Privacy Rights California residents have the right to request and obtain from us once a year, free of charge, information about the personal information (if any) we disclose to third parties for their own direct marketing purposes in the preceding calendar year. If applicable, this information would include a list of the categories of personal information that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to privacy@everfi.com.