1. OUR COMMITMENT TO YOUR PRIVACY
We process your personal data for the following purposes:
2. WHAT IS PERSONAL DATA?
Personal data means any information relating to you that directly or indirectly may be used to identify you (and/or other individuals), for example your name and your e-mail address, but also information such as your IP address and your user behavior when using the website. Most of the personal data we process about you is information that you have chosen to provide us with regarding yourself in different situations, and that we collect on our website www.innovativeotsolutions.com or that we receive from a third party, such as your employer or your occupational therapist.
3. FOR WHAT PURPOSES DO WE PROCESS YOUR PERSONAL DATA AND WHY DO WE DO IT?
Most of the personal data that we process about you is information that you have chosen to provide us in different situations; normally in your capacity as one of our customers, or as a consultant or representative of one of our customers or business partners. It may also be the case that you are an occupational therapist who is completing a rater training and certification course for one of CIOTS assessment tools, and in that capacity, provide us with personal data regarding the people who agreed to be tested by you to fulfil the requirements for rater certification (read more below).
We also collect personal data when you, or the entity that you represent, purchase, download or sell products and/or services from or to us, visit our website or interact with us in any other way. We may collect personal data from your employer, company and/or institution, e.g. when someone registers you for one of our courses.
We may collect the following information from you, depending on different situations:
- Name, address, telephone number and/or e-mail address.
- Log-in credentials, if you register a user account through our website(s).
- Information about your purchases or other transactions.
- Information about your customer service or maintenance interactions with us.
- Information about your professional role, such as your job title or professional affiliation.
- Pseudonymized personal data that we receive for rater certification, i.e. age, gender, general diagnostic category (if any), and test scores of the people you test using one of CIOTS assessment tools.
- Personal data you provide to us in connection with any course registration process, for example, your educational and work experience, prerequisite knowledge or any pre-assessment you complete.
- Any other personal data that you choose to directly provide to us in connection with your use of our products or services or when you somehow interact with us, e.g. user-generated content that includes personal data.
Please note, we will never ask for your social security number or other government-issued identification number.
When you shop on or download from our website
Purpose: (1) To administer or complete your requests, quotes, downloads or purchases; (2) to fulfil our obligations to you or to the customer you represent; (3) to send you information in connection with the products or services purchased; and (4) to respond to your communications and requests in this regard.
Personal data processed:
If you act in your own capacity, the processing is necessary to fulfil a contract with you and take steps at your request prior to entering into such contract. If you do not provide us with necessary personal data, we are not able to complete the relevant contract, or may only do so with delay.
If you act in the capacity as a representative for someone else, the processing is based on our legitimate interest in administrating your request, to be able to communicate with you and to enter into a contract with the entity you represent.
The processing is further necessary for our legitimate interest in keeping information regarding granted licenses, your relevant purchase history or the purchase history of the entity that you represent, in order to administer granted licenses as well as provide you with relevant information about, for example, updates, revisions or new releases of the purchased or otherwise downloaded products.
When you sign up for one of our courses — online or in-person.
Purpose: (1) To manage and process in-person and online courses, including but not limited to tracking attendance, progress and completion; or administering exams, projects and other assignments, e.g. rater certification, to confirm that you are abiding by the applicable rules or requirements; and (2) to provide services to you that you request in conjunction with the in-person and online courses.
Personal data processed:
The processing is necessary to fulfil a contract with you or in order to take steps at your request prior to entering into a contract. If you do not provide us with necessary personal data, we are not able to give you the relevant product or service.
In addition, the processing is further necessary for our legitimate interest in (a) keeping information regarding certified users of our OTAP software in order to administer certifications, issue OTAP software licenses, provide you with relevant information about your certification and OTAP license; and (b) protecting our certifications and software from abuse or similar.
When you sign up for newsletters or campaign offers
Purpose: (1) To contact you by e-mail, postal mail, or phone (including via SMS messages) regarding CIOTS products, services, surveys, research studies, promotions, special events and other topics that we think may be of interest to you; (2) to customize the content we provide through our products and services; (3) to help us better understand your interests and needs, and improve our products and services; and (4) to engage in analysis, research, and generating of reports regarding the use of our products and services.
Personal data processed:
For personally adapted recommendations, offers and communications, we also process this personal data:
Your consent or our legitimate interest. If you want information about our software, services, courses or offers, you can sign up for our newsletters or personally adapted recommendations, offers and communications. You can withdraw your consent at any time, and we will stop sending you newsletters or personally adapted recommendations, offers and communications.
If you have recently purchased or downloaded one of our products, we can send you newsletters and/or personally adapted recommendations, offers and communication based on our legitimate interest in marketing our products and services. You have the right to object to such marketing (including objecting to profiling) at any time and we will stop sending you newsletters or personally adapted recommendations, offers and communications.
When you visit our website
Purpose: (1) To perform customer and market analysis, and (2) to evaluate our products and services in order to help us better understand your interests and needs and to develop and improve our products and services, and communication with our customers.
Personal data processed:
The processing is necessary for the purposes of our legitimate interest of evaluating, developing and improving our website, products, software, courses and services.
You can read more about how we collect information through automated means below in Section 4.
When you are a person who agreed to be tested by an occupational therapist who uses the OTAP Software in the process of fulfilling the requirements for rater certification in one of CIOTS assessment tools
Purpose: (1) To fulfil our obligations towards our occupational therapist customers who have purchased a license to the OTAP Software, and (2) to evaluate the quality of and improve the OTAP Software.
Personal data processed:
Your consent, when you agreed to be tested by your occupational therapist who participated in a CIOTS course and is in the process of completing rater certification. The processing is necessary for the purposes of our legitimate interest of fulfilling our contracts with our customers, i.e. to verify that the occupational therapist is using the assessment tool in a valid and reliable way.
Note. Processing during rater training and certification is performed in accordance with the security measures outlined in the Data Processor Agreement (DPA) with your occupational therapist who, during rater certification, will become the data controller of rater data. You can read our general DPA that we normally enter into with European Union/European Economic Area (“EU/EEA”) occupational therapists at our website: http://raters.innovativeotsolutions.com/documents/ciots-dpa.pdf.
When we process data in order to comply with legal obligations
Purpose: To comply with legal obligations.
Personal data processed:
The processing is necessary in order for us to comply with legal obligations we are subject to. If the information is not processed, we are unable to comply with our legal obligations and will therefore be forced to deny your purchase.
Purpose: To prevent and investigate abuse of our services or potential violation of law.
Personal data processed:
The processing is necessary for the purpose of our legitimate interest of protecting our IT environment and our products and services from attacks and intrusions and other abuse.
4. INFORMATION WE COLLECT THROUGH AUTOMATED MEANS
A cookie is a small file that asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyze web traffic or lets one know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyze data about web page traffic and improve our website in order to tailor it to customer needs.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
We also may use these technologies to help us determine and identify repeat visitors, the type of content and sites to which a user of our website(s) links, the length of time each user spends at any particular area of our website(s), and the specific functionalities that users choose to use.
We use third-party web analytics services (e.g. Google Analytics) on our website(s) to collect and analyze usage information through cookies and similar tools; engage in auditing, researching or reporting; assist with fraud prevention; and provide certain features to you. We also provide a limited amount of your information (such as your e-mail address and order history) to our marketing agency partners so that they can analyze website usage and send marketing communication on our behalf, that allows us to improve our products, e.g. courses, books and services.
We may also use third-party eCommerce platforms (e.g. WooCommerce) as a medium to deliver a digital shopping experience; customer relationship management (CRM) software (e.g. Keap) as a medium for communications, either through e-mail, or through messages about our products and service(s); credit card processors/gateways (e.g. Stripe); software usage providers (e.g. Google Analytics); financial services (e.g. independent accountants, tax preparers, bookkeepers, and QuickBooks); independent contractors (e.g. team members in marketing, management, software development); and CRM Add-Ons (e.g. BitBucket).
We may allow third-party companies, including advertising companies (e.g. Google, Facebook, Instagram), to place cookies on our website. These cookies enable such companies to track your activity across various sites where they display ads and record your activities so they can show ads that they consider relevant to you as you browse the Internet. These cookies store information about the content you are browsing together with an identifier linked to your device or IP address.
These cookies also allow us and third parties to know whether you have seen an ad or a type of ad, and how long it has been since you have last seen it. This information is used for frequency capping purposes, to help tailor the ads you see and to measure the effectiveness of ads. Most web browsers allow you to view, disable or delete cookies, accept or reject cookies, and notify a user each time a cookie is offered.
Do Not Track Signals
Currently, we do not monitor or take any action with respect to web browser signals or other mechanisms for the expression of choice regarding collection of information about an individual over time and across third-party web sites or online services, e.g. web browser “do not track” signals.
5. AGGREGATED/ANONYMOUS DATA
We may aggregate and/or anonymize any personal data that we process so that such data can no longer be linked to you or your device (“Aggregate/Anonymous Information”). If so, the Aggregate/Anonymous information does not contain personal data anymore, nor does the information constitute personal data from such point forward. We may process Aggregate/Anonymous Information for any purpose, including without limitation for scientific research purposes or statistical analyses of usage of our websites, products, and services; and we also may share such information with third parties, including advertisers, promotional partners, and sponsors.
6. RETENTION OF YOUR PERSONAL DATA
The same type of personal data may be processed for different purposes and based on different legal grounds, for example, processing that is based on our obligations to fulfil a contract with you, based on our legitimate interest or based on your consent. This means that certain personal data may be deleted from one system because it is no longer necessary for one purpose, e.g. marketing, but still be stored in another system based on your consent or for another purpose for which the personal data still is necessary, e.g. rater training and certification. In some cases, the cookies we use, that you can read more about in Section 4, may include personal data.
For you who have registered an account with us, we will process your personal data until you unregister your account with us or ask us to delete certain data. If you take a rater training and certification course for one of our assessment tools, we will retain the minimal amount of your personal data to maintain your certification records unless you request that we unregister your account and delete your data. Deleting your account will mean that you are no longer eligible to purchase license renewals for our OTAP software. Personal data that we process in connection with your purchases or downloads from our website or participation in one of our courses, and in order to administer and fulfil our obligations to you, your employer or the entity that you represent under a contract, will be processed for as long as CIOTS has responsibilities or may enforce rights under that contract. If you have made a cancellation, claim or warranty request, we will process your personal data for as long as the process regarding the cancellation, claim, or warranty request is active.
When we process personal data because of your communication with us, e.g. support and service matters, the processing will continue until your support or service matter has been completed. In some cases, we may retain your communication with us in a support matter to help us support you in the future and to follow up on your support matter. If so, we will not process your personal data for longer than one-hundred-and-eighty-days (180) days after your support matter was completed.
Your personal data may be stored longer than the above, to the extent we are required to do so by law, regulation or decisions made by authorities. For example, for bookkeeping/accounting, we may store personal data in accordance with applicable legislation.
7. HOW WE SHARE AND DISCLOSE YOUR INFORMATION
CIOTS will share your information in the following ways:
- Service Providers. We provide access to or share your information with operations and maintenance contractors, like Talent LMS, and other third parties that perform services on our behalf. They have access to perform these services but are prohibited from using your information for other purposes. They provide a variety of services to us, including billing, sales, marketing, product content and features, advertising, analytics, research, customer service, data storage, security, fraud prevention, payment processing, and legal services.
- Educational Institutions and Partners. If you are taking a course sponsored or associated with an educational partner, e.g. a university, we may share, with your consent, information about you and your performance with the educational partner, including to report on your progress in rater training and certification. Information shared with our educational partners will be subject to the privacy policies and procedures of such partners.
- Business Partners. With your consent, CIOTS may share information that can be used to directly connect you with third party business partners, such as companies that may be offering products or services or other opportunities that may be of interest to you.
- Business Transfers. As we continue to develop our business, we may buy, merge, or partner with other companies. In such transactions (including in contemplation of such transactions), user information may be among the transferred assets. If a portion or all of CIOTS assets are sold or transferred to a third party, customer information (including your e-mail address) would likely be one of the transferred business assets. If such transfer is subject to additional mandatory restrictions under applicable laws, CIOTS will comply with such restrictions.
- Aggregate/Anonymous Information. From time to time, CIOTS may share Aggregate/Anonymous Information about use of our services, such as, but not limited to publishing a report on usage trends or survey results, completion rates, success rates, and other demographic information provided to us by our clients. The sharing of such data is unrestricted.
8. TRANSFER OF PERSONAL DATA
CIOTS stores personal data on servers located in the United States. By using our services, you consent to the storage of your information inside the United States. If you are using our products and services from outside the United States and the European Union, please be aware that the information you submit will be transferred to and stored in servers in the United States, not part of the EU/EEA. The data protection and other laws of the United States might not be as comprehensive as those in your country. By submitting your data and/or using our services, you acknowledge the transfer, storing, and processing of your information in and to the United States.
As described above, CIOTS also may subcontract the processing of your data to, or otherwise share your data with, service providers and subprocessors in countries other than your country of residence, including the United States, in accordance with applicable data protection law. Such third parties may be engaged in, among other things, the provision of services to you, the processing of transactions or the provision of support services. By providing us with your information, you acknowledge any such transfer, storage, or use.
We ensure an adequate level of protection for the personal data by adhering to applicable data protection legislation. If someone else provides us with your personal data, the transfer from the EU/EEA and the following processing will be subject to the European Commission’s Standard Contractual Clauses (processors) (2010/87/EU) (the “SCC”). We ensure that our subprocessors from outside the EU/EEA are subject to the same obligations as CIOTS in this regard.
If you want more information about how we transfer your personal data, please contact us at the address below.
9. DATA SUBJECT RIGHTS AND YOUR CHOICES
You may have certain rights with respect to your personal data as further described in this section. If you would like further information in relation to your legal rights under applicable data protection law or would like to exercise any of them, please contact us using the “CIOTS Contact Information” below.
Your local laws, such as in the European Union, may permit you to request that we:
- Provide access to and/or a copy of the personal data we hold about you.
- Prevent the processing of your personal data for direct-marketing purposes (including any direct marketing processing based on profiling).
- Update the personal data that is out of date or incorrect.
- Delete certain personal data that we are processing about you.
- Restrict the way that we process and disclose certain of your personal data.
- Transfer your information to a third-party provider of services, where technically feasible.
- Revoke your consent for the processing of your personal data.
In addition to the legal rights above, you always have the right to lodge a complaint to the relevant Data Supervisory Authority regarding our processing. Please note that the relevant Supervisory Authority for you may differ between different countries and applicable data protection law.
CIOTS sometimes processes pseudonymized rater data, i.e. data for people who (a) agreed to be tested by an occupational therapist who is completing the certification process in one of CIOTS assessment tools, and (b) agreed for that occupational therapist to send such pseudonymized data to CIOTS for the purpose of ensuring that the occupational therapist is using the assessment tool in a valid and reliable way. If your pseudonymized data are being processed by CIOTS and, to the extent that you are exercising any of your legal rights regarding that pseudonymized data, you must provide us with information so that we can identify you and the data about you that we are processing. That may require additional information from your occupational therapist to enable CIOTS to identify you among the pseudonymized data we process. If CIOTS cannot get the additional information, we will not be able to address your request in that regard. Please note that if you would like to exercise any rights in relation to your pseudonymized personal data, you must do so while your occupational therapist is completing the certification process. After your occupational therapist completes certification, CIOTS no longer stores or processes your personal data.
We will consider all requests and provide our response within the time period stated by applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances, such as if we need to keep processing your information for our legitimate interests or to comply with a legal obligation.
10. MARKETING COMMUNICATIONS
11. SOCIAL MEDIA
CIOTS does not require that users disclose user names or passwords for a user’s personal social media account, nor does CIOTS require users to access personal social media in our presence or divulge any personal social media information to us.
12. THIRD PARTY LINKS AND FEATURES
13. CHILDREN’S PRIVACY
CIOTS is intended for general audiences and not for children under the age of 18. If we become aware that we have inadvertently collected “personal information” (as defined by the United States Children’s Online Privacy Protection Act) from children under the age of 13 without legally-valid parental consent, we will take reasonable steps to delete it as soon as possible. We also comply with other age restrictions and requirements in accordance with applicable local laws.
14. HOW WE PROTECT YOUR INFORMATION
We consider the confidentiality and security of your information to be of the utmost importance. CIOTS takes the appropriate technical, administrative and physical measures to protect your personal data from disclosure to or access by third parties. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Please note that we do not guarantee the security of information because no method of internet transmission or storage is completely secure. Also note that we may retain and store your information in our databases and systems even after your CIOTS account is deactivated as long as we have a legitimate purpose to do so and in accordance with applicable law.
We intend to take reasonable and appropriate steps to protect the information that you share with us and/or third-party service providers from unauthorized access or disclosure. We will contact you within 72 hours after first becoming aware of any data breach that is likely to result in a risk to your rights or freedoms. If you have reason to believe that your interaction with us is no longer secure, contact us using the “CIOTS Contact Information” below.
15. CONTROLLING YOUR PERSONAL INFORMATION
You may choose to restrict the collection or use of your personal information in the following ways:
- In countries where it is legally required to do so, we ask for your consent to use your contact information for direct marketing purposes. Whenever you receive an e-mail with direct marketing from us, you will have the possibility to withdraw your consent and opt out from future marketing.
- If you have previously agreed to allow us to use your personal data for direct marketing purposes, you may also withdraw your consent at any time by contacting us using the “CIOTS Contact Information” below.
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties that we think you may find interesting. You will have the choice to opt out from receiving this promotional information.
16. CHANGING, UPDATING OR DELETING PERSONAL INFORMATION
If you believe that any information we are holding about you is incorrect or incomplete, please contact us as soon as possible using the “CIOTS Contact Information” below. We will promptly correct any information found to be incorrect.
If you would like to request to review, correct, update, suppress, restrict or delete personally identifiable information that you have previously provided to us, or if you would like to request to receive an electronic copy of your personally identifiable information for purposes of transmitting it to another company (to the extent this right to data portability is provided to you by applicable law), you may contact us using the “CIOTS Contact Information” below. We will respond to your request consistent with applicable law.
In your request, please make clear what personally identifiable information you would like to have changed, whether you would like to have your personally identifiable information suppressed from our database or otherwise let us know what limitations you would like to put on our use of your personally identifiable information. For your protection, we will only implement requests with respect to the personally identifiable information associated with the particular e-mail address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.
Please note that we may need to retain certain information for record keeping purposes or to complete any transactions that you began prior to requesting a change or deletion. There may also be residual information that remains within our databases and other records.
Residents of the United Kingdom may request details of personal information that we hold about you under the Data Protection Act 1998. A small fee will be payable. If you would like a copy of the information held on you, please write to P.O. Box 271928, Fort Collins, Colorado, 80527, USA.
Please note that we review our privacy practices from time to time, and that these practices are subject to change in accordance with applicable data protection law. Any change, update or modification will be effective immediately upon posting on our website(s).
18. CIOTS CONTACT INFORMATION
Center for Innovative OT Solutions
Attn: Information Security Officer
P.O. Box 271928
Fort Collins CO 80527 / USA