We collect data to operate effectively and provide better quality experiences. Below, you will find a list of our products, services, and processes that gather personal data, our purpose and legal basis for processing that information, and who we share that information with.
We collect personal information about you
We collect information about you when you provide it to us by using our services, our websites, and when other sources provide your information to us. We do not ask for any information that is not applicable to standard business operations. We do not sell your information.
Types of personal information we collect
Personal information: We collect names, addresses, telephone numbers, dates of birth, email addresses, credit card account information, education history, purchase history, registration history and other demographic information.
Account set-up and profile information: We collect information about you when you register for any account, modify the account, or contact support for assistance in connection to the account.
Payment information: We collect payment transaction and billing information via a third-party secure payment processing service.
Employment information: We obtain and process personal data about our employees when carrying out and supporting human resource functions and activities. Personal information may be collected when you provide us a resume or application for employment. Employee photos are posted on our internal company website.
Website use: We obtain information about how you use our website and where you have accessed it from.
Electronic Communication: We collect and store email communications. Should you correspond with us electronically, any information you provide in that email will be stored.
Security Cameras: We have security cameras throughout our building. The recorded images are used for security purposes only and kept on a temporary basis.
Written and Electronic Consent: We store certain consents which you have granted us in relation to the processing of your personal information.
Information about Children: We do not collect or use personal information about children (under the age of 16). Children are not eligible to use our websites unsupervised, and we ask that children do not submit any personal information to us. Should a child under the age of 16 use our website, they are required to be under direct supervision of a parent or guardian.
How we use your information
We collect and use your information for purposes of business operation, support, and business improvement. Personal information is used by and shared among Company divisions, subsidiaries, affiliates, agents (i.e. Information Technology (IT) and other professional and nonprofessional services, benefit plan sponsors and administrators, etc.), applicable government organizations and agencies, and third parties as permitted or required by law, regulation or court order. We do not sell your personal data.
We use personal information to exercise our rights and fulfil our contractual and legal obligations.
How your information is shared
Personal information is shared among Company divisions, subsidiaries, affiliates, agents (i.e. IT and other professional and nonprofessional services, benefit plan sponsors and administrators, etc.), applicable government organizations and agencies, and third parties as permitted or required by law, regulation or court order.
We contract with third-party providers and our websites contain links to other sites where personal information may be collected. Therefore, any information you submit, including personal information, may be placed and stored on a computer maintained by a third party. Although, we cannot be held liable for a third-parties use and protection of your information, these third-party providers have agreed to implement technology, security features and strict policy guidelines to safeguard the privacy of your personal information.
Any personal information transferred between the United States and the European Union are to be done only upon consent, and according to stipulated Data Sharing Agreements between the parties in accordance to General Data Protection Regulation (GDPR).
How we secure your information
We have implemented administrative, physical and technical security measures specifically designed to protect your information from loss, theft, misuse, unauthorized access, disclosure, alteration and destruction. Despite our best efforts to protect your personal information, we cannot 100% guarantee the security of your personal information.
Information backup: Backups are kept in a secure location onsite. Tape copies are kept in a secure location offsite.
Electronic communications security: The ability to use SSL-secured communication exists for sharing data within the organization.
Encryption: VPN and file-sharing are done via TLS-secured SSL software. Capability exists to encrypt data as required by the European Union.
Recovery: Backups are completed nightly, with monthly copies sent to a secure location offsite.
Management of data Access credentials: Data is secured via filesystem permissions, with terminated users being immediately disabled.
User profiling: All users are required to have unique credentials tied to their personal profile.
Tracking: All login activities, file access, and database access is audited and tracked.
System logs: All servers retain their logs for a minimum of one year.
Incident management: In the event of a security breach, we will promptly notify you of any unauthorized access to your User Data. We have incident management policies and procedures in place to handle such an event.
Your rights with regard to the data we collect:
As a Data Subject in the European Economic Area, you have the right to request, access, rectify, erase, and restrict how we process your Personal Data. These rights include the ability to review the Personal Data we have in our Information and Communications systems concerning you, the ability to make any corrections to that Personal Data, the ability to be informed of who that data may have been shared with, the ability to request that we erase all of our Personal Data, and the ability to restrict how we Process your Personal Data.
We are required to respond to any of your requests to exercise these above Data Subject rights within 30 days. Should we be unable to comply within 30 days, we will contact you anyway and let you know of any delay.
Exercising Your Rights:
If you want to exercise your rights, you may contact us or our Data Protection Officer at:
Data Protection Officer: Richard Contreras
Address: 110 Regent Street, Suite 500, Salt Lake City, UT 84111
Phone: 801-363-9127 x103
If our legal basis for processing information your information is based on your consent, you may withdraw your consent at any time by contacting our Data Protection Officer at the contact information above and informing him that you withdraw your consent.
Contacting Supervisory Authorities:
If you would like to lodge a complaint against us, you may contact your local supervisory authority. If you have trouble locating a supervisory authority, please contact the Data Protection Officer above and they will help you contact a supervisory authority.
Changes to our privacy statement
We keep this privacy statement under regular review and will place any updates on our website. Paper copies of the privacy statement may also be obtained by contacting our Data Protection Officer at the information above and requesting a paper copy.
This privacy statement was last updated on 7/1/2019.