The Dot Net Factory, LLC dba EmpowerID4393-A Tuller Road, Dublin, OH 43017 USA
Phone: +1 614 652 6825
Effective Date: May 26, 2020
2. EmpowerID Responsibility
Each of our customers, not EmpowerID, controls whether they provide you with access to the EmpowerID Solution (Cloud or Premise), and if they provide you with access, they control what information about you that they submit to the EmpowerID Solution. This content may include contact information (such as your first and last name, email address, and phone number), professional information (such as the department you work for at your place of employment), and Human Resource Information (such as age, gender, race) or other types of information a customer chooses to submit. Use of this content by EmpowerID is governed by agreements between EmpowerID and the Customer.
If your Personal Data has been submitted to us by or on behalf of an EmpowerID customer and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the applicable customer directly. Because we may only access a customer’s data upon approval from that customer, if you wish to make your request directly to us, please provide to us the name of the EmpowerID customer who submitted your Personal Data to us. We will refer your request to that customer and support them as needed in responding to your request within a reasonable timeframe.
3. Collected Personal Data
Information you provide
Based on current EmpowerID practices, we collect the following categories of information about you:
Contact and Work Data: We collect contact and work-related data about you in person, through communications, and through our website. For example, you provide your contact and professional information to us when you sign up to learn more about EmpowerID products and services, register for a trial of EmpowerID, or register for a live demo. If you attend a demo, EmpowerID may collect contact details from attendees such as the collection of business cards or other method where you share Personal Data with us. Typically, contact data includes your name and contact methods, such as telephone number, email address, and mailing address, and work-related data includes details such as the organization you are affiliated with, your job title, and industry.
Support-Related Data: We may also collect various forms of support-related personal data from our help center, and bug reporting platform. For example when opening a support request or filing a bug report with EmpowerID you may be asked to provide contact information, a detailed writeup of the issue you are currently experiencing, EmpowerID logs or other detailed error reports relating to the issue, and any other information that would be helpful in resolving a customer support request.
Job Applicant Data: You provide your contact and professional information, including your resume with educational and work background, when you apply for a job with EmpowerID. You may also provide us with sensitive information, like your Social Security Number or other government identifier, racial or ethnic origin, or other such Personal Data in connection with your job application. EmpowerID will perform a background check on potential applicants and following data may be collected including Identity and Social Security Verification, Credit Checks, and a Criminal Record check, only to the extent permitted by the local laws applicable to your job application.
Contract and Payment Data: We may receive contract details (like signatures) from you or your organization and collect payment and billing information, which may contain Personal Data such as billing name, billing address and payment details, in connection with some of our products and services.
Audio, Electronic, or Visual Data: If you attend an EmpowerID demo, we may record some or all that event, or take photos at the event. If persons attend an online EmpowerID event including phone communication, and video communication, EmpowerID may record phone, and video communication after seeking consent of participants in communication. EmpowerID may use this data internally for reference and other business-related needs.
Personal Data Collected from Other Sources
EmpowerID receives Personal Data and other information from third parties for business or commercial purposes. This information varies and falls into the following categories.
- Business contact information, or other details about your business
- Details about a job applicant (name, resume, educational and work history, criminal history information) as permitted under law.
EmpowerID receives business contact information that contains personal information for commercial reasons, including details about you and your company from third parties for marketing and business inquires, such as identifying new customers, reviewing business opportunities and providing our audience with relevant content and advertising. EmpowerID receives this information from sources such as third-party marketing initiatives, information aggregators, and referrals.
If you are applying for a EmpowerID, we may receive Personal Data about you from third parties for business purposes, such as through background checks (educational, employment, criminal, and financial information), publicly-available sources (like social media accounts, including LinkedIn for identifying candidates), feedback about your application and from interviews, and other third parties that may provide feedback about your application.
For our professional services work, or as a service provider, EmpowerID may also receive Personal Data about you to perform its obligations under its contract with a third party. EmpowerID partners may also share your business contact information with EmpowerID as part of their recommendation to your company to become an EmpowerID customer. If we are interested in partnering with, acquiring, investing in, or partnering with, your employing or retaining company, EmpowerID may receive Personal Data about you through the (potential or completed) transaction for its business purposes.
Like most websites, applications, and software across the Internet, EmpowerID collects certain Personal Data. This type of data collection allows us to better understand how individuals use our websites, products and services and how they perform. For example, we may collect metadata about you, including technical data about your performance or use of our website, products and services. This information may, for example, reflect how you found or were directed to or used the Website. It may collect the name and URL of the website that you visited immediately preceding your visit to a Website. EmpowerID may use this type of information on a cumulative basis to better understand what pages Visitors and prospective customers access or visit.
- Identify you when you access, visit, or log-in to any Website. This enables you to re-visit any Website without having to re-enter information upon each visit.
- To note different areas of any Website which have recently been accessed through your computer. Information collected in this way may be used to develop and manage the online services of EmpowerID by, for example, storing information about your preferences to enable EmpowerID to customize any Website according to your individual interests.
- Delivering content on any Website which is relevant to your individual interest.
- Monitoring the effectiveness of any promotions or marketing campaigns by EmpowerID or its Affiliates.
- Tracking your entries, submissions, and status in promotions, sweepstakes, and contests.
- Analyzing and improving Website security.
The Websites do not respond to “do not track” signals from browsers. Thus, your selection of the “do not track” option provided by your browser may not have any effect on our collection of cookie information for analytic and internal purposes. To effectively manage our collection of cookie information, you may set most browsers to notify you if you receive a cookie, or you may choose to block cookies through the settings associated with your browser. But, please note that if you choose to erase or block cookies, you will need to re-enter your original information (e.g., user name, password, or general contact info) to gain access to certain parts of the Websites and may not be able to access other parts of the Websites.
EmpowerID may also use tracking technologies that record information such as Internet domain and host names; Internet protocol (IP) addresses; browser software and operating system types; clickstream patterns; and dates and times that any Website are accessed by Visitors. EmpowerID may also analyze information for trends and statistics, such as using Google Analytics or other similar analytics services.
Collected Metadata from EmpowerID Solution and Ancillary Products
We offer products that collect both Customer Data and Usage Data (as defined in our agreements with customers, including from the EmpowerID Solution Service). Our collection of both types of data enables us to provide and innovate upon the EmpowerID Solution Service, which in turn allows us to act as a service provider to our customers and to continuously improve upon the services we provide to our customers. In conjunction with the products we make available to our customers, we may collect additional data, such as user-agent and browser version, the URLs you visit, logs of your usage and click activities, logs about your login history, identity confirmation, and device data (such as whether your device is managed by an administrator, the operating system installed on the device, and similar device or version information).
As with most websites, whenever you visit an EmpowerID website or when you interact with EmpowerID promotional content, we may receive both Personal Data about you from information-gathering tools and passive information collection on our websites, including Personal Data from our websites you visit or emails we send. This information collection typically includes information such as cookies, demographic information, company and role details, market research and publicly-available information, IP address, device and browser details, usage information, timestamps, pages viewed, searches, interaction with and action taken by you on our websites or content, as well as other non-Personal Data.
We use the information we collect as a business to analyze and predict results arising from our sales and marketing efforts, improve the performance of our websites, products and services and customer support, identify potential customers, opportunities, and potential new product areas, ascertain trends, improve our websites’ functionality, improve our security, and provide us with general business intelligence, including through the use of machine learning technology. We may also combine the metadata and usage information collected from our websites with other information to help further the purposes described in the previous sentence.
How Personal Data is Used:
Communicate with you about our products and services: We may use your Personal Data, such as contact data, Ancillary Data, and metadata, to send you transactional communications, notices, updates, security alerts, and administrative messages regarding our products and services that may be useful to you and your organization. We will respond to your questions, provide tailored communications based on your activity and interactions with us, and help you use our products and services effectively.
Support safety and security: We use Personal Data, such as contact data, Ancillary Data and other metadata, about you and your use of our products and services to verify accounts and activity, monitor suspicious or fraudulent activity, assist our customers in their monitoring of suspicious or fraudulent activity, and identify violations of policies regarding the use of our products and services.
Process payments. We process Personal Data, such as contact information, contract-related data, financial information, biographical information, and payment information to process payments to the extent that doing so is necessary to complete a transaction and perform our contract with you or your organization.
Recruiting. We process your Personal Data, such as contact, job applicant, and biographical data, to assess your application and to evaluate and improve the recruitment system, our application tracking and recruitment activities. We also use your Personal Data to communicate with you regarding your application or opportunities at EmpowerID. We may verify your information, including through reference checks and, where allowed, background checks.
Market and promote our products and services: We use your Personal Data, such as contact data, Ancillary Data, and other metadata, about how you use the products and services to send promotional communications that may be of specific interest to you and your organization, including by email and by displaying EmpowerID marketing communications on other companies’ websites and applications, as well as on third-party platforms like Facebook, Twitter, and Google.
Other purposes for our legitimate interests: Where required by law or where we believe it is necessary to protect our legal rights, interests, or the interests of others, we may use your Personal Data in connection with legal claims, compliance, regulatory, and audit functions, protecting against misuse or abuse of our products and services, and protecting personal property or safety.
Other purposes with your consent: We may use your Personal Data if you have given us consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer stories to promote our products and services, with your permission.
If we process your personal data for a purpose other than that set out above, we will provide you with information prior to such processing.
4. EmpowerID Data Sharing Policies
We may disclose your Personal Information to the following categories of recipients:
- Our group companies, Affiliates, third party services providers and partners who provide data processing services to us (for example, to support the delivery of, provide functionality on, or help to enhance the security of our Website or Services), or who otherwise process Personal Information for purposes that are described in this Privacy Statement or notified to you when we collect your Personal Information.
- Any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
- Actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of any part of our business, if we inform the buyer it must use your Personal Information only for the purposes disclosed in this Privacy Statement;
- Any other person with your consent to the disclosure
5. EmpowerID Data Security
EmpowerID maintains a comprehensive, written information security program that contains industry-standard administrative, technical, and physical safeguards designed to prevent unauthorized access to Personal Data.
Wherever your Personal Information may be held within EmpowerID or on its behalf, EmpowerID takes reasonable and appropriate steps to protect the Personal Information that you share with us from unauthorized access or disclosure. EmpowerID trains its employees on data handling practices. In addition, EmpowerID and its business partners enter into confidentiality agreements which require that care and precautions be taken to prevent loss, misuse, or disclosure of your Personal Information.
However, no security system is perfect, and due to the inherent nature of the Internet, we cannot guarantee that data, including Personal Data, is absolutely safe from intrusion or other unauthorized access by others. You are responsible for protecting your password(s) and maintaining the security of your devices.
If you use the EmpowerID online service via a subscription purchased for you by an EmpowerID customer, then that customer is responsible for configuring your instance appropriately.
6. Data Retention
We retain Personal Information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).
When we have no ongoing legitimate business need to process your Personal Information, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible.
7. Your Data Protection Rights and Choices
- If you wish to access, correct, update or request deletion of your Personal Information, you can do so at any time by contacting us using the contact details provided under the Contact Information heading below.
- You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided under the Contact Information heading below.
If you are a resident of the European Economic Area, you can also:
- object to processing of your Personal Information, ask us to restrict processing of your Personal Information or request portability of your Personal Information. Again, you can exercise these rights by contacting us using the contact details provided under the Contact Information heading below.
- Similarly, if we have collected and process your Personal Information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a Data Protection Authority (DPA) about our collection and use of your Personal Information. For more information, please reference the relevant link for the EU and Swiss Data Protection Authorities located in the Contact Information heading below.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
Under the General Data Protection Regulation, if you are a European Union data subject, you have rights to understand and request how we collect, use, and disclose Personal Data in our capacity as a data controller, to the extent permitted by applicable law.
- Right to Access: You have the right to access your Personal Data held by us.
- Right to Rectification: You have the right to rectify inaccurate Personal Data and, considering the purpose of processing, to ensure it is complete.
- Right to Erasure (or “Right to be Forgotten”): You have the right to have your Personal Data erased or deleted.
- Right to Restrict Processing: You have the right to restrict our processing of your Personal Data.
- Right to Data Portability: You have right to transfer your Personal Data, when possible.
- Right to Object: You have the right to object to the processing of your Personal Data that is carried out based on legitimate interests, such as direct marketing.
- Right Not to be Subject to Automated Decision-Making. You have the right not to be subject to automated decision-making, including profiling, which produces legal effects.
If you would like to make a request and exercise your rights described above, please reference the EmpowerID contact information in the Contact Information section below.
Where Personal Information originates from the European Economic Area or Switzerland and is transferred to the United States, EmpowerID agrees to comply with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, respectively. EmpowerID makes an affirmative commitment to adhere to EU-U.S. and Swiss-U.S. Privacy Shield Principles (the “Privacy Shield Principles”). With respect to such Personal Information, to the extent of any conflict between the terms in this Privacy Statement and the Privacy Shield Principles, the Privacy Shield Principles govern. More information on the EU-U.S. and Swiss-U.S. Privacy Shield programs can be found at https://www.privacyshield.gov.
EmpowerID commits to cooperate with EU Data Protection Authorities and Swiss Federal Data Protection Information Commissioner (FDPIC) and comply with the advice given by the panels with regard to human resources data transferred from the EU and/or Switzerland, as applicable. The Federal Trade Commission has jurisdiction over EmpowerID’s compliance with the Privacy Shield.
In the context of an onward transfer, EmpowerID has responsibility for processing Personal Information it receives under Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. Where required by Privacy Shield, we enter into written agreements with those third-party agents and service providers requiring them to provide the same level of protection Privacy Shield requires and limiting their use of the data to the specified services provided on our behalf. We take reasonable and appropriate steps to ensure that third-party agents and service providers process EEA and Swiss Personal Information in accordance with our Privacy Shield obligations and to stop and remediate any unauthorized processing. Under certain circumstances, we may remain liable for the acts of our third party agents or service providers who perform services on our behalf for their handling of EEA or Swiss Personal Data that we transfer to them.
California Privacy Rights
Under the California Consumer Privacy Act of 2018 (“CCPA”), effective January 1, 2020, if you are a California resident, you have rights to understand and request that we disclose how we collect, use, disclose, and sell your Personal Data to the extent permitted by applicable law.
- Right to Know About Personal Data Collected, Disclosed, or Sold: You have the right to request that we disclose what Personal Data we collect, use, disclose, and sell.
- Right to Request Deletion of Personal Data: You have the right to request the deletion of your Personal Data collected or maintained by us as a business.
- Right to Opt-Out of the Sale of Personal Data: You have the right to opt-out of the sale of your Personal Data by us as a business, in the event we sell Personal Data.
- Right to Non-Discrimination for the Exercise of Your Privacy Rights: You have the right not to receive discriminatory treatment by us for the exercise of your privacy rights conferred by the CCPA.
- Authorized Agent: You may designate an authorized agent to make a request under the CCPA on your behalf by us with a copy of your power-of-attorney document granting that right.
- Financial Incentives: We do not provide any financial incentives tied to the collection, sale, or deletion of your Personal Data.
If you would like to make a request and exercise your rights described above, please use the contact information below.
8. Child Personal Information Policy
EmpowerID does not knowingly solicit any Personal Information from children under the age of 16. If EmpowerID is made aware that EmpowerID has Contact Information collected Personal Information from a child under 16 years old in a manner that is inconsistent with the Children’s Online Privacy Protection Act of the United States, then EmpowerID will delete this information as soon as practicable.
9. Policy Changes
EmpowerID may amend this Privacy Statement from time to time by posting a revised policy on our Website. If EmpowerID makes material changes to this Privacy Statement, EmpowerID will endeavor to notify you of such changes (e.g., by email or an alert on any Website for a period of time). However, regularly reviewing this page is the best method to ensure you are always aware of the information EmpowerID collects, how it is used and under what circumstances.
You can see when this Privacy Statement was last updated by checking the “last updated” date displayed at the top of this Privacy Statement.
10. Contact Information
For disputes regarding EmpowerID’s collection or use of your Personal Information, including all requests made under the California Consumer Privacy Act of 2018 or for more information, or questions or comments concerning the Privacy Statement, please contact EmpowerID at:
c/o Web Privacy Manager
4393-A Tuller Road
Dublin, Ohio 43017
You may also stop email messages and other promotional mailings by contacting EmpowerID at the above address or email. Our goal is to resolve all disputes through our internal processes. If you have a complaint regarding our collection, use, disclosure or retention of Personal Information originating from the European Economic Area or Switzerland that cannot be resolved through those processes, you may:
- Submit the complaint to the relevant Data Protection Authorities, the EU Data Protection Authorities or the Swiss Federal Data Protection and Information Commissioner (FDPIC) (“DPAs”). If you reside in the EU, you can find your country’s DPA here: https://edpb.europa.eu/about-edpb/board/members_en, or if you reside in Switzerland, you can find your relevant DPA here: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html. Complaints can be submitted online to the European Data Protection Supervisor here: https://edps.europa.eu/data-protection/our-role-supervisor/complaints/edps-complaint-form_en
- At no cost to you, a complaint can be resolved through our Alternate Dispute Resolution Provider, JAMS using this link: https://www.jamsadr.com/eu-us-privacy-shield
- Provide notice to EmpowerID that you desire to resolve the complaint through binding arbitration. EU individuals can find more information here: https://go.adr.org/privacyshieldfiling.html and Swiss individuals can find more information here: https://go.adr.org/SwissAnnexIFiling.html
- EmpowerID is subject to the enforcement powers of the U.S. Federal Trade Commission. If we or such authorities determine that we did not comply with this Privacy Statement, we will take appropriate steps to address any adverse effects and to promote future compliance.
11. Privacy Shield Compliance