Veracross Website Privacy Policy

Date created: June 2024

Welcome to Veracross’ privacy policy. Protecting Your Personal Information is our Priority.

We are committed to protecting individuals’ personal information. This Privacy Policy describes how we, Veracross LLC (“Veracross,” “we,” “us,” or “our”) collect Personal `Information, how we protect that information, and how we use it.

This Privacy Policy is provided in a layered format so you can click through to the specific areas set out below. Alternatively, you obtain a pdf version of the policy by contacting us.

Because we offer our services on a global basis we have chosen to use the European Union (GDPR) model, often considered as the strictest model for user transparency, as the format for this policy. Consequently, based on the privacy and data protection laws that apply to you based on the location from which you access our services, you may not necessarily understand the meaning of some of the terms used in this privacy policy, we refer you to our Glossary of terms at the end of this policy to help you make better sense of this document.

1. General Information and Who We Are

Purpose of this Privacy Policy

This Privacy Policy applies to any processing of personal information we collect through our public website (the “Website”).

This Privacy Policy also applies to your use of the Veracross Directory for Admins, version 1.8 mobile application software or the VC Directory (which was last updated on October 7, 2019) mobile application software (collectively, the App) hosted, respectively, on the iOS App Store or the Google Play App Store (App Site), once you have downloaded or streamed a copy of the App onto, as applicable, your iOS or Google Play mobile telephone or handheld device (Device).

It does not apply to any personal information processed in connection with the services that we provide through our platforms and related websites and apps (collectively, our “Services”) to our clients, educational or other institutions (our “Customers”).

In our processing of Personal Information in connection with Services we provide to our Customers, we act as a data processor under applicable data privacy laws, and in that context our Customers act as data controllers on behalf of which we process data for purposes of the Services. When we act as data processor our processing of data isn’t governed by this Privacy Policy but by our Data Processor Addendum or other data processing terms in place between Veracross and each Customer. For more information on our processing as a data processor, please contact the educational or other institution that collected your Personal Information in connection with the Services.

By accessing and using our Website and App, you agree that you have read and understand this Privacy Policy and you consent to the privacy practices (and any uses and disclosures of information about you) that are described in this Privacy Policy. Please read carefully this Privacy Policy together with any other privacy notice we may provide on specific occasions when we are collecting or processing Personal Information about you so that you understand how we collect, share, and protect your information. This Privacy Policy supplements other notices and privacy policies and is not intended to override them

Controller

This Privacy Policy is issued on behalf of Veracross LLC, a Massachusetts limited liability company, with offices located at 401 Edgewater Place, Suite 360, Wakefield, MA 01880.

We have appointed a data protection officer who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact our data protection officer using the contact information set out at the end of this policy.

If you are based in the UK or in the European Union, please note that you have the right to make a complaint at any time to your national supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the regulator, so please contact us in the first instance.

Children

Our Website and App are not intended for visitors under 18 of age. No one under 18 may provide any Personal Information to or on the Website or App. We do not knowingly collect personal information from children. If you are under 18, do not use or provide any information on this Website or on the App, or through any of their respective features, or provide any information about yourself to us, including your name, address, telephone number, or email address. If we learn we have collected or received Personal Information from a child, we will delete that information. If you believe we might have any information from or about a child, please contact us at privacy@veracross.com.

Changes to the Privacy Policy and your duty to inform us of changes

We keep our Privacy Policy under regular review. This version was last updated in June 2024. Historic versions can be obtained by contacting us.
It is important that the Personal Information we hold about you is accurate and current. Please update it or keep us informed if your Personal Information changes during your relationship with us.
This Privacy Policy uses the term “Personal Information” to refer to any information about a person or a household (as applicable based on the privacy laws that apply to your Personal Information) that can be used to identify them or to distinguish them from other people. It does not include information where the identity has been removed (anonymous data). Personal Information includes the categories listed under “Information We Collect” below.

We may provide links within our Website and publicly accessible App to the sites or services of third parties. We are not responsible for the collection, use, monitoring, storage, or sharing of any Personal Information by such third parties, and we encourage you to review those third parties’ privacy policies and to ask them questions about their privacy practices as they relate to you. This Privacy Policy does not apply to the practices of companies that we do not own or control, or to people whom we do not employ or manage. Similarly, this Privacy Policy does not affect any of the privacy policies, terms, and/or agreements between our Customers and their students and parents. We encourage you to review the privacy policies of websites you choose to link to from ours so that you can understand how those websites collect, use, and share your information.

2. The Information We Collect About You

We may collect, use, store and transfer the following categories of Personal Information from our Website users:

  • Identity Data includes your first and last name.
  • Contact Data includes business phone number, email address, postal address (street address, city and state.
  • Employment and Education Data includes your CV information (job applicants), job title, and employer name.
  • Financial Data includes your credit card and bank account information
  • Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.
  • Social Media Data includes information associated with your use of social networks 
  • Technical Data includes internet or other electronic network activity information, including, but not limited to, information about your browser, software, equipment, IP address, domain names, access times, browsing history, search history, and information regarding your interaction with an internet website, application, cookie, or advertisement. For users of our mobile applications, we automatically collect information on the type of device you use and operating system version.

From our App users we may collect, use, store and transfer the above categories as well as the following categories of Personal Information:

  • Device Data includes the type of mobile device you use, mobile network information, your mobile operating system, and the type of mobile browser you use

For information about the categories of Personal Information about you that we collect or otherwise access as a data processor for purposes of our Services to our Customers, please contact the Customer institution on behalf of which we process your Personal Information.

If you fail to provide Personal Information

Where we need to collect Personal Information by law, or under the terms of a contract we have with you, and you fail to provide that information when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our Services). In this case, we may have to cancel a Service you have with us but we will notify you if this is the case at the time.

3. How We Collect Your Personal Information

We use different methods to collect information from and about you including through:

  • Direct interactions. You may give us your Identity, Contact, Marketing and Communications, Employment and Education, and Social Media Data by filling in forms or by corresponding with us by post, phone, email, through our social media accounts, fax, or otherwise. This includes Personal Information you provide when you:
    • download or install our App.
    • request a demo of our software.
    • register for or watch previous trainings, webinars, or events.
    • apply for one of our available positions at Veracross.
    • apply to become one of our Partners.
    • log into your account on our Service or visit our Website or App
    • subscribe to our Blog.
    • request marketing to be sent to you.
    • contact account or customer service teams for support.
    • request more information about our Services; 
    • use our VCPay payment functionality when purchasing one of our Services; or 
    • otherwise contact us.
  • Automated technologies or interactions. As you interact with our Website, App, and Services, we will automatically collect Device and Technical Data about your equipment, browsing actions and patterns. We collect this Personal Information by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please reference our cookie policy which was presented to you upon accessing the Website.
  • Third parties or publicly available sources. We will receive Personal Information about you from various third parties as set out below:
    • Technical Data from analytics providers such as Google Analytics, Google Data Studio and Pendo based outside the EU.
    • Identity, Contact, Marketing and Communications, and Technical Data from the following categories of third parties based outside the EU:
      • providers of survey services such as Survey Monkey, and Microsoft Forms
      • providers of inbound marketing such as HubSpot, Campaign Monitor and Pardot
      • advertising networks such as Google Ads (including Google Data Studio)
    • Identity and Contact Data from your school’s public website
    • Identity and Contact Data from our affiliated companies of the Veracross group of companies
    • Identity and Contact Data from our registered Partners 
    • Identity, Contact, and Marketing and Communications Data from our interactions with you when we communicate with you via communications tools such as Zoom
    • Identity and Contact Data from industry associations when we exhibit at a conference which you have attended
    • If you are based in the United States, Identity and Contact Data about you we have obtained from data brokers
    • Identity and Contact Data from our Customers that engage our Services
    • Identity and Contact and Financial Data from providers of payment services, such as Bluesnap, Stripe, Authorize.net (VISA), Intuit, Network Merchants, and Spreedly based inside and outside the EU.

When we provide our Services, we collect individuals’ information under the direction of contracted educational or other institutions (our “Customers”). We process that information as a service provider for our Customers through our Services. We have no direct relationship with the individuals whose Personal Information we process through our Services. Any Personal Information about individuals that we collect on behalf of our Customers is used solely for the business purpose for which our Customers provide the information, and we will promptly comply with Customers’ requests to provide, correct, or remove information, in compliance with applicable law.

When you use our Website or App, whether you are an employee of a Customer, an individual with whom we interact on behalf of our Customer, or any other individual, we may collect the categories of information listed above from you directly through your interaction with the Website or App.

4. How We Use Your Personal Information

We will only use your Personal Information when the law allows us to. Most commonly, we will use your Personal Information in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you or the Customer on behalf of whom we process your Personal Information to provide our Services.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal obligation

Click here to find out more about the types of lawful basis that we will rely on to process any Personal Information that we collect directly from you.

Generally, we do not rely on consent as a legal basis for processing your Personal Information although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

When we obtain your Personal Information through one of our Customers we will only use that information for purposes of our Services to that Customer, on the Customer’s behalf, and in accordance with our contract with such Customer.

Purposes for which we will use your Personal Information

We have set out below, in a table format, a description of all the ways we plan to use your Personal Information collected from our Website and, if you are based in the European Union or the UK, which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest
To install the App and logging you in as an App user Identity

Device

Performance of a contract (to give right to the contract we have signed the school on whose behalf we process your Personal Information for purposes of our Services)
To manage our relationship with you which will include notifying you about changes to our terms of use or our privacy policy Identity

Contact

Necessary to comply with a legal obligation (to inform you of any changes to our privacy policy)
To enable you to complete a survey regarding our services Identity

Contact
Device

Marketing and Communications

Technical

Necessary for our legitimate interests (to study how customers use our services)
To administer and protect our business and our Website and App (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) Identity

Contact
Device

Technical

Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise)
To deliver relevant Website or App content to you Identity

Contact
Device

Technical

Necessary for our legitimate interests (to study how customers use our services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our Website, App, Services, marketing, customer relationships and experiences Device
Technical
Necessary for our legitimate interests (to define types of customers for our services, to keep our Website and App updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about services that may be of interest to you Identity

Contact
Device

Marketing and Communications

Technical

Necessary for our legitimate interests (to develop our services and grow our business)
To process your application as a partner with us Identity

Contact

Performance of a contract with you or in order to take steps at your request prior to entering into a contract with you
To respond to your inquiries related to employment opportunities Identity

Contact

Employment and Education

Performance of a contract with you or in order to take steps at your request prior to entering into a contract with you
To process your payment for our Services using our VCPay functionality Financial 

Contact

Identity

Performance of a contract

 

Marketing

We strive to provide you with choices regarding certain Personal Information uses, particularly around marketing. We have established the following Personal Information control mechanisms:

Promotional offers from us

We may use your Identity, Contact, Technical, and Social Media Data to form a view on what we think you may want or need, or what may be of interest to you, in which cases we rely on our legitimate interests under the GDPR. This is how we decide which services and offers may be relevant for you. 

You will receive marketing communications from us if we believe you would find an interest in receiving information about our Services, if you have requested information from us or purchased services from us, and you have not opted out of receiving that marketing.

Third-party marketing

We will get your express opt-in consent before we share your Personal Information with any company outside our company for their own marketing purposes.

Opting out

You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you.

Where you opt out of receiving these marketing messages, this will not apply to Personal Information provided to us as a result of a Service purchase, support experience or other transactions.

Change of purpose

We will only use your Personal Information for the purposes for which we collected it. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your Personal Information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your Personal Information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

5. How We Share Your Personal Information

We may share Personal Information with the categories of third-party service providers set out below for the business purposes listed in the tables above. 

  • Other companies within the Veracross Group, acting as joint controllers or as processors, based in the UK, the U.S., and Australia, who may use your Personal Information for their own marketing purposes. 
  • Our “IT” Service Providers, such as Amazon Web Services, Salesforce.com, Microsoft, Zoom, Pendo, Atlassian, Groove.co, Docusign, Citrix Sharefile, acting as processors based in the United States who provide data hosting services, data analytics services, CRM services, email or telecommunication services, or support services to our Customers.
  • Our “Marketing” Service Providers, such as Pardot, Google, WordPress, Salesforce, LinkedIn, Pendo, Veracross Composer, and Groove, acting as processors and based in the U.S., who provide relevant shortform and longform content, webinar content, sales promotions, product announcements and general information via email, digital advertising and our websites to our prospects and customers on our behalf.
  • Our “Recruitment” Service Providers, such as Workable, Remote.com, and VerifiedFirst, acting as processors based in the United States, who provide us with services in connection with fulfilling our available positions at Veracross.
  • Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors, and insurers based in the United States who provide consultancy, banking, legal, insurance and accounting services.
  • Other third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.

We may share data with our trusted partners to help perform statistical analysis, send you email or postal mail, provide customer support, or arrange for deliveries. 

All such third-party service providers and Veracross affiliates with whom we may share your Personal Information are prohibited from using your Personal Information, except to provide these services to us, and they are required to maintain at least the same level of privacy protection that we maintain for your information.

We will disclose Personal Information, without notice, only if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the law or comply with legal process, such as a subpoena, served on us or the site; (b) protect and defend our rights or property; (c) act under necessary circumstances to protect the personal safety of users, or the public; and (d) in certain situations, we may be requested to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If we are involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Website of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.

Cookies and other tracking technologies

We use cookies or similar technologies to analyze trends, administer the Services and Website, track our users’ movements around the Services and Website, and to gather demographic information about our Services’ and Website user base as a whole. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on our Services or Website. You can obtain a list of cookies by contacting us at privacy@veracross.com.

Advertising

We sometimes collaborate with a third party, such as Google in Australia and in the United States, to display advertising on our Website or to manage our advertising on other sites. Our third-party partner may use cookies or similar technologies in order to provide you advertising based upon your browsing activities and interests. If you wish to opt out of interest-based advertising click here or if located in the European Union click here.

6. International Transfers

We largely operate in the United States (“U.S.”), and therefore, if you reside outside of the U.S. you understand and agree that your Personal Information may be transferred to, stored or processed in, the U.S. by us and our third-party hosting providers. Furthermore, you understand that U.S. law may not afford the same level of protection to personal information as those afforded in your country. Personal Information may be transferred for the performance of a contract or as required for the implementation of pre-contractual measures taken at your request or to establish or exercise our legal rights.

EEA, Swiss and UK residents

Whenever we transfer your Personal Information out of the European Economic Area (“EEA”), Switzerland or the UK, we ensure a similar degree of protection is afforded to it by using specific contracts approved by the European Commission or the UK Government (as applicable) which give Personal Information the same protection it has in Europe or the UK (as applicable). For further details, see European Commission: Model contracts for the transfer of personal data to third countries and UK International data transfer agreement and guidance.

Canadian Residents

Please note that we may process, store, and transfer your personal information in and to a foreign country, with different privacy laws that may or may not be as comprehensive as Canadian law. In these circumstances, the governments, courts, law enforcement, or regulatory agencies of that country may be able to obtain access to your personal information through the laws of the foreign country. Whenever we engage a service provider, we require that its privacy and security standards adhere to this policy and applicable Canadian privacy legislation.

If you want further information on the specific mechanism used by us when transferring your Personal Information out of the EEA, Switzerland, or the UK, please contact us.

EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework

Veracross LLC and its US subsidiaries, Magnus Health, LLC, and Digistorm, LLC, comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Veracross LLC and its US subsidiaries, Magnus Health, LLC, and Digistorm, LLC, have certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.  Veracross LLC and its US subsidiaries, Magnus Health, LLC, and Digistorm, LLC, have certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/

Veracross LLC and its US subsidiaries, Magnus Health, LLC, and Digistorm, LLC, is responsible for the processing of personal data it receives, under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, and subsequently transfers such personal data to a third party acting as an agent on its behalf.  Veracross LLC and its US subsidiaries, Magnus Health, LLC, and Digistorm, LLC, comply with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF Principles for all onward transfers of personal data from the EU, the UK, and Switzerland, respectively, including the onward transfer liability provisions.

The Federal Trade Commission has jurisdiction over Veracross LLC’s and its US subsidiaries, Magnus Health, LLC, and Digistorm, LLC, compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. In certain situations, Veracross LLC and its US subsidiaries, Magnus Health, LLC, and Digistorm LLC, may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Veracross LLC and its US subsidiaries, Magnus Health, LLC, and Digistorm, LLC, commit to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals and Swiss individuals with inquiries complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Veracross LLC at privacy@veracross.com.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Veracross LLC and its US subsidiaries, Magnus Health, LLC, and Digistorm, LLC, commit to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

 

7. Data Subject Rights

Under certain circumstances, you have rights under data protection laws in relation to your Personal Information. 

Please see the glossary below to find out more about these rights:

  • request access to your Personal Information.
  • request correction of your Personal Information.
  • request erasure of your Personal Information.
  • object to the processing of your Personal Information.
  • request restriction of processing your Personal Information.
  • request transfer of your Personal Information.
  • right to withdraw consent.

We will process your request within the time provided by applicable law.

We will not discriminate against you for exercising your data subject rights.

You will not have to pay a fee to access your Personal Information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

Exercising Your Data Subject Rights

The following section only applies to you if we collect and process your Personal Information directly and for our own purposes, not on behalf of our Customers for purposes of the Services we provide to you on their behalf. If we collect and/or otherwise process your information this section does not apply to you and we ask that you please direct any request to exercise your data subject rights to the data owner / controller on behalf of which we process your Personal Information for purposes of our Services. 

If we collect and process your Personal Information directly and for our own purposes, you may submit a request to exercise your data subject rights by sending an email via the link below: privacy@veracross.com

Individuals who submit requests to exercise data subject rights will be required to verify their identity by answering certain questions. We cannot process data subject rights requests until your identity is verified. This is a security measure to ensure that Personal Information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

If you are making a request for access, we may not be able to provide specific pieces of Personal Information if the disclosure creates a substantial, articulable, and unreasonable risk to the security of your Personal Information, your account with us, or our systems or networks.

If you are making a request for erasure of Personal Information, we will ask that you confirm that you would like us to delete the Personal Information again before your request is processed.

You may designate an authorized agent to submit a request on your behalf by providing that agent with your written permission. If an agent makes a request on your behalf, we may still ask that you verify your identity directly with us before we can honor the request.

Agents who make requests on behalf of individuals will be required to verify the request by submitting written authorization from the individual. We will not honor any requests from agents until authorization is verified.

If you are seeking to access, correct, or delete information on our Services, we may refer your request to the Customer (your educational or other institution).

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

California Residents

If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. To learn more about your California privacy rights, visit [here].

Nevada Residents

Nevada residents who wish to exercise their sale opt-out rights under Nevada Revised Statutes Chapter 603A may submit a request to this designated address: privacy@veracross.com. However, please know we do not currently sell data triggering that statute’s opt-out requirements.

Virginia Residents

Virginia residents who wish to exercise their right under the Virginia Consumer Data Protection Act (VCDPA) to opt out of the processing of their personal data for targeted advertising, personal data sales, or automated decision-making, including profiling, may submit a request to this designated address: privacy@veracross.com. However, please know we do not currently sell personal data triggering that statute’s opt-out requirements.

8. Data Retention

We will retain your information that we have collected for our own business purposes, to provide you with services, for as long as your account is active, or as needed, to provide you with the services.

If we have obtained your Personal Information on behalf of one of our Customers we will retain that Personal Information for as long as needed to provide services to our Customer.

We will retain and use this Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

To determine the appropriate retention period for Personal Information, we consider the amount, nature and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

In some circumstances you can ask us to delete your data: see [data subject rights] above for further information.

In some circumstances we will aggregate your Personal Information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Testimonials

We display personal testimonials of satisfied customers on our site in addition to other endorsements. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us using the contact information listed at the end of this Privacy Policy.

9. Security of Your Personal Information

We maintain physical, electronic, and procedural safeguards designed to help secure our platform and your Personal Information, and to assist us in preventing unauthorized access, use, disclosure, loss, alteration, and destruction of that information. When you enter sensitive information or login to our portal, we encrypt the transmission of that information using Transport Layer Security (TLS) . Nevertheless, no set of security safeguards is guaranteed to be impenetrable. We cannot and do not guarantee that communications to or from our Websites or Services, or that data transmitted or stored on or through our Websites or Services, are or will be totally secure from unauthorized access, use, disclosure, loss, alteration, or destruction by third parties.

We have put in place procedures to deal with any suspected personal data breach and will notify you (with respect to any Personal Information we collect directly from you and which we process as a controller) or our Customer (with respect to any Personal Information relating to you which we process on behalf of such Customer for purposes of our Services) and any applicable regulator of a breach where we are legally required to do so.

If you have any questions about the security of your Personal Information, you can contact us using the contact information listed at the end of this Privacy Policy.

Social Media

Our Website may include social media features, such as a Facebook button and widgets, the Twitter button or interactive mini-programs that run on our Website. These features may collect your IP address, track which pages you are visiting on our Website, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our Website. Your interactions with these features are governed by the privacy policy of the company providing these features.

Changes to this Policy

We will occasionally update this Privacy Policy to reflect company and customer feedback. We encourage you to review this policy periodically to be informed of how we are protecting your information.

This Privacy Policy was last updated: September 15th, 2023

Contact Information

We welcome your questions, concerns, or comments regarding this Privacy Policy. Please contact us using the contact information listed below.

Veracross LLC
Attn: DPO & CISO
401 Edgewater PlaceSuite 360
Wakefield, Massachusetts 01880

Email Address: privacy@veracross.com

10. Glossary

LAWFUL BASIS

Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your Personal Information for our legitimate interests. We do not use your Personal Information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

Performance of Contract means processing your data where it is necessary for the performance of a contract to which you or the Customer on behalf of whom we process your Personal Information to provide the Services, are a party or to take steps at your request before entering into such a contract.

Comply with a legal obligation means processing your Personal Information where it is necessary for compliance with a legal obligation that we are subject to.

Consent means any freely given, specific, informed and unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, signify agreement to the processing of Personal Information relating to you.

You have the right to:

Request access to your Personal Information (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Information we hold about you and to check that we are lawfully processing it.

Request correction of the Personal Information that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Request erasure of your Personal Information. This enables you to ask us to delete or remove Personal Information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your Personal Information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing of your Personal Information. This enables you to ask us to suspend the processing of your Personal Information in the following scenarios:

  • If you want us to establish the data’s accuracy.
  • Where our use of the data is unlawful but you do not want us to erase it.
  • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
  • You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Request the transfer of your Personal Information to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your Personal Information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.

When your Personal Information was collected by any of our Customers and processed by us on behalf of such Customers please contact your educational institution to exercise any of the above rights.