- TABLE OF CONTENTS – LINKS:
- Definitions and General Information
- Your Agreement to This Policy PERSONAL INFORMATION
- Personal Information We Collect
- Why We Collect Personal Information
- How We Collect Personal Information
- Use and Access of Your Personal Information By Others MISCELLANEOUS PRIVACY INFORMATION
- Links to Other Websites
- Do Not Track
- Promotional Communications
- Accuracy of Your Personal Information and How to Update It
- Compliance With Laws
- Children’s Privacy
- U.S.-Based Information Storage and International Transfer
- Changes to This Policy SECURITY
- General Security Provisions; Disclaimer of Liability
- Protection of Your Sensitive Credit Card Data
- Protection of Your Connection and Communications With Our Site
ELEARNINGLAUNCHPAD.COM PRIVACY AND SECURITY POLICY
Last Revised: January 25, 2020
Definitions and General Information
DAR Solutions LLC (“Company’” or “us” or “our” or “we”), of which “eLearning Launchpad” is an assumed name (registered in Illinois), operates this website, eLearningLaunchpad.com, including all web pages within the elearninglaunchpad.com domain and any sub-domains thereof that we have now or in the future. The eLearningLaunchpad.com website, the information, services, content, and features contained on or accessed through the website, including all sub-domains, all pages, and all links contained therein will be collectively referred to as the “Site” in this Privacy and Security Policy. This Privacy and Security Policy is referred to as the “Policy”.
The Site is provided by the Company, to describe, offer for sale, and support the placement and fulfillment of orders for training courses in a variety of types and formats, and such courses will be referred to as a “Course” in this Policy. Through the Site or other channels, the Company may also provide licenses to various training products, which may be software-based interactive learning modules or other types of training documents or materials made available in electronic and/or physical form, and all such licensed products will be collectively referred to as “Training Materials” in this Policy.
The services, products, Courses, and licensed Training Materials offered by us through the Site or other channels will be collectively referred to as “Our Offerings” in this Policy. A user of our Site, including a purchaser of Our Offerings, and any other person for whom a user or purchaser may represent and provide information about (such as attendees for an ordered Course, or the users (or licensees) of ordered Training Materials), are collectively referred to as “user” or “visitor” or “you” or “your” in this Policy.
If you have any questions about the privacy, cookie, or security policies of Company, please contact us using the form on our Contact page or by emailing us at firstname.lastname@example.orgTop
Your Agreement to This Policy
By using our Site, communicating via our Chat interface, communicating via our Contact form or other forms, ordering, using, or attending any Course, ordering or using any Training Materials (as defined above) whether purchased separately or acquired as part of a purchased Course, or otherwise ordering or using any other products or services offered by us, you agree to this Policy, and you also affirm that you are age 18 or older, and that you are authorized to represent any company, group, organization, or other individuals about whom you provide information when ordering or using any Course, Training Materials, or other products or services offered by us. IF YOU DO NOT AGREE TO THE TERMS OF THIS POLICY, OR DO NOT MEET THE AFOREMENTIONED REQUIREMENTS, DO NOT USE THE SITE, NOR ITS FORMS/INTERFACES, AND DO NOT ATTEMPT TO ORDER OR USE ANY PRODUCTS OR SERVICES OFFERED THROUGH THE SITE.Top
Personal Information We May Collect With Consent
The types of personal information collected when using and placing orders on our Site depends on a variety of factors. Information may be collected about you, others persons involved in the Course orders, and your company/organization for which the Course is being ordered (if applicable). This information may be collected automatically, via forms you submit, or via electronic or phone communications with us, and may include the following:
- Name, physical addresses for shipping/training/billing, e-mail address(es), contact phone number(s), professional title/role, background/experience and training/certification goals in relation to the Course(s) of interest. Similar information may be collected for other individuals that may have roles related to the Course order(s) such as identified Course attendees, users, leaders with an interest in the success of Course(s), and coordinators responsible for training planning and arrangements;
- Information and messages that you or other persons involved in the Course(s) voluntarily supply/send via our email address or our Site’s interfaces and forms, including our “Chat” and “Leave Message” interfaces/forms, our Training Materials download page forms, and our Contact Us page form;
- Your credit or debit card number, expiration date, and card verification number (see the “Protection…” section within the “Security” section of this Policy on how sensitive credit card data is handled and protected in a PCI-compliant manner);
- Your IP address may be collected automatically when orders are placed or certain forms are submitted, as a data point to confirm location for tax compliance purposes and/or to prevent spam.
- Information about the business or organization that you represent in relation to Course order(s), including: business name, address, phone numbers, email addresses, training room names and locations, business tax identification number if located outside the U.S., and general goals of the organization as it relates to the Course(s)
- CONSENT EXCEPTION: Certain realtime visitor data is made temporarily available in a display that can only be seen by our live chat agent (a person who, when acting as the chat agent, might assist visitors browsing the site in realtime). This realtime chat agent display may include a limited amount of potentially personal information (e.g., approximate location), however no consent is considered to be necessary in this case since this data is only temporarily available to allow better realtime support of visitors that are actively browsing the site. This data is NOT permanently stored or recorded in any fashion; instead, such data for any particular visitor is automatically deleted, and is no longer retrievable nor viewable, shortly after the visitor leaves the site. If, however, as described elsewhere in this policy, a visitor voluntarily initiates a chat/message session, or submits a form, consent from the visitor is required since any personal information from those actions would be permanently retained.
See the three “SECURITY” sections further below in this Policy on how personal information is protected.
Non-Personal/Anonymous Web Audience/Traffic Information We Collect from Site Visitors Without Consent
When a visitor enters and browses our Site, certain general analytics information (non-personal and anonymous) is collected to support our understanding of general web traffic and general visitor pattern analysis over periods of time (not for personal identification or personal profiling), as is allowed by ePrivacy regulations without gaining consent. Such non-personal data is also collected and temporarily displayed for current site visitors such that our chat agent can respond more effectively to live chat conversations that visitors might initiate. Non-Personal/Anonymous data may include: anonymized IP address (last octet of addressed removed, at a minimum, so only general region/city is known at most, which prevents knowing any specific visitor location), information on how the Site was entered (including the referring pages or paths taken to reach the Site, and our search-driven Google ad (and the triggering keywords) that may have led users to our Site), browsing behavior within the Site (including interactions on the Site, time spent on pages, and pages visited), the number of unique visitors and repeat visits as determined via anonymous cookies, the names of networks/internet service providers used to reach our Site, general user device types, browser window sizes, and browser and operating system types/versions. None of the information collected without consent, as described in this paragraph, is used for any form of remarketing, advertising, user-specific or personal profiling, demographics or interest tracking, or cross-device / cross-site user tracking..Top
Why We Collect Personal Information and Non-Personal/Anonymous Information
Our only purposes for collecting personal information about you, your colleagues, or your business/organization (as descibed in another section above) are to support your visit on our site and any inquiries you initiate about our products and services, and to support the effective ordering and delivery of our products and services. The specific purposes are 1) to facilitate the placement and payment of your orders for the products and services offered on the Site, 2) to allow you to create an account on the Site that enables you to place and pay for orders and access information relating to your orders, 3) to allow us to coordinate, plan, fulfill, and deliver your orders, 3) to prevent multiple unpaid Course orders from the same user or location (spam attempts), 4) to support location records needed to satisfy tax regulations that may apply to your orders, and 5) and to allow us to respond and effectively support you when you contact us via Chat or when you submit other forms on the Site. When personal information is collected on our Site for these purposes, you provide the information voluntarily by controlling when/if you submit a form with your information, and we ask you to affirm for your consent to our use of this information, and your awareness of our Policy, as a required part of any form you submit.
As explained in another section above, we may also collect certain non-personal/anonymous information to understand general web audience and traffic patterns regarding how our visitors collectively access, use, and navigate through our site so that we can improve our services, support, marketing campaigns, Site effectiveness, and Site usability. We do not request or require your consent for our collection of this non-personal information because it is not used to track or profile you as an individual in any way, and we consider this type of information collection to be under the “web audience measurement” consent exception allowed by the ePrivacy regulation.Top
How We Collect Personal Information and Non-Personal/Anonymous Information
The personal information we collect may be captured from a variety of sources or actions associated with various pages on our Site; the specific kinds of personal information collected overall are detailed in an earlier section of this Policy. At the point where the user provides personal information (ie, form submission) we require the user to positively indicate consent to our use of the personal information provided and to acknowledge awareness of our Policy.
The sources and actions that cause personal information to be collected are:
- New account creation by users to support management of orders and access to order information, invoices, and any related materials;
- User submitting various forms to make inquiries and/or provide information, typically before an order is made, such as: requests for information or quotes on our products or services, or use of our “live chat” / “leave message” interface or “contact us” forms (all of which require some limited personal information to be provided when submitting);
- User placing orders for Courses, our Training Materials, or other products and services using our Site’s ordering and payment pages and forms; and
- User completing a form on one of our Training Materials download pages to register your download and confirm your understanding of related terms;
See the three “SECURITY” sections further below in this Policy on how personal information is protected.
Non-personal/anonymous information is collected automatically using various means, as described below (the specific types of non-personal information collected is described in an earlier section). We do not ask users for consent regarding the collection of this information as we believe the consent exception for “web audience measurement” applies, per the ePrivacy regulation. The means of non-personal/anonymous data collection is as follows:
- The automatic collection of non-personal/anonymous information for web audience measurement over long time periods (ie, general web traffic analytics not aimed at user-specific profiling or tracking) is implemented with Google Analytics (GA) along with the highly constrained settings we apply to GA. The key to GA being classified as anonymous and non-personal for our Site (allowing it to be for general web audience measurement only) is that all but the most basic GA information collection is disabled (the nature of the information collected is described earlier in this Policy in the section named “Non-Personal/Anonymous Web Audience/Traffic Information We Collect from Site Visitors Without Consent”). We ensure the anonymous, non-personal, non-profiling, non-tracking characteristics of our GA configuration by using GA’s “anonymize IP address” setting (which strips the lower octet from the IP address so that specific user locations cannot be identified), and through the following GA account settings: Remarketing is disabled, Display Networks is disabled, Demographics and Interest tracking is disabled, Integrated Services used for advertising is disabled, and User ID tracking across devices is disabled (only an anonymous “client id” cookie is used to allow general web audience metrics on return visits). (The privacy aspects of Google Analytics are covered under Google’s policy, which also describes ways to fully disable Google Analytics on your browser if desired.)
- Site visitor information on currently browsing visitors is temporarily made available to our live chat agent, when on duty, to improve the quality and efficiency of real-time support provided when a visitor starts a live chat session. This information is provided by LiveChat, a highly secure third party software service (SaaS) for chat capability. This application temporarily makes a limited anount of realtime information available about visitors who are currently browsing the site, as these visitors may wish to start a chat session with our live chat agent to ask about our products and services (this live chat agent visitor panel data is transient, is never permanently stored, and is deleted automatically from the chat agent’s display shortly after a visitor leaves the site). Should the visitor initiate a chat session (at which time consent for potential personal info collection is obtained), this information is displayed to provide the chat agent with information including approximate location, the pages visited, page view durations, referal source, number of visits, and general device-related information, allowing the chat agent to respond more effectively with insights as to a visitor’s specific areas of interest on the site, product availability to the visitor’s country/area, information already viewed, and viewing/navigation capabilities (note that no user-specific profiling/tracking data is collected or displayed aside from number of visits). Note that the data displayed about current visitors up to the point of initiating a chat session is collected automatically without consent as it is transient and is deleted automatically after the user leaves the site. If a visitor initiates a chat session, consent for personal information collection is obtained from the visitor (via a pre-chat info form) before the session is allowed to begin. See LiveChat Inc’s Privacy and Security policies for privacy-related details on this application.
Use and Access of Your Personal Information By Others and Related Data Processing Agreements)
As a general rule, Company minimizes the extent to which the personal information gathered by our Site is made available to anyone outside of Company, except as instructed/allwed by you, or where required to support/communicate with you, fill orders, or comply with law. We do, however, make use of several highly reputable and trusted service companies to provide technologies and services needed to support you and your orders. We use such third party service providers to assist in hosting our website and maintaining website security, communicating with clients, placing of orders, processing of payments, and certain aspects of delivering orders. The service providers may need to have access to your personal information to perform the contractually specified services on behalf of Company and/or you.
To protect the privacy of your personal information when it must be shared with third party service providers as a matter of providing support, products, or services requested by you, we rely on a formal agreement with each provider (typically a “Data Processing Agreement” (DPA) that supports applicable GDPR regulations regarding DPAs). Such agreements ensure that the third party service providers (the “data processors”) used by us are required to ensure the privacy, confidentiality, security, and proper management of any personal information shared with them by us, in support of applicable GDPR regulations and the related rights of GDPR data subjects.
The key third party service providers with whom we may share personal information, and the typical personal information shared, are as follows:
- Stripe Inc. provides secure PCI-compliant credit card processing through web-based services that are integrated with our Site’s Checkout/Payment page. Stripe uses the following customer-supplied personal information: email address, name, billing address, and credit card information
- Mimeo.com provides printing services for physical hardcopies of our training books (typically used in onsite classes) and also ships the printed materials on our behalf directly to the client’s training location; Mimeo.com uses the following client personal information forwarded by us: email address, name, shipping address, and contact phone
- Logmein, Inc. provides the web meeting platform “GoToMeeting” used to conduct our live online training courses; users will typically enter their email addresses and names onto the GoToMeeting platform when joining a class, and may also enter additional personal information into the GoToMeeting chat interface.
- The Open Group® is the Certification Authority for the certification that an an individual may achieve after attending our certification prep course and then later passing the certification exams using the exam voucher(s) we provide. As an accredited course provider, we obtain the vouchers from The Open Group and are obligated to provide The Open Group with the name, class location, and class date for each attendee to whom we provide voucher(s).
- Google provides the business email account we use. All electronic methods of contacting, messaging, or emailing us by a visitor or client will result in the sender’s email address and other message/form content being forwarded to our Google email account, as this is our primary means of notification when incoming messages arrive from the Site.
- LiveChat Inc. (based in Poland) provides SaaS that supports the live chat and message/ticketing system on our site. To initiate a chat session, a visitor or client must enter their name and email address, as well as click to consent to personal information collection; this information and all subsequent entries during the chat session are captured and retained on the LiveChat servers that support our account.
- InMotion Hosting provides web hosting services for our website, including the provisioning and maintenance of our dedicated server and supporting infrastructure (located in the U.S.), as well being responsible for the physical security of these servers and the protection of the data they contain. Personal data submitted via the forms on the Site is contained on these servers unless otherwise noted elsewhere in this Policy (one key exception is sensitive credit card data which is managed by the secure PCI-compliant Stripe scripts and servers; the sensitive card data is never stored or processed on our server).
MISCELLANEOUS PRIVACY INFORMATION
Links to Other Websites
Company may provide links to one or more other websites (outside of the elearninglaunchpad.com domain) that are not controlled or managed by us. We encourage you to read the individual privacy policies of such sites before providing any of your personal information to them.
Our general minimum retention period for all forms of business data, particularly client data pertaining to orders placed with us as well as data and communications associated with the delivery and support of orders, is seven years. This minimum period ensures that we can support tax and other legal requirements as well as maintain deep history for business analysis purposes. Maximum retention periods are set at our discretion.
“Right to be Forgotten” and Requests for Information
Individuals from the EU who wish to contact us and request copies of information that we may have in our records containing their personal information, or who may wish to request that we delete personal data pertaining to them, are free to do so. We will make every commercially reasonable effort to comply, provided that any requested deletion of data does not violate retention requirements for tax-related data or other legal obligations.
We use functional/technical cookies to facilitate the important features and performance characteristics of our Site, all of which are aimed at supporting clients seeking to learn about, ask about, order, or access our products and services as well as to manage and access their accounts. Each such cookie supports one or more of the following areas of functionality: placement of client orders, client accounts and login/logout session management, user preference retention, retention of shopping cart contents throughout the ordering process/session, fraud protection by the Stripe payment gateway, maintaining chat panel content/status/communication continuity throughout a chat session that may involve navigation across multiple pages and sites over a period of time, and maintaining an anonymous identifier to link a new chat session to prior chat history for improved customer service and better continuity of support.
Advertising and Related Tracking Cookies:
No advertising cookies, or advertising-related tracking/profiling cookies are used on our Site. Furthermore, all Google Analytics settings related to remarketing, advertising, user ID/tracking across devices, demographics and interest reporting, and display network are disabled.
Third Party Cookies:
Most cookies used are first party cookies in that they are controlled and accessed only on our domain. Third party cookies are limited to very few functional/technical cookies that support key applications used by the Site, including:
– LiveChat cookies, which enables our SaaS chat/messaging service and allows chat agent awareness of past visits and chat dialogue when a visitor initiates a new chat session, thereby improving customer service and support continuity);
– Stripe cookies, which enable the secure credit card payment gateway transactions and support fraud protection;
Consent in Relation to Cookies:
As described above and in earlier sections, merely browsing our site does not result in the permanent storage of any personal data, because the highly limited amount of Google analytics data we collect is anonymous and non-personal in nature, the live chat application’s realtime visitor information is only temporarily displayed to a human chat agent, and all advertising, remarketing, sharing, and tracking options in our analytics service are fully disabled; therefore, we do not find it necessary to request consent from visitors who are simply browsing our site. If/when a visitor endeavors to submit a form (eg,a submits a contact form inquiry, or places an order), or initiates a chat session, or creates a message/ticket, (all of which would likely result in personal information being collected by such voluntary submissions), we first require that the visitor positively consents to our use of their personal information and acknowledges awareness of this Policy, typically via a required affirmative checkbox entry on the form or interface being used; this ensures that any cookies that result from such actions, and thereby potentially contain personal information, are only created after the user indicates consent.
All browsers provide a means to disable cookies and/or scripts. However, doing so may prevent you from being able to view or perform certain functions on our Site, including logging in to an account or placing new orders.Top
Do Not Track
The Company takes privacy and security very seriously, and strives to put our customers first in all aspects of our business. With regard to Do Not Track (DNT), our position is that a standard has not been adopted to this day, and therefore we do not use DNT signals, or otherwise respond to such signals in browsers because no DNT standard has been fully adopted. Nonetheless, if a customer wishes to purchase any Course, Training Materials, or other products or services we provide, without using the Site or its ordering pages, please simply contact us by phone or email to make other arrangements.Top
We may, at our discretion, contact users via email to offer and/or promote products and services, or provide other related information, on a periodic basis (no more than one communication per month on average) where we believe such information may be of interest to you based on your past relationship with us. Users whom we may contact include those that have placed or started orders with us, registered an account on our Site, emailed us, subscribed to our news, or otherwise contacted us about our offerings. You may opt out of any such email communication by using any “opt out” or “unsubscribe” links/procedures that may be provided in our emails, or by simply contacting us and informing us that you do not wish such communications.Top
Accuracy of Your Personal Information and How to Update It
You are responsible for periodically checking to ensure that your personal information included in the Site is updated and correct. Your account information (associated with orders) can be checked and edited in the page(s) and links found in the “My Account” page of our Site.Top
Compliance With Laws
We will disclose your personal information where required to do so by law or subpoena or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement or to protect the security or integrity of our Site and Our Offerings.Top
Only persons age 18 or older have permission to make an account on our Site, to place orders on our Site, or to otherwise use any services or forms on our Site. Our Site and Our Offerings do not address anyone under the age of 13 (“Children”).
We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and you learn that your Children have provided us with Personal Information, please contact us. If we become aware that we have collected Personal Information from a children under age 13 without verification of parental consent, we take steps to remove that information from our servers.Top
U.S.-Based Information Storage and International Transfer
Any personal information and all other information which we collect on Site will be stored and processed on our servers located in the United States. If you reside outside the United States, you consent to the collection, transfer, storage and processing of any information from your country to the United States. As required by our Terms and Conditions, only U.S. residents and U.S. companies, using U.S.-based accounts for payments, are permitted to use or place orders on our Site. Note that data pertaining to Site visitor analytics, live Chat, and “Leave Message” communications involves third party companies and services (Google Analytics and LiveChat) which may store information on servers located outside of the U.S.Top
Changes to This Policy
General Security Provisions; Disclaimer of Liability
The security of your Personal Information is important to us, and we strive to implement and maintain reasonable, commercially acceptable security procedures and practices appropriate to the nature of the information we store, in order to protect it from unauthorized access, destruction, use, modification, or disclosure. However, be aware that no method of transmission over the internet, or method of electronic storage is 100% secure and we are unable to guarantee the absolute security of the Personal Information we have collected from you. You agree that we shall not, under any circumstances, be held responsible or liable to you for any damages of any kind whatsoever related to any information or transmissions that are accessed by third parties illegally or without authorization through our Site and/or network.
Our Site and server, as well as those our third party service providers, use proven, highly-secure industry-standard technologies and platforms, best-practice server and application configurations, firewall settings that aggressively block intrusions, and other best-practice access restriction mechanisms. Beyond these general protections, the following two sections describe more specific protection mechanisms that we use 1) for protecting sensitive credit card data and 2) for securely encrypting the communications between you and our Site.Top
Protection of Your Sensitive Credit Card Data
We define “sensitive credit card data” as the 3-digit Card Verification Code (CVC) and the card’s full account number (but not the last 4 digits of the account which we may store on our Site for use in presenting your order records and invoices on your eLearning Launchpad account pages). When you pay for an order on our Site using a credit card, we do not collect, transmit, process or store sensitive credit card data on our server, but rather we rely on special secured input field elements and scripts provided from the secure servers of our fully PCI-compliant credit card processor, Stripe Inc.
All collection, transmission, and processing of sensitive credit card data is carried out directly with, and only by Stripe’s servers, inline input field elements, and scripts. The Stripe credit card data entry form is integrated into the visual presentation of our Site’s checkout page via “iframe” elements that are loaded from the Stripe server; this iframe approach securely separates the Stripe form fields, related data (including user entries on the credit card form), and related scripts from all the other pages, data, and scripts served by our Site.
Stripe has been audited by a PCI-certified auditor and is certified to “PCI Service Provider Level 1” (the most stringent level of certification available in the payments industry), and makes use of best-in-class security tools and practices to maintain a high level of security. For further information on the security aspects of Stripe’s service, see Stripe’s security information.
Based on our use of Stripe’s PCI-compliant service (a third party service) and our other security measures as described in this Policy, we are compliant with the PCI SAQ-A requirements that apply to our Site.Top
Site Authentication and Encryption Protection of Your Connection With Our Site
Beyond the special measures described in the section above for sensitive credit card data, our entire site is also protected by an EV (Extended Validation) SSL certificate. In addition to securely encrypting all your communications with our site, EV SSL provides the highest level of trust and authentication by validating eLearning Launchpad (a registered assumed name of DAR Solutions, LLC) as the true legal entity that owns and controls this website. The presence of our Site’s EV SSL and secure encryption is clearly indicated by the green lock icon and validated company name displayed in your browser’s address bar, as well as the “https” protcol identifier in the URL of all Site pages. The Site’s EV SSL securely encrypts all communications between your browser and any page on our site, including all forms and fields in which you might enter information and all pages which may display your information. The Site’s EV SSL encryption uses a strong protocol (TLS 1.2), a strong key exchange, and a strong set of ciphers. To see further details about the Site’s EV SSL certificate and encryption technologies used by our Site, click the green lock icon that is next to our URL in your browser’s address bar (information format and detail will vary depending on your browser). The Site’s Certification Authority and certificate provider is Comodo CA (now owned by Sectigo).
We use the “SSL Server Test” from Qualys SSL Labs as an independent means to verify the integrity and robustness of our Site’s SSL certificate-related security provisions. We endeavor to ensure that Our Site maintains a grade of at least “B” from this test, indicating a SSL security configuration is in place. This test is a highly respected industry-standard benchmark evaluation that performs a deep and comprehensive analysis of the configuration of an SSL-based web server such as ours; testing covers the support the Site provides for all the various SSL and TLS protocol versions, all the cipher suites, and simulates negotiation with various browser and operating system types, followed by grading based on use of current best practice.Top