Effective Date: September 30, 2024

LectureLinx, Inc. (“LectureLinx” “LLX”) is committed to protecting the privacy of our clients, visitors to our Website, and any individuals from whom we collect personal data on behalf of our clients. As a U.S.-based consumer reporting agency governed by the Fair Credit Reporting Act (“FCRA”), among other applicable laws, LectureLinx strives to maintain the confidentiality, integrity, and security of personal data that LectureLinx obtains.

LectureLinx complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. LectureLinx has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) regarding the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

We work with you to identify your specific and individual challenges, opportunities, culture and resources. We can implement the industry’s most robust compliance programs or offer components specifically tailored to your business and process needs; allowing you to add services over time and as your needs change or expand. In short, we treat your business as our own by sharing ideas, processes and technology. We measure our success based on your outcomes.

Scope

This Personal Data Protection Policy (the “Policy”) applies to all Personal Data received by us in the United States from the EU and/or other applicable countries, recorded in any form (including electronic, paper or verbal).

Definitions

The following definitions shall apply throughout this Policy:

  • “Agent” means any third party that uses Personal Data provided to us to perform tasks on behalf of and under the instructions of us.
  • “Personal Data” means Information or a set of information that identifies or could be used by or on behalf of us to identify an individual. Personal Data does not include information that is encoded, anonymous, aggregated or publicly available information that has not been combined with non-public Personal Data.
  • “Sensitive Personal Data” means Personal Data that reveals racial, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership or information that specifies the health or sex life of the individual. In addition, we will treat any information as Sensitive Personal Data which is received from a third party where that third party treats and identifies the information as sensitive.

Privacy Principles

  1. Notice
    When we collect Personal Data directly from individuals in the EU and/or other applicable countries, we will inform them about the purposes for which we collect and use their Personal Data, the types of third parties (other than Agents), if any, to which we disclose that information, and the choices and means, if any, that we offer individuals for limiting the use and disclosure of their Personal Data. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Data to us, or as soon as practicable thereafter, and in any event before we use the information for a purpose other than that for which it was originally collected. If we receive Personal Data from our affiliates or other entities in the EU and other countries with which we do business, we will use such information in accordance with the notices such entities provided, and the choices made by the individuals to whom such Personal Data relates.
  2. Choice
    We will offer individuals the opportunity to choose (opt-out) whether their Personal Data is (a) to be disclosed to a third party (other than an Agent), or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For Sensitive Personal Data, we will give individuals the opportunity to affirmatively and explicitly (opt-in) consent to (a) the disclosure of the information to a third party, or (b) the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. We will provide individuals with reasonable methods to exercise their choices. We may disclose personal information to third parties in the following instances:
    • Website Consultants and Service Providers. We may disclose personal information to third-party consultants and service providers (such as providers of hosting services, support, maintenance and remedial and repair services) to the extent that they require access to our databases, or the information contained in our databases, to service us and our customers under the conditions set out in the Principles.
    • Enforcement of Rights / Security. We reserve the right to release personal information (i) when we are under legal compulsion to do so (e.g. we have received a subpoena) or we otherwise believe that the law requires us to do so, (ii) when we believe it is necessary to protect and/or enforce the rights, property interests, or safety of us, our customers or others, or (iii) as we deem necessary to resolve disputes, troubleshoot problems, prevent fraud and/or enforce the Principles.
    • Reorganization or Sale. In the event that our company is merged with or becomes part of another organization, or if our company is sold, or it sells all or substantially all of its assets or is otherwise reorganized, the information you provide may be one of the transferred assets to the acquiring or reorganized entity.
    • As Otherwise Allowed by Law. We may transfer personal information to third parties where we are expressly authorized by applicable law and the Principles to do so. We also may be required to disclose an individuals personal information in response to a lawful request by public authorities, including meeting national security or law enforcement requirements.
  3. Accountability For Onward Transfers
    We will obtain assurances from our Agents that they will safeguard Personal Data consistently with this policy. If we have knowledge that an Agent is using or disclosing Personal Data in a manner contrary to this policy, we will take reasonable steps to prevent or stop the use or disclosure. In cases of onward transfers to third parties, LectureLinx remains liable.
  4. Security
    We will take reasonable precautions to protect Personal Data in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.
  5. Data Integrity & Purpose Limitation
    We will use Personal Data only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. We will take reasonable steps to ensure that Personal Data is relevant to its intended use, accurate, complete, and current.
  6. Access
    Upon request, we will grant individuals reasonable access to Personal Data that we hold about them, and we will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete.

    State Rights (e.g., Access & Deletion for Certain Individuals). You may have the right to request access to, or deletion of, your personal information under state law (e.g., California). These rights are not absolute and only apply in certain circumstances. This means that we may be unable (e.g., due to legal requirements), or not obligated, to satisfy your request. In some cases, we may need to collect additional information from you to verify your identity before we provide access or delete your information, such as a government-issued identification. We will not discriminate against you for exercising your rights but may not be able to provide you with services or programs that you have requested if we are not able to use your information.
  7. Resource, Enforcement And Liability
    We will conduct compliance audits of our relevant privacy practices to verify adherence to this Policy. Any employee that we determine is in violation of this Policy will be subject to disciplinary action up to and including termination of employment.
  8. Cookies, Web Server Data, & Other Technologies
    We use technologies such as cookies on our Websites to improve user experience for our Website visitors. We may also use these technologies to better understand Website usage and to determine which areas of our Website users prefer. In addition, cookies, web beacons, web server data and other technologies may be used to provide you information we and the clients we work with believe may be of interest to you.
    • Cookies: Cookies are small data files that are sent from a website and stored on the user’s web browser while the user is browsing a website. Cookies serve many functions including but not limited to helping you log in (e.g., remembering your username if you register or log in), remembering some of your customized user preferences, helping us better understand how people use our Websites, collecting traffic data, and helping us improve our Websites. With respect to collecting traffic data, we may use third parties to collect such data on our behalf.
    • Your browser can be set to manage cookies and even reject them. However, please keep in mind that by rejecting cookies, your user experience while visiting our Websites will not be the same, functionality may be lost, and you may not be able to access certain areas or features of the Websites.
    • Web Server Data & Other Technologies: A web beacon is a clear GIF (Graphics Interchange Format) that a company can place on a website or in digital communications to allow it or a third party (such as an audience measurement, or social media company), to collect and help it analyze general usage patterns of visitors to its Websites. We may use web beacons on some of our Websites and digital communications for these purposes. In addition, to provide better programs and information, we may also incorporate information collected from your browser and browsing activity in order to recognize you across the devices you use, such as a mobile phone or laptop. As a result, we may collect and use information about your online visits to our Websites or engagement with our digital communications.
    • We may also collect usage data from our Websites, such as the source address that a page request is coming from (e.g., IP address), domain name, date and time of the page request, the referring website (if any), and other parameters in the URL (e.g., search criteria). We use web server data and other technologies to better understand Website usage and to determine which areas of our Websites users prefer (e.g., based on the number of visits to those areas). We may store and use this information for statistical reporting.

Dispute Resolution and Enforcement

Any questions or concerns regarding the use or disclosure of Personal Data should be directed to LectureLinx, Inc. at the address given below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the principles contained in this Policy within 45 days of receiving a complaint.

We have agreed to participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure. Subject to the terms of the VeraSafe Data Privacy Framework Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure, please submit the required information here:

https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute

We are subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Should an individual be unable to resolve a complaint with us, they may contact the FTC at the following address:

Federal Trade Commission
Attn: Consumer Response Center
600 Pennsylvania Avenue NW
Washington, DC 20580
www.ftc.gov

EU and UK Persons (EUand UK Data Subjects) may make complaints to their home data protection authority and can invoke binding arbitration for some residual claims not resolved by other redress mechanisms.

Contact Information

Questions or comments regarding this Policy should be submitted to us by mail or e-mail as follows:

LectureLinx, Inc.
758 E. Main St. Branford, CT 06405
email: [email protected] Attn: Jemel Kyles

For any EU-U.S. Data Privacy Framework Principles related complaints that are not resolved within 45 days, you may file a complaint with our independent dispute resolution provider at the following website: verasafe.com

In compliance with the EU-U.S. Data Privacy Framework Principles, LectureLinx commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our EU-U.S. Data Privacy Framework Principles policy should send an email to: [email protected]

Changes to Personal Data Protection Policy

This Policy may be amended from time to time, consistent with the requirements of the Data Protection Directive and/or EU-U.S. Data Privacy Framework Principles. We will provide appropriate public notice about such amendments.

Updated October 4, 2024