EVERFI Privacy Shield Notice
EVERFI Inc. (“EVERFI,” “we,” “us,” “our”) complies with the U.S.-E.U. Privacy Shield Framework and the U.S.-Swiss Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information obtained from European Union member countries and Switzerland and transferred to the United States. EVERFI has certified that its processing of personal information from E.U. member countries and Switzerland is in accordance with the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability (the “Principles”). You may view our certification at https://www.privacyshield.gov/. We are subject to the investigatory and enforcement authority of the Federal Trade Commission.
- to provide and improve our services;
- for customer service purposes;
- to send communications about additional digital courses, services and other information where we have appropriate permissions;
- for research and analytics purposes.
We also act as a data processor for our customers and Authorized Entities. Where we act as a data processor, we process E.U. and Swiss personal information per our customers’ instructions.
Accessing Personal Information. The Privacy Shield Principles provide individuals located in the E.U. and Switzerland whose personal information we process with the right to access their personal information in order to review, correct, amend or delete information processed under the Principles. E.U. and Swiss individuals who would like to access their personal information or to otherwise exercise their GDPR rights where we act as a data controller may contact us at firstname.lastname@example.org.
If we process your personal information as a data processor, please contact the customer or Authorized Entity (as defined in our Privacy Privacy) that provided you with access to the EVERFI Services.
In accordance with our legal obligations, we may also transfer, subject to a lawful request, personal information to public authorities for law enforcement or national security purposes.
Contacting Us, Complaints and Dispute Resolution. EU and Swiss individuals who have questions or complaints about how we process their personal information may contact us at email@example.com. We will work to resolve your issue as quickly as possible, but in any event no later than 45 days of receipt.
If you are unable to resolve the issue directly with us directly, you may file, free of charge, a complaint with our independent dispute resolution provider, the International Centre for Dispute Resolution – American Arbitration Association (ICDR-AAA) located in the United States. For more information about ICDR/AAA’s dispute resolution process or to file a complaint, please visit http://go.adr.org/privacyshield.html.
E.U. and Swiss individuals may also submit complaints through their local Data Protection Authority (DPA). We will work with the Department of Commerce to resolve any complaints forwarded by a DPA. Finally, if we are unable to resolve any complaints through any of the above methods, an E.U. or Swiss individual also may invoke binding arbitration in accordance with the Privacy Shield Frameworks. For more information about the binding arbitration process, please visit https://go.adr.org/privacyshieldannex.html for EU individuals or https://go.adr.org/Swiss-AnnexI.html for Swiss individuals.