Last updated September 2020
- INTRODUCTION
- This Privacy Notice provides information about how The Option Institute & Fellowship, a Massachusetts not-for-profit corporation, with registered offices at 2080 South Undermountain Road, Sheffield, MA 01257-9643, United States (“Option Institute”, “we”, “our”, “us”) collects and processes the personal data of individuals (“you”, “your”) who visit and/or interact with our website option.litmos.com (the “Website”) and those who use our services including those who participate in an online course of study offered by us (a “Course”), including our adaptive training sessions for Courses and live sessions, and to all subsequent correspondence or communications with those people, whether by email, telephone or by post (collectively, the “Services”).
- This Privacy Notice does not form part of any contract, or offer to enter into a contract, with us. It may be amended by us at any time. We reserve the right to amend this Privacy Notice at any time, for any reason, without notice to you, other than the posting of the amended Privacy Notice on the Website. We recommend that you check the Website often, referring to the date of the last modification listed at the top.
- Option Institute uses third party vendor Callidus Software Inc. (“Callidus”), as its platform for the Website. Callidus may provide, among other things, customer support and data collection for us. Your use of the Website is also governed by the Callidus’ Privacy Policy (https://www.litmos.com/privacy-policy), which is incorporated by reference herein.
- It is important that you read this Privacy Notice so that you are aware of how and why we are using your personal data. We endeavor to ensure that personal data is kept as current as possible and that irrelevant or excessive data is deleted or made anonymous as soon as reasonably practicable. We generally retain personal data for as long as is required to satisfy the purpose for which it was collected. We are required to keep certain types of information for a specific period of time in order to comply with legal requirements. Some of your personal data may need to be retained because of circumstances such as a legal dispute or regulatory investigation, which would not normally be subject to retention.
- FOR EU RESIDENTS
- Option Institute is a “controller” of your personal data. This means that we are responsible for deciding the purposes and means by which we use the personal data we hold about you. “Personal data” is any information by which you or any living person can be individually identified either directly or directly but does not include anonymised data. There are “special categories” of more sensitive personal data which require a higher level of protection.
- As a controller, we are obliged to provide this Privacy Notice to you under EU data protection laws, including the General Data Protection Regulation (EU) 2016/679). In brief this Privacy Notice explains:
- what personal data of yours we hold and why we process it;
- the legal grounds that allow us to process your personal data;
- where we obtain your personal data, who gets to see it and how long we keep it;
- your data protection rights; and
- where to address queries or complaints.
- In connection with our business and for administrative, management and legal purposes, we may transfer your personal data outside the European Economic Area to the United States. Where we need to transfer your personal data, we shall ensure that the transfer is lawful and that there are appropriate security arrangements.
- how we collect your personal data
- We may receive your personal data through various means including Direct interactions:
You may give us your identity and contact data, profile data, transaction data and other information by creating and managing your user profile account, participating in the Services including online discussion forums, interacting with trainers or teachers, filling in website forms, sharing details about our Services or by corresponding with us by post, phone, email, SMS, social media or otherwise. This includes personal data you provide when you submit coursework, give us feedback or contact us. - We may receive your personal data through various means including Automated technologies:
As you browse and interact with the Website, we collect browser data. We collect this personal data by using cookies and other similar technologies. Please see our Cookies Policy for further details. - Cookies: A cookie is a simple text file that is stored on your computer or mobile device when you visit a website. When you visit the website again, or visit another website which recognizes that cookie, your device is able to communicate with the website and the website can read the information held in that cookie. Only that server will be able to retrieve or read the contents of that cookie. Each cookie is unique to your web browser. It will contain some anonymous information such as a unique identifier as well as the website name. Cookies may be set by the website you are visiting (“first party cookies”) or they may be set by other websites who run content on the page you are viewing (“third party cookies”).
Cookies have various purposes, including letting you navigate between pages efficiently, storing your preferences, and generally improving your experience of a website. Most websites you visit will use cookies to improve your user experience by enabling that website to “remember” you, either for the duration of your visit (using a “session cookie”) or for repeat visits (using a “persistent cookie”).
We may use the following first party cookies and third party cookies on our Site:
- Strictly Necessary cookies: These cookies are essential in order to enable you to move around the Site and use its features, such as accessing secure areas of the Site. The Site needs Strictly Necessary cookies for it to work. If you remove or disable these Cookies, we cannot guarantee that you will be able to use our Site.
- Analytical/performance cookies: These cookies provide generic statistics on the use of our website by allowing us to recognize and count the number of visitors and to see how they move around and access the site. This helps us to improve the way the Site works, for example, by ensuring that users find what they are looking for easily.
- Functionality cookies: These are used to recognize you when you return to our Site, and remember your preferences.
- Targeting cookies: This type of cookie records your visit to our Site, the pages you have visited and the links you have followed or come into the Site on. Depending on the pages that you have visited, the cookie may trigger advertising for us on third-party websites either related or unrelated to our business. We may use this information may also be used for re-targeting or offer based promotional uses by us from time to time.
Except for Strictly Necessary cookies and any others which are essential for the functioning of this Site, you can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. You can set these preferences on your browser settings. However, each browser is different so check your browser’s Help menu to learn how to modify your cookies. This may prevent you from taking full advantage of this Site.
We employ commonly used third-party analytic services that may automatically collect and store information about visits to the Site. Callidus may use cookies in a way that varies from our use and you are responsible for understanding Callidus’ Privacy Policy. We do not have direct control over the tools these third-party analytic services use to collect data. We use this information to get a better sense of how our Site is being used over time so that we can improve them and make them more relevant to users and in ways described herein.
Please note that:
- Many of the interactive functions offered by the Site are dependent on cookies and disabling or blocking cookies may impact the functionality of the Site or result in an inferior web experience.
- If you’ve chosen to block third-party cookies on your browser, your cookie preferences won’t carry over from the Site and vice versa.
- We have no access to or control over any cookies or other devices that are used by any third party advertisers or ad servers on the Site.
If your personally identifiable information changes, or if you no longer wish us to possess your information, you may request correction, updating, or deletion of your information by emailing us at gdpr@option.org.
- We may receive your personal data through various means including Direct interactions:
- the legal basis we rely on to process your personal data
- Certain data protection laws permit six legal basis to process personal data. The legal basis that we rely on are set out in table in this section of the Privacy Notice. In some contexts more than one legal basis may apply to our or our sub-processors’ processing activities.
Legal basis Explanation Processing of your personal data is necessary for our performance of a contract with you or to take steps at your request to enter a contract (“Contract”) This covers carrying out our contractual duties with you where we provide the Son-Rise to you. Processing necessary to comply with our legal obligations (“Legal Obligation”) Ensuring we perform our legal obligations. Processing necessary for our or a third party’s legitimate interests (“Legitimate Interests”) We (and third parties) have legitimate interests in carrying on, managing and administering our respective businesses. Part of managing businesses will involve the processing of your personal data. Your data will not be processed if, in processing your data, your interests, rights and freedoms related to the data override the businesses’ interests in processing the data for businesses purposes.
- Certain data protection laws permit six legal basis to process personal data. The legal basis that we rely on are set out in table in this section of the Privacy Notice. In some contexts more than one legal basis may apply to our or our sub-processors’ processing activities.
- WHY WE PROCESS YOUR PERSONAL DATA
- Subject to applicable law, your personal data may be stored and processed by us for purposes detailed in the following table:
Purpose for processing personal data Categories of personal data The legal basis we rely on Applications and Enrollments · Identity data such as name, title · Contact data such as addresses, telephone numbers, and personal email addresses.
· Date of birth
· Gender
· Nationality and country of residence
· Contract. · Legitimate Interests
Finance in order to process your payments · Bank account details, credit card and debit card details, cheques · Contract. · Legitimate Interests
User profiles · Identity data such as username, profile photograph, job title · Social media accounts
· Legitimate Interests Providing the Services to student participants and others · Online synchronous teaching and learning by student participation · Live and recorded audio and video teaching sessions and forums.
· Assessment and supervision of coursework
· Surveys and student feedback
· Contact information including personal email addresses and phone number.
· NOTE: we may share your email address (pertaining only to your class) with other participants in your class for class activities.
· Contract. · Legitimate Interests
Discussion forums · Username · Profile picture
When contributing to a discussion, we strongly recommend you avoid sharing personal details, that can be used to identify you directly such as your name, age, address and name of employer. We are not responsible for the privacy of any identifiable information that you post in our online discussion forum or other public pages of the site.
· Legitimate Interests · Marketing · To inform you of other programs and courses
· To invite you to information sessions relevant about other courses and programs we provide
· To carry out marketing analysis, for example we look at what you have viewed on our Website and what your preferences are to improve the relevance of our marketing
· Your preferences in receiving marketing communications from usIf you would prefer that we do not send such communications to you, please follow the opt-out links on any marketing message or contact us using the contact details in this Privacy Notice.
· Legitimate Interests Browser data · Internet protocol (IP) address used to connect your computer to the Internet · Your browser type and version
· Time zone setting
· Browser plug-in types and versions
· Operating system and platform
· How often you visit the Website
· Website performance data
Browser data is automatically obtained by using cookies and other similar technologies. Please see our cookie policy on our website for further details.
- Subject to applicable law, your personal data may be stored and processed by us for purposes detailed in the following table:
- third party information
- Other individuals’ personal data
- Where you provide us with personal data relating to other people, you represent and warrant that you will only do so in accordance with applicable law, including data protection laws. You will ensure that before doing so, the individuals in question are made aware of the fact that we will hold information relating to them and that we may use it for any of the purposes set out in this privacy statement, the Website Terms of Use, and where necessary you will obtain their consent to our use of their information. You will provide anyone that you provide us with personal data about with a copy of this Privacy Notice. We may notify those individuals that you have provided their details to us.
- Information collected through third-party links and content
- This Website may include links to other websites and other content from third party businesses and can offer direct interaction with external websites, networks or platforms that are outside our control. These third-party businesses may use cookies, web beacons or other similar technology to collect information about you. We do not have access to or control over these third parties or the cookies, web beacons or other technology that these third parties may use. We are not responsible for the security, privacy of the information collected by these third parties or the privacy practices of these third parties or the content on any third-party website. You are encouraged to review the privacy policies of the different websites you visit.
- Other individuals’ personal data
- Disclosure of your personal data
- We reserve the right to disclose your personal data to third parties:
- if we are under any legal or regulatory duty to do so; and
- to protect our rights or the safety of us, our personnel, users or others.
- We also use third party service providers as our processors to only hold and use personal data on our behalf in order to provide us with a service. We may also disclose personal data to our staff, employees, professional advisors and experts in order to obtain their assistance in carrying out our services and our activities. We require these parties to keep your personal data confidential and secure and to protect it in accordance with the law. They are only permitted to process your personal data for the lawful purpose for which it has been shared and in accordance with our instructions.
- In connection with the Services, we may record audio, video or otherwise capture your and others’ participation in Course activities (“Recordings”). We may share Recordings with our employees and agents as well as students, teachers, parents, and others in our discretion. We use Recordings, among other things, for classroom learning, to provide feedback to teachers, for customer support, and for compliance purposes. We will obtain additional parental consent before we use any Recordings for promotional purposes. We utilize reasonable means to restrict the use of Recordings; however, we cannot control or monitor what such third parties ultimately do with Recordings, and disclaim all responsibility with respect to such uses.
- We reserve the right to disclose your personal data to third parties:
- security of your personal data
- Option Institute is committed to maintaining the security of your personal data it processes. Option Institute maintains appropriate physical, procedural, organizational and technical security measures intended to prevent loss, misuse, unauthorised access, disclosure, or modification of your personal data under Option Institute’s control. We also limit access to your personal data within our organization and to third parties that need access to your information in provision of service to us. They will only process your personal data on our instructions and are required to protect personal data. If you have reason to believe that your personal data is no longer secure, please contact us at gdpr@option.org
- Please be aware that when you transmit information to us or to our service provider over the internet or another telecommunications network this can never be guaranteed to be 100% secure. For any payments which we take from you or pay to you online we will use a , and we are not responsible for the security of this system. You should contact these third parties for information about the security of theseinternet, telecommunications systems or payment systems if you need further information.
- We cannot guarantee against any loss, misuse, unauthorised disclosure, alteration or destruction of data but we take reasonable steps to prevent this from happening. We have put in place measures to protect the security of your personal data and will notify you and any applicable regulator of a breach where we are legally required to do so.
- Retention of your personal Data
- We endeavour to ensure that personal data is kept as current as possible and that irrelevant or excessive data is deleted or made anonymous as soon as reasonably practicable. We generally retain personal data for as long as is required to satisfy the purpose for which it was collected. We are required to keep certain types of information for a specific period of time in order to comply with legal requirements. Some of your personal data may need to be retained because of circumstances such as a legal dispute or regulatory investigation, which would not normally be subject to retention.
- updating your personal data
- You are responsible for notifying us of any changes to your personal data that you provide to us.
- Children
- Our Website and Services are not intended for children under 13 years of age without parental supervision. No one under age 13 may provide any personal information to or on the Website or Service. If you are under 13, do not use this Website or Service or provide any information about yourself to us, including your name. If a parent or guardian is made aware that a child under the age of 13 has provided us with personally identifiable information through any point of contact, we ask to be contacted by email via the contact page and we will delete the information.
- Location of the Website and Service
- This Website and Service is hosted and operated in the United States. Those who access or use the Website from jurisdictions outside the United States do so at their own choice and risk and are solely responsible for compliance with local law. If you are not a resident of the United States, you acknowledge and agree that we may collect and use your personal information outside your home jurisdiction and that we may store your personal information in the United States or elsewhere.
- YOUR Data Protection Rights
You have various rights under data protection laws, subject to certain exemptions, in connection with our processing of your personal data. These rights are free of charge and include the right to:
- Gain access to and copies of your personal data. You are entitled to receive, on request and free of charge, a copy of all your personal data that we hold. There are some limitations to this right. For example, if the personal data also relates to another person and we do not have that person’s consent. Where there is data that we cannot disclose, we will explain this to you.
- Ensure that your personal data is accurate. You may request to have inaccurate or incomplete information corrected and updated by us.
- Request erasure of your personal data. This right enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing. However, where we hold and process your personal data in order to comply with legal obligations, such as compliance with financial auditing or for the establishment exercise or defence of legal claims, your right to ask us to delete or remove your personal data is limited;
- Object to our processing of your personal data. You may object to our processing of your personal data where we are relying on a legitimate interest (or those of a third party) in order to justify the basis for our processing your personal data and there is something about your particular situation which makes you wish to object to processing on this ground.
- Request that we restrict processing of your personal data. This right enables you to ask us to suspend the processing of your personal data (e.g. if you want us to establish its accuracy or the reason for processing it).
- Data Portability. Where we process your personal data by automated means (i.e., not on paper) and this processing is based on your consent or required for the performance of a contract between us, you are entitled, where technically feasible to request that we transmit your personal data in this format to another controller.
- Not be subject to solely automated decision. You have the right to be informed if your personal data will be subject to automated decision making, including profiling, where that decision impacts on your legal rights. Profiling is an automated form of processing of personal data often used to analyse or predict personal aspects about an individual person. We do not engage in profiling.
- We may need to request specific information from you to help us confirm your identity and ensure your right to access the personal data, or to exercise any of your other rights. We may ask you to provide us with your current name and address, proof of identity (a copy of your driving licence, passport or two different utility bills that display your name and address), and once verified we will delete this data. This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
- updating your personal data
- You are responsible for notifying us of any changes to your personal data that you provide to us.
- queries and complaints
- If you have any questions or wish to exercise any of your rights please contact us by email at gdpr@option.org or write to Dominic Fanelli / Webmaster at 2080 S. Undermountain Road, Sheffield, MA USA 01257.
- For EU residents, you have the right to lodge a complaint regarding our processing of your personal data with an EU supervisory authority in the country you reside or work or where an alleged infringement has occurred. A list of EU data protection supervisory authorities can be accessed from here: https://edpb.europa.eu/about-edpb/board/members_en