This Privacy Policy outlines how SkillSauce, Inc. ("SkillSauce," "we," or "us") and our partners collect, use, and safeguard Personal Data. Our application for compliance with the EU-U.S. Data Privacy Framework ("EU-U.S. DPF"), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF is currently under review.
Definitions
Personal data: Information related to an identified or identifiable individual, such as names, email addresses, employment history, and assessment responses. Sensitive data: Special categories of Personal Data like gender and nationality, collected only with explicit opt-in consent. Processing: Any operation performed on Personal Data, including collection, recording, organization, storage, adaptation, or alteration
Data collection and use
Personal data
We collect personal data
for the following purposes:
Name: For personalizing
communications and certificates. Email address: Used for
communication, account verification, and certificate delivery.
Employment history for skill assessment: To assess your
professional skills and qualifications. Responses to
assessments and surveys: For skill evaluation and service
improvement. Ip address and location data for proctoring: To
enhance security and monitoring during online proctoring.
Automated decision-making
Automated systems may be used to grade assessments
based on predefined criteria. You have the right to request
human intervention, contest decisions, and understand the
logic behind automated decisions.
Legal basis for processing
We
process personal data based on:
Obtained consent:
Explicit consent is obtained for sensitive data and specific
purposes. Legal obligations: For compliance with legal
requirements. Contractual necessity: To fulfill our contract
with you when you use our services.
Cookies and tracking technologies
We use cookies and may collect IP addresses to enhance
user experience. For more details, please review our Cookies
Policy.
Data transfer and storage
International data transfers
Data may be
transferred internationally, utilizing Standard Contractual
Clauses ("SCCs") for transfers to the EU/EEA, to
ensure an equivalent level of data protection.
Security measures
We implement
robust security measures, such as encryption, to protect
Personal Data from unauthorized access, disclosure,
alteration, or destruction. More information is available on
our Security Measures page.
User rights
Data portability
You can request a copy
of your Personal Data in a structured, commonly used,
machine-readable format by contacting us.
Opt-out policy
You have the
option to opt out of specific data collection and usage
practices. Instructions are provided in our Opt-Out Policy.
Access requests
You can access
the Personal Data we hold about you by contacting us.
We'll provide details on the process and expected
response time.
Third-party links
Our website may
contain links to third-party sites. We are not responsible for
their privacy practices. Always review the privacy policies of
external sites.
Data retention
Data is retained
for its intended purpose or as required by law. For specific
concerns about data retention, please contact us.
Children's privacy
We do not
knowingly collect or solicit Personal Data from individuals
under 18. If such data is discovered, it will be promptly
deleted.
Enforcement and verification
The
U.S. Federal Trade Commission oversees our compliance with
data privacy laws. For more information, visit our Security
Practices page.
Dispute resolution
For data
privacy disputes, we offer an independent recourse mechanism
in line with EU-U.S. DPF guidelines.
Data protection officer
We've designated a Data Protection Officer (DPO)
to oversee our data protection strategy. For inquiries, please
contact our DPO.
Subprocessors
Third parties,
known as subprocessors, are utilized for specific functions
and services. You can find a list of these subprocessors and
their roles on our Data Management page.
Data breach notification
In the
event of a data breach involving Personal Data, affected
individuals and authorities will be notified within 72 hours,
as required by law.
Employee data
Details on the
collection and processing of employee data are covered in our
Employee Data Policy.
Consent records
Records of
obtained consent for data processing are securely stored, as
required by law.
California consumer privacy act (CCPA)
We comply with the CCPA, granting California residents
additional rights, such as the right to know, delete, and
opt-out of the sale of personal information. For more details,
see our CCPA Compliance page.
Complaints
To address concerns
about data handling, you can lodge a complaint with the
relevant regulatory authority or use our independent recourse
mechanism. More details are available on our Security
Practices page.
Changes to this policy
We review
this policy annually and will notify you of changes via email
or website notifications.
Governing law
This policy is
governed by U.S. federal law.
User responsibilities
Users are
responsible for maintaining the confidentiality of their login
information and are obligated to immediately report any
unauthorized account activity.
Exclusions
This policy does not
cover data that has been anonymized and can no longer identify
an individual.
Audit rights
We may conduct
audits to ensure compliance with this policy.
Severability
If any part of this
policy is deemed unlawful, the remaining parts will continue
to be in effect.
Disclaimers
Use our services at
your own risk; internet transmissions are never completely
secure.