Last updated January 15, 2019
Thank you for choosing to be part of our community at ODEM SA (“company”, “we”, “us”, or “our”). We are committed to protecting your personal data and your right to privacy. If you have any questions or concerns about this privacy notice (the Notice), or our practices with regards to your personal data, please contact us at [email protected].
When you visit our website, mobile application, and use our services, you trust us with your personal data. We seek to explain to you in the clearest way possible what data we collect, how we use it, and what rights you have in relation to it. We hope you take some time to read through it carefully, as it is important. If there are any terms in this Notice that you do not agree with, please discontinue use of our Sites or Apps and our services.
This Notice applies to all data collected through our website, mobile application, (“Apps“), and/or any related services, sales, marketing or events (we refer to them collectively in this Notice as the “Sites“).
Please read this Notice carefully as it will help you make informed decisions about sharing your personal data with us.
TABLE OF CONTENTS
- WHO WE ARE
- WHAT DATA DO WE PROCESS?
- HOW DO WE USE YOUR DATA?
- WILL YOUR PERSONAL DATA BE SHARED WITH ANYONE?
- HOW DO WE HANDLE YOUR SOCIAL LOGINS?
- IS YOUR PERSONAL DATA TRANSFERRED INTERNATIONALLY?
- HOW LONG DO WE KEEP YOUR PERSONAL DATA?
- HOW DO WE KEEP YOUR PERSONAL DATA SAFE?
- DO WE COLLECT PERSONAL DATA FROM MINORS?
- WHAT ARE YOUR RIGHTS?
- DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
- DO WE MAKE UPDATES TO THIS NOTICE?
- HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
1. WHO WE ARE
The controller of your personal data is ODEM SA, Bahnhofstrasse 10, 6300 Zug, Switzerland. [email protected]
2. WHAT DATA DO WE PROCESS?
Personal data you disclose to us
In Short: We process personal data that you provide to us such as name, address, contact data, passwords, and security data, payment and financial information, social media login data. In addition, we process data pertaining to your educational and academic background, such as your diplomas, the institutions you attended and related data (grades, dates, honorable mentions, etc.).
We collect personal data that you voluntarily provide to us when registering at the Sites or Apps, expressing an interest in obtaining data about us or our products and services, when participating in activities on the Sites or Apps or otherwise contacting us.
The personal data that we collect depends on the context of your interactions with us and the Sites or Apps, the choices you make and the products and features you use. We also collect or generate personal data when third parties such as educational institutions provide information about you, when you provide or receive a course or other educational content, or in the course of providing our services, and we may collect personal data from other sources, for example, to keep your information up to date using publicly available sources. The personal data we process can include the following:
Name and Contact Data. We collect your first and last name, email address, postal address, phone number, and other similar contact data.
Educational and academic data: We process data on your educational and academic background, typically your diplomas, grades, level of education, the name of institutions you attended (such as schools, colleges, universities) and your periods of attendance. This is necessary for us to be able to provide services to you through the Sites or Apps.
Credentials. We collect passwords and similar security data used for authentication and account access.
Payment and financial information. We process financial information, for example payment-related information, transaction information as well as wallet (such as your Ethereum wallet address) and ODEM token-related information which you may provide in the course of your use of the Sites or Apps, being specified that we do not deliberately collect unencrypted private key information from you (e.g. unless you willingly provide it). Such data is encrypted and stored in our ODEM Cloud database
Social Media Login Data. We provide you with the option to register using social media account details, like your Facebook, Google, and LinkedIn. If you choose to register in this way, we will collect the Data described in the section called “HOW DO WE HANDLE YOUR SOCIAL LOGINS” below. We are not responsible for the ways in which Facebook, Google, and LinkedIn process any of your personal data and invite you to read their privacy notices for further data on how they process your personal data.
All personal data that you provide to us must be true, complete and accurate, and you must notify us of any changes to such personal data.
Data automatically collected
In Short: Some data – such as IP address and/or browser and device characteristics – is collected automatically when you visit our Sites or Apps.
We automatically collect certain information when you visit, use or navigate the Sites or Apps. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Sites or Apps and other technical information. This information is primarily needed to maintain the security and operation of our Sites or Apps, and for our internal analytics and reporting purposes.
Like many businesses, we also collect information through cookies and similar technologies.
Data collected through our Apps
In Short: We may collect data regarding your geo-location, mobile device, push notifications when you use our apps.
If you use our Apps, we may also collect the following data:
- Geo-Location Data. We may request access or permission to and track location-based data from your mobile device, either continuously or while you are using our mobile application, to provide location-based services. If you wish to change our access or permissions, you may do so in your device’s settings.
- Mobile Device Access. We may request access or permission to certain features from your mobile device, including your mobile device’s calendar, reminders, social media accounts, storage, SMS messages, contacts, camera, microphone, and other features. If you wish to change our access or permissions, you may do so in your device’s settings.
- Mobile Device Data. We may automatically collect device data (such as your mobile device ID, model and manufacturer), operating system, version data, and IP address.
- Push Notifications. We may request to send you push notifications regarding your account or the mobile application. If you wish to opt-out from receiving these types of communications, you may turn them off in your device’s settings.
3. HOW DO WE USE YOUR DATA?
In Short: We process your data for purposes based on legitimate business interests, the fulfillment of our contract with you, compliance with our legal obligations, and/or your consent.
We process personal data collected via our Sites or Apps or received from you or collected from publicly available sources for a variety of business purposes described below. We process your personal data for these purposes in reliance on our legitimate business interests (“Business Purposes”), in order to enter into or perform a contract with you (“Contractual”), with your consent (“Consent”), and/or for compliance with our legal obligations (“Legal Reasons”). We indicate the specific processing grounds we rely on next to each purpose listed below.
We process the personal data we collect or receive:
- To facilitate account creation and login process. If you choose to link your account with us to a third party account (such as your Google or Facebook account), we process your personal data from those third parties to facilitate account creation and login process. See the section below headed “HOW DO WE HANDLE YOUR SOCIAL LOGINS” for further data.
- To send you marketing and promotional communications. We may use the personal data you send to us for our marketing purposes if this is in accordance with your marketing preferences. You can opt-out of our marketing emails at any time (see the “WHAT ARE YOUR RIGHTS” below).
- To recommend courses for you to attend (as students) or to teach (as educators)
- To send administrative data to you. We may use your personal data to send you product, service, and new feature data and/or information about changes to our terms, conditions, and policies.
- Fulfill and manage your orders. We may use your personal data to fulfill and manage your orders, payments, returns, and exchanges made through the Sites or Apps.
- Deliver targeted advertising to you. We may use your personal data to develop and display content and advertising tailored to your interests and/or location and to measure its effectiveness.
- Request Feedback. We may use your personal data to request feedback and to contact you about your use of our Sites or Apps.
- To enable user-to-user communications. We may use your personal data in order to enable user-to-user communications with each user’s consent.
- To enforce our terms, conditions and policies.
- To respond to legal requests and prevent harm. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
- For other Business Purposes. We may use your personal data for other Business Purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Sites or Apps, products, services, marketing, and your experience.
4. WILL YOUR PERSONAL DATA BE SHARED WITH ANYONE?
In Short: We only share your personal data with your consent, to comply with laws, to protect your or our rights, or to fulfill business obligations.
We may process or share your personal data based on the following legal basis:
- Consent: We may process your data if you have given us specific consent to use your personal data in a specific purpose.
- Legitimate Interests: We may process your data when it is reasonably necessary to achieve our legitimate business interests. In addition, we may disclose your personal data where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
- Performance of a Contract: Where we have entered into a contract with you, we may process your personal data to fulfill the terms of our contract.
- Legal Obligations: We may disclose your personal data where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
More specifically, we may need to process your personal data or share your personal data in the following situations:
- Vendors, Consultants, and Other Third-Party Service Providers. We may share your data with third party vendors, service providers, contractors or agents who perform services for us or on our behalf and require access to such personal data to do that work. Examples include data analysis, email delivery, hosting services, customer service, and marketing efforts. We may allow selected third parties to use tracking technology on the Sites or Apps, which will enable them to collect on our behalf data about how you interact with the Sites or Apps over time. This data may be used to, among other things, analyze and track data, determine the popularity of certain content and better understand online activity. Unless described in this Notice, we do not share, sell, rent or trade any of your personal data with third parties for their promotional purposes.
- Business Transfers. We may share or transfer your personal data in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
- Affiliates. We may share your data with our affiliates, in which case we will require those affiliates to honor this Notice. Affiliates include our parent company and any subsidiaries or other companies that we control or that are under common control with us.
Regarding third party service providers, we only share and disclose your personal data with the following third parties. We have categorized each party so that you may easily understand the purpose of our data collection and processing practices.
- Between Educators and Students: students and educators using our Sites or Apps will be able to see each other’s first name, last name, and email address
- IT service providers who may provide services such as data backup and security, functionality and infrastructure optimization and analytics;
- Third parties involved in hosting or organizing events or seminars;
- Our auditors.
For the purposes set out in this Notice and where necessary, we may share personal data with courts, regulatory authorities, government agencies, and law enforcement agencies. While it is unlikely, we may be required to disclose your information to comply with legal or regulatory requirements. We will use reasonable endeavors to notify you before we do this unless we are legally restricted from doing so.
6. HOW DO WE HANDLE YOUR SOCIAL LOGINS?
In Short: If you choose to register or log in to our websites using a social media account, we may have access to certain personal data about you.
Our Sites or Apps offer you the ability to register and login using your third-party social media account details (like your Facebook, Google, or LinkedIn logins). Where you choose to do this, we will receive certain profile information about you from your social media provider. The profile information we receive may vary depending on the social media provider concerned, but will often include your name, e-mail address, friends list, profile picture as well as other information you choose to make public.
7. IS YOUR PERSONAL DATA TRANSFERRED INTERNATIONALLY?
In Short: We may transfer, store, and process your personal data in countries other than your own.
Our servers are located in the United States (currently on Google Cloud Platform (GCP)). If you are accessing our Sites or Apps from outside the United States, please be aware that your personal data may be transferred to, stored, and processed by us in our facilities in the United States and by those third-party processors with whom we may share your personal data (see “WILL YOUR PERSONAL DATA BE SHARED WITH ANYONE? above).
If you are a resident in Switzerland or the European Economic Area, then these countries may not have data protection or other laws as comprehensive as those in your country. Before we do so we will implement appropriate measures to protect your personal data, for example by requiring the recipient to agree to data processing agreements (if you would like to receive a copy of these agreements, please contact us at the address indicated above. These agreements are usually based on the EU standard clauses, which you may review here). We may also transfer personal data with your explicit consent and in certain other situations as permitted by applicable law.
8. HOW LONG DO WE KEEP YOUR PERSONAL DATA?
In Short: We keep your data for as long as necessary to fulfill the purposes outlined in this Notice unless otherwise required by law.
We will only keep your personal data on our cloud database for as long as it is necessary for the purposes for which the data is collected, and as long as we have a legitimate interest in keeping personal data, for example, to enforce or defend claims or for archiving purposes and IT security. We also retain your personal data as long as it is subject to a legal retention obligation.
When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymize it.
You remain solely responsible for your personal data, such as digital certificates and academic transcripts, which you store on IPFS (InterPlanetary File System). In this respect, kindly note the full deletion of such personal data stored on IPFS is not possible or guaranteed due to the nature of the technology. We do not have access to data, including personal data, which you store on IPFS. Upon your request and if you instruct us to do so, we may at our sole discretion accept to hold a copy of the key to access the personal data which you store on IPFS. We would then be doing so for backup purposes and disclaim any liability in that respect.
9. HOW DO WE KEEP YOUR PERSONAL DATA SAFE?
In Short: We aim to protect your personal data through a system of organizational and technical security measures.
We have implemented appropriate technical and organizational security measures designed to protect the security of any personal data we process and to protect your personal data from unauthorized access, use, disclosure, alteration or destruction.
For instance, we follow industry leading practices for securing data using secure socket encryption (HTTPS) on transmission and utilizing encryption services provided by Google Cloud. We are covered by Google’s compliance certifications; Service Organization Control 1 (SOC 1), SOC 2, and SOC 3.
However, please also remember that we cannot guarantee that the internet itself is 100% secure. Although we will do our best to protect your personal data, transmission of personal data to and from our Sites or Apps is at your own risk. You should only access the services within a secure environment.
10. DO WE COLLECT PERSONAL DATA FROM MINORS?
In Short: We do not knowingly collect data from or market to children under 18 years of age.
We do not knowingly solicit data from or market to children under 18 years of age. If we learn that personal data from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records unless parental consent is received. Please contact us at [email protected] if you become aware of any data we have collected from children under age 18 or you would like to provide parental consent.
11. WHAT ARE YOUR RIGHTS?
In Short: In some regions, such as Switzerland and the European Economic Area, you have rights that allow you greater access to and control over your personal data. You may review, change, or terminate your account at any time.
In some regions (like Switzerland and the European Economic Area), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal data, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal data; and (iv) if applicable, to data portability. In certain circumstances, you may also have the right to object to the processing of your personal data. To make such a request, please use the contact details provided below. We will consider and act upon any request in accordance with applicable data protection laws.
If we are relying on your consent to process your personal data, you have the right to withdraw your consent at any time. Please note however that this will not affect the lawfulness of the processing before its withdrawal.
If you are resident in the European Economic Area and you believe we are unlawfully processing your personal data, you also have the right to complain to your local data protection supervisory authority. You can find their contact details here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm
If you are a resident of Switzerland, you may contact the Swiss Federal Data Protection and Information Commissioner: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html
If you would at any time like to review or change the information in your account or terminate your account, you can:
- Contact us using the contact information provided.
- Log into your account settings and update your user account.
12. DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
In Short: Yes, if you are a resident of California, you are granted specific rights regarding access to your personal data.
California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal data (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal data in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.
If you are under 18 years of age, reside in California, and have a registered account with the Sites or Apps, you have the right to request removal of unwanted data that you publicly post on the Sites or Apps. To request removal of such data, please contact us using the contact
information provided below, and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Sites or Apps, but please be aware that the data may not be completely or comprehensively removed from our systems.
13. DO WE MAKE UPDATES TO THIS NOTICE?
In Short: Yes, we will update this Notice as necessary to stay compliant with relevant laws.
We may update this Notice from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this Notice, we may notify you by directly sending you a notification. We encourage you to review this Notice frequently to be informed of how we are protecting your data.
14. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
If you have questions or comments about this Notice, you may contact us by email at [email protected].