Privacy Statement Last Updated on: December, 2018
Security Token Academy
If you are a California resident and you provided your email address to Security Token Academy LLC or Crest (“STA,” “Us” or “We”), then, once each calendar year, you may submit a written request for information about the information we shared, if any, with other companies for their use in direct marketing. To submit your written request, please send an E-mail to [email protected] with “Request for California Privacy” in the subject line.
Within 30 days of receiving your request, we will send you a list of the names and addresses of these other companies during the immediately preceding calendar year.
We reserve our right not to respond to requests sent more than once in a calendar year, or requests submitted to an address other than the one posted in this notice.
Please note that the California “Shine the Light” law does not cover all information sharing. Our disclosure only includes information covered by the law.
If you are in the European Union (“EU”), please pay particular attention to the information for EU users in Section 6 below.
If you are in the EU and participate in any comments section on our Sites you may not use a visible user name with your actual first and last name unless they are very common names in your area.
Security Token Academy LLC and its affiliated entities including Crest (collectively, “STA”, “us” or “we”) are committed to protecting your privacy, however we cannot guarantee your privacy. We believe that each individual has a right to make choices about their privacy – including how important their privacy is to them. Therefore, we also believe that privacy protection is a partnership. We will try hard to do our share. But you, as an Internet user must do your part also. You should choose your own desired level of privacy and learn best practices to limit any risks you do not wish to take.
This Privacy Statement describes STA’s information practices, as well as the choices available to you regarding STA’s use of information that can be used to identify you (“Personal Data”) and some things you can do to protect your privacy to your chosen level of protection.
This Privacy Statement addresses STA’s use of information collected through any of our web properties (collectively, the ” Sites”), including www.securitytokenacademy.com and crest.io. Information provided to US on Agreements processed through Docusign or sent by email in digital format is not covered by this Policy. For information collected through the Sites, we will only collect and use information from you as described in this Privacy Statement. We will not sell your data to any third parties; however, we may allow other companies access to certain information, and this policy will explain when and why we do that. Is this true – this does not include renting email lists to others which is covered in section.
If you have any questions about our Privacy Statement, you can contact us at [email protected]
1. WHERE YOUR DATA GOES.
2. THE DATA WE COLLECT; PURPOSE OF COLLECTING IT.
Depending on how you interact with us, we collect different kinds of data and in different ways. Some data is automatically collected if you visit our Sites. Other data is only collected if you actively submit it to us (for example registering, signing up for our email lists, using our web forms to contact with us, or where applicable, uploading content like comments to our Sites).
A. Data we collect if you visit our Sites whether you register or not:
Even if you are only a visitor on one of our Sites, your computer or device automatically sends technical information to our web servers that we store in log files, including the following “Site Usage Data”:
- Date and time of your visit and the duration of your use of the Site;
- The IP address of your device as well as your internet service provider (ISP) – please note this information could be used to identify you if you live in a remote area where there are no other Internet users at a particular location;
- The referral/exit URL;
- The visited pages of the Site;
- Information about the path you take though our Site; and
- Information about your device including: type of device (telephone, computer etc.), browser type and version, settings, installed plug-ins, or operating system.
B. Data we collect only if you submit it to us:
When you interact with us on our Sites, you can submit Data to us in various situations. However, you can choose not to do so, and it is your responsibility, based on your personal comfort level, to choose when to submit this additional, and possibly identifiable information. The Data you may submit includes:
- Account Data: On some of our Sites you can register for an account with your e-mail address and a password you create. You may also be able to create a “User ID” that is different from your real name or your email address. On these Sites, you can create a profile, which may include your Personal Data. This is where it is your responsibility to only enter information which you are comfortable having stored on our Rackspace servers. Some of our sites offer commenting capabilities. Any information you provide in these areas may be read, collected, and used by others who access them with a registered account as well as anyone surfing the community pages as an unregistered user.
- Transaction Data: In relation to any possible purchases you may make online, you are directed to a third-party processor where your contact and billing information, (your name, address, and credit card information) is collected, verified and stored. You can view the exact information required in the form provided at point of purchase. This Data is used to complete your order and for billing purposes. Additionally, the non-personal data about the items or services purchased may be used and/or returned to us by our third-party processor so we may make decisions about what products and services to offer and for internal accounting. We will never have access to your credit card information.
- Customer Support Data: You can communicate with us through the different web-forms on our Sites. For example, you can use the contact forms to request technical assistance, to request to be put on one of our mailing lists (see below), or otherwise reach out to our customer support team. In order to respond to your request, we will collect your contact data, contents of your request and may collect your IP address. We will delete this data as soon as we have complied with your request.
- Survey Data: From time to time we may conduct surveys with respect of our services. Participation in our surveys is optional. However, if you respond to one of our surveys, you may provide us with personal information about yourself. Unless you otherwise consent, we will only use this information to determine the types of products or services that may be of interest to you and to operate and improve our offerings. And of course, you can choose not to participate.
- Email/Direct Mail Campaign Data: We offer informational emails and newsletters. Also, from time to time, we may contact our customers directly by email to inform you about new services, promotions, or special offers from us and from other companies, that you told us you were interested in receiving. If you respond to one of our emails, you may have the option to provide us with additional personal information, which we or our marketing partners will use for the purpose indicated. See Section 5, below for information on how to change your account’s communication preferences.
- Special Third-Party Marketing Programs: We may collaborate with another company to provide you with a special products or services. We do not give or sell our emailing list to other companies, but we may permit our email service to send an email to our email list members on behalf of these third-party companies.
3. SHARING PERSONAL DATA WE HAVE COLLECTED WITH THIRD PARTIES
We treat your Personal Data with care and confidentiality. We only pass it on to third parties to the extent described below and not beyond. As noted above, the Data we “collect” is actually collected, under our instructions by our US based Rackspace servers.
A. Service Providers:
STA arranges to have data transmitted to service providers that enable us to provide our Site and our services. These third-parties include:
B. Third-Party Content Providers:
We use third-party content providers to provide you with advertisements, news and other features geared to your interests and demographics. These advertisers get this information from the automatically collected information listed in Section 2.A. These companies and their privacy policies are listed below.
C. Credit Card Processing Providers:
D. Business Transactions:
In the event STA goes through a business transaction such as a merger, an acquisition by another company, or a sale of all or a portion of its assets to which this Privacy Statement relates, your information will likely be among the assets transferred and, in such case, you will be notified in advance via email and/or a prominent notice on our Sites of such change in ownership or a change in the use of your Personal Data, as well as any choices you may have regarding your Personal Data (including, if applicable, your right to object to such transfer).
E. Public Authorities:
Although we make every effort to preserve user privacy, we may need to disclose personal information when required by law, such as when we have a good-faith belief that such action is necessary to comply with a current judicial proceeding, a court order, or litigation or other legal collect or action (whether or not initiated by STA) to protect STA’s, our users’ or third parties’ rights, property or safety. We will transmit data to public authorities such as law enforcement or tax authorities only in the case of a legal obligation to do so based on a request for information from the respective authority.
4. TIMEFRAME FOR KEEPING DATA
Since we do not store data directly, the timeframe for storage of data is determined by our third-party processors. Please see their privacy policies, which are listed above. Reviewing and Requesting Changes to Your Information
EU users: please refer to Section 5 below for your special statutory rights under the GDPR
California users: please refer to the preface at the top of this policy
Upon request, STA will make a reasonable effort to inform you regarding whether we hold any of your personal information. Customers may update, delete, access, or change their account information by editing their user account records. To update a customer profile, log into the site, and pull down the menu top right. Choose “My Account”. From there you can change your name or country, upload a photo, change your newsletter subscriptions, or your password. or email us at [email protected] We will respond to any requests for access to personal information within 30 days after receipt of such request.
If you have signed up to receive marketing emails from STA, you can opt-out of receiving future marketing emails by following the foregoing process. Customers cannot opt-out of receiving all notification emails related to their STA account, but may change their account settings (as described above) to reduce the frequency or eliminate certain STA notification emails. You can also unsubscribe using the links at the bottom of each email.
5. Information for EU Residents:
A. General Information:
GDPR uses the term data controller for virtually every website owner no matter how small or where located. The owner of our Sites is STA LLC 100 N Sepulveda Blvd, Suite 230, El Segundo CA 90245. Privacy-related questions can be directed to [email protected]
You are not legally required to provide STA with the Personal Data described in this Privacy Statement. However, you might not be able to use our Sites to their full extent if you do not provide us with certain data or if you object to the use of these data.
B. Purpose for Collecting Data:
We have provided the reasons why we collect your Data in Section 2, above.
C. Transferring your Data outside the EU or the EEA:
STA’s principal place of business is in the United States of America, which is a “Third Country” under the GDPR. The EU generally considers that non-member countries do not afford the same level of protection that you enjoy in the EU, but STA still provides an adequate level of protection for your Personal Data, and as a California based company we have done so for a long time.
We have ensured that our service providers and affiliates have either certified under the EU-U.S. Privacy Shield Framework and will collect all Personal Data received from EU member states in reliance on the Privacy Shield Framework or that they have been subjected to contractual provisions in their contract with us to guarantee to us that your data will be protected to an adequate level.
D. User Profiles:
We may use your data for “Profiling”. This means that we use your data to make tailored offers based on your previous behavior as well as to serve you personalized ads. However, we will never collect and analyze your Personal Data in the context of Profiling in a way would lead to an automated decision that has a legal effect on you or significantly impairs you in a similar way.
E. Your rights regarding the collecting of your Personal Data:
As a natural person, you have certain rights as “Data Subject”. You can assert the following rights against us under the GDPR:
- Your right to information and access under Article 15 GDPR,
- Your right to correction under Article 16 GDPR,
- Your right to erasure under Article 17 GDPR,
- Your right to restriction of collecting under Article 18 GDPR, and
- Your right to data transferability under Article 20 GDPR.
- In addition, you have a right of objection to the competent data protection supervisory authority under Article 77 GDPR, (click to find a list of EU member Data Protection Authorities) but only with respect to the data collecting we conduct on our own behalf, as a controller. In the event STA acts as a collector of your data for a third party, you must refer to the entity acting as controller to assert this right.
F. Information about your Right of Objection under Article 21 GDPR:
- Right of objection in individual cases
In addition to the rights already mentioned, you have the right, for reasons arising from your particular situation, to object at any time to the collecting of Personal Data relating to you, which is collected on the basis of Article 6 (1) e) GDPR (data collecting in the public interest) and Article 6 (1) f) GDPR (data collecting on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Article 4 (4) GDPR. If you file an objection, we will no longer collect your Personal Data unless we can prove compelling grounds for the collecting that outweigh your interests, rights and freedoms or the collecting serves to assert, exercise, or defend legal claims. Please also note that, if we terminate the collecting due to your objection, the Sites or Products may no longer be available to you or only to a limited extent.
- The right to object to the collecting of data for advertising purposes
You also have the right to object at any time to the collecting of your Personal Data for the purpose of direct marketing, including any subscription to our newsletters or personalized ads; this also applies to Profiling, insofar as it is associated with such direct marketing. If you object, we will no longer collect your Personal Data in the future. However, we cannot stop collecting automated metadata when you use our system.
The objections can be made by contacting: [email protected] However, this can result in you not being able to use the Site completely.
Another option you may choose is to use a browser with a privacy mode, and remember to use it; and/or delete your cookies regularly.
6. COLLECTING INFORMATION FROM CHILDREN
We are general audience Sites, and do not direct any of our content specifically at children under 13 years of age. We understand and are committed to respecting the sensitive nature of children’s privacy online. If we learn or have reason to suspect that a Site user is under age 13, we will promptly delete any personal information in that user’s account. If you believe a child 13 years of age or younger has submitted personal information to one of our Sites, please contact our Customer Service at privacy [email protected] and inform us of what information may have been submitted and we will take steps to promptly delete such information.
7. THINGS YOU SHOULD DO IF YOU ARE CONCERNED WITH YOUR PRIVACY
We stated at the beginning of this Privacy Statement that we believe in your right to choose your level of privacy security. Not everyone is as concerned about the same things that everyone else, or even other quasi-governmental agencies are concerned about. So, this section lists some things you should do to improve your Internet Privacy. This is not a complete list and we suggest that is Internet privacy is of concern to you that you use your favorite search engine to search on “How to protect your privacy when online,” “Identity theft” or related topics. Privacy violations arise not only from mass data breaches but from careless Internet use by individuals.
- Use an email address that does not contain your last name or location, or even your first name if it is unique.
- Never choose a user name on any site that includes your first and last name, or either if they are uncommon, or your location unless you live in a large city. THINK before choosing a user name.
- Maintain a credit card with a very low limit for ordering online.
- Don’t fill out any profile on a social media website.
- Turn off your device when not in use, and lock it with a secure password.
- Do not reuse any passwords, especially with sensitive sites, like banking or healthcare.
- Turn on private browsing.
- Use a password vault that generates and remembers strong and unique passwords.
- Make up “false” answers when setting up password security questions.
- Use hard-wired Internet connections when possible.
- Get offline.
STA reserves the right to change this Privacy Statement. We will provide notification of the material changes to this Privacy Statement through our Sites at least 30 days prior to the change taking effect.
COOKIE DISCLOSURE STATEMENT
What’s a cookie?
A cookie is a small file (most commonly an alphanumeric text file) that is sent by a site’s server to your computer or other device (e.g., mobile phone or tablet computer) through your web browser and then saved onto your computer or device’s persistent storage medium (e.g., hard drive). A cookie can be a record of your visit to a site, including information such as your User Name, registration information, time of last visit, pages viewed, etc. A cookie created by one site’s servers can be retrieved only by that site’s servers. Thus, information in the STA cookies is not accessible to other sites. This type of cookie is called a “first party” cookie.
There is another type of cookie called a “third party” cookie. If you are using website A, and website A uses the services of website B, and if website B were to leave a cookie on your computer or device, that would be considered a “third party” cookie because you are not using website B directly. Some browsers, for example Internet Explorer, are configured to disallow third party cookies by default.
In order to access STA successfully, your browser must be set to “accept all cookies.” You can later block cookies from other individual sites if you wish.
If your browser is not set to accept cookies, then you can still use the Sites, but only as a visitor. Visitors may not be able to access all Site functions.
We use P3P to allow the use of third party cookies within the family of STA Sites. P3P (Platform for Privacy Preferences Project) is a protocol that allows websites to declare their intended use of information they collect about web browser users. When this is done some of the default restrictions against third party cookies are relaxed. We do this to allow all of our Sites to use a single database of user information, so that once you register with one of our Sites, you will be able to sign in to any of our Sites.
Other cookies that you may receive during your sessions here are from actual Third Party Service Providers. These Third Party Service Providers may use their own cookies in order to serve surveys or premium content on our Sites.
Third party cookie information for emails.
We, or a data provider we have engaged, may place or recognize a unique cookie on your computer or device to enable you to receive customized ads, content or services. No personally identifiable information is placed into these cookies. The cookies may reflect de-identified demographic or other data linked to data you voluntarily have submitted to us, e.g., your email address, in hashed, non-human readable form. To opt-out of these cookies or learn more please go to http://aboutads.info/choices or http://www.networkadvertising.org/choices/
Additionally, emails we send may contain a bit of code known as a “web beacon.” This code allows us to understand the time and date of when a user has opened an email and when he/she has utilized a link within the email to visit a website. Our web beacons do not collect personally identifiable information. Users wishing to disable our web beacons should do so by turning images “off” in their email client (e.g., Outlook, Outlook Express). Please see your email client for more information.
Will the cookies you send me go away?
Some of our cookies are long term, commonly referred to as “persistent” cookies. Persistent cookies stay on your computer or mobile device until they either expire or are deleted. If they weren’t persistent cookies, we’d need to ask you for certain information with each new session, such as your User Name. Some cookies do expire after a shorter period of time and those cookies are commonly known as “session” cookies. Session cookies stay on your computer or mobile device only until you stop browsing, and if you then close your browser the cookie expires at the end of your browsing session. Remember, however, that all cookies are small files and won’t pose any significant disk-space concerns on your computer.
In fact, most of STA cookies expire after 24 hours from their time of issue. Others, such as those required to retain settings you elect (User Name, Password, etc.) will continue to reside on your hard drive for subsequent use by your browser, but are quite small and should not pose any significant disk capacity concern.
You are, of course, free to clear any and all cookies from your hard drive any time you wish; simply search your system for any files named cookie*.* (or similar) and delete these at your discretion. Additionally all major Internet browsers have a feature that allows you to erase or “flush” cookies. This is usually found in the preferences section of your browser. Your browser’s “Help” section should allow you to find this feature.
There are also a number of software and shareware programs available that are designed to periodically purge cookie files from your hard disk. We do not recommend these applications and, as such, cannot address any resulting support issues that may be related to the use of these programs.