This Privacy Policy applies to BrainStorm, Inc. (“BrainStorm”, “we”, “us” and “our”) and you.
BrainStorm, Inc. is committed to ensuring the privacy of your personal information. We are further committed to preventing unauthorized access to that information. Our Privacy Policy details what personal information is collected from users, business representatives, and others and describes how we use it, how it is stored, and your choices in managing our use of your information.
BrainStorm is an innovative industry leader in software and services for change management to support business investment in technology. BrainStorm provides learning solutions for its clients’ employees to enable change management and promote maximum effectiveness in the client’s adoption of business and other application software. BrainStorm’s change management and learning solutions include its online, cloud-based software application (the “Platform”) and electronic instructional content, and instructor-led training (“ILT”).
BrainStorm is a U.S.-based corporation with a history of providing exceptional service for clients around the world, empowering employees to work smarter and achieve more through increased understanding and engagement with software applications available in the workplace. This Privacy Policy applies to our collection of personal data in the operation of our business and your use of our Services:
We respect your privacy and take safeguarding your personal information seriously. Please read this Privacy Policy carefully together with the Terms and Conditions (“Terms”) available at https://www.brainstorminc.com/terms-and-conditions/, which govern your use of the Services, to understand what Personal Information (defined below) we collect from you, how we use it, and your choices related to our use of your Personal Information. If you do not agree with this Privacy Policy, please do not use the Services.
“Personal Information” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. Under specific laws, Personal Information may include any information relating to a household.
We process Personal Information on behalf of customers, third-party distributors and resellers to fulfill our contractual obligations as a third-party service provider. We also process Personal Information that we collect directly such as when a user navigates to our website or when we engage a vendor or customer. This data may be collected through the information you actively submit to us, the information provided by our customers, third-party distributors, or resellers who administer your account, or through automated processes.
We collect Personal Information that you actively submit to us through your account, website forms, email subscriptions, feedback and suggestions, surveys, events, customer service, inquiries, live chat, social media accounts, and other interactions. You will know when we collect your Personal Information because we will directly ask you for the information. We will require certain Personal Information so you can use our Services or for us to be able to contact you. There may also be circumstances where providing Personal Information is optional and does not impact your access to Services. For example, we provide you an option to include a photo with your profile data in the Platform software application.
We collect Personal Information from our customers, third-party distributors, or resellers who administer user accounts. Personal Information is collected about the users who are granted access to our Services, including the Platform software application. We use this information to create user profiles, assign a User Group, record participation in training, webinars, and use of software products, to assess user ranking, perform analytics, and provide reporting information.
Personal Information collected generally includes a first name, last name, job title, company name, email address, profile photo, and verification information. We authenticate users through their Microsoft Office 365 workplace account.
We collect some Personal Information automatically when you visit or use BrainStorm Services. This includes information about the device, browser, and operating system you use when accessing our site and Services, your IP address, the website that referred you, which pages you request and visit, and the date and time of each request you make. We may combine this automatically-collected information with other information we collect about you. If you contact us over the telephone or via fax, we may also log telephony information such as your phone number and the type of call.
For use of the Platform, we automatically collect Personal Information to, among other things, provide you information and benchmarking based upon your usage of the Services, which are used in analyzing trends, administering the Services, tracking users’ utilization and to gather information about our user community as a whole. For example, if enabled by your administrator, we use third-party services such as Microsoft Graph that help us understand details about your usage of Microsoft Office 365, including without limitation total numbers of communications, methods of making attachments, the timing of logging into social media and other details that provide us with statistics about how you interact with the software so that we can better assist you in learning new features and capabilities. BrainStorm does not have any access or ability to read the content of your Microsoft Office 365 usage.
We do not actively collect or otherwise process Personal Information from minors. The age of a minor varies by country. For the purposes of Information collected from the European Union, the age of a minor is under age sixteen (16). We do not actively collect or otherwise process Personal Information relating to criminal convictions and offences. We do not actively collect or otherwise process Personal Information revealing racial origin, ethnic origin, political opinions, religious beliefs, philosophical beliefs, trade union membership, genetic data or biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
We use tracking technologies, cookies and clear GIFs to collect information. Tracking technologies are used to collect information from your web browser through our servers or filtering systems when you visit any of our sites.
Cookies store small text files onto a user’s computer hard drive with the user’s browser, containing the session ID and other data. Cookies enable a website to track a user’s activities on the website for the following purposes: (1) enable essential features; (2) provide analytics to improve website performance and effectiveness; (3) store user preferences; and (4) facilitate relevant targeted advertising on advertising platforms or networks. Users are free to change their web browsers to prevent the acceptance of cookies. Cookies may also be set within emails in order to track how often our emails are opened.
A clear GIF is a transparent graphic image placed on a website. The use of clear GIFs allows us to monitor your actions when you open a web page and makes it easier for us to follow and record the activities of recognized browsers. Clear GIFs are used in combination with cookies to obtain information on how visitors interact with our websites.
Information collected may include but is not limited to your browser type, your operating system, your language preference, any referring web page you were visiting before you came to our site, the date and time of each visitor request, and information you search for on our sites. We can also track the path of page visits on a website and monitor aggregate usage and web traffic routing on our sites. We collect this information to better understand how you use and interact with our sites in order to improve your experience. We also collect this information to better understand what services and marketing promotions may be more relevant to you. We may also share this information with our employees, service providers, and customer affiliates.
You can change your web browser settings to stop accepting cookies or to prompt you before accepting a cookie from the sites you visit. If you do not accept cookies, however, you may not be able to use some sections or functions of our sites. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit http://www.allaboutcookies.org.
We use your Personal Information to operate our Services, fulfill our contractual obligations in our service contracts with customers, third-party distributors and resellers, to review and enforce compliance with our Terms and Conditions agreement, guidelines, and policies, to analyze the use of the Services in order to understand how we can improve our content and service offerings and products, and for administrative and other business purposes. We process Personal Information for payments, employee training, sales and marketing, data analysis, security monitoring, auditing, research, and to comply with applicable laws, exercise legal rights, and meet tax and other regulatory requirements.
In this context, the legal basis for our processing of your Personal Information is either the necessity to perform contractual and other obligations, our legitimate business interest as a provider of change management services and software, regulatory requirements, or your explicit consent.
We do not sell your Personal Information!
We may share your Personal Information in the following circumstances:
We share Personal Information with our customers, generally your employer, or the agent assigned to administer your user account. The information shared relates to your participation in training and webinars and your use of the Platform. If requested by our customers, we also provide an employee ranking of all users assigned to a User Group. Similarly, your Personal Information may be shared with our third-party distributors and resellers, who administer your user account on behalf of your employer.
Our Services are focused on workplace participation. As such, employees are assigned to a User Group. Where the ranking feature has been activated, the rankings of all users in a User Group along with the user’s name, job title, photo, badges earned, and allocated points are made available to the entire User Group.
We may share information we collect about you with third-party service providers to perform tasks on our behalf in supporting the Services. The types of service providers, or sub-processors, to whom we entrust Personal Information include: (i) technology providers; (ii) providers of hosting services; (iii) email delivery service providers; (iv) sales and marketing providers; (v) technical support services; (vi) providers of analytic data services; (vii) utilization services; and (vii) customer feedback services.
We may access and disclose your Personal Information to regulatory bodies if we have a good-faith belief that doing so is required under applicable law or regulation. This may include submitting Personal Information required by tax authorities. We may disclose your Personal Information in response to lawful requests by public authorities or law enforcement, including to meet national security or law enforcement requirements. If we are going to release your Personal Information in this instance, our policy is to provide you with notice unless we are prohibited from doing so by law or court order.
If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, then your Personal Information may be transferred as part of such a transaction as permitted by law and/or contract. Should such an event occur, BrainStorm will endeavor to direct the transferee to use Personal Information in a manner that is consistent with the Privacy Policy in effect at the time such Personal Information was collected.
We may also disclose your Personal Information to exercise or defend legal rights; to take precautions against liability; to protect the rights, property, or safety of the Services, of any individuals, or of the general public; to maintain and protect the security and integrity of our services or infrastructure; to protect ourselves and our services from fraudulent, abusive, or unlawful uses; or to investigate and defend ourselves against third-party claims or allegations. Disclosures may be made to courts of law, attorneys and law enforcement, or other relevant third parties in order to meet these purposes.
Please note that we share aggregated information and non-identifying information with third parties for industry research and analysis, demographic profiling, and other similar purposes. In addition, our Services may contain links to other websites not controlled by us, and these other websites may reference or link to our Services; we encourage you to read the privacy policies applicable to these other websites.
In cases of onward transfers of Personal Information received pursuant to the EU-U.S. Data Privacy Framework, UK Extension to the EU-U.S. DPF, or Swiss-U.S. DPF (the “DPF”) to third parties of data of individuals located in the European Economic Area (“EEA”), United Kingdom (“UK”), or Switzerland, BrainStorm remains liable for such Personal Information and the actions of such third parties.
The categories of Personal Information we have collected about consumers and disclosed about consumers for a business purpose in the preceding 12 months are:
BrainStorm retains Personal Information for a reasonable time period to fulfill the processing purposes mentioned above, including retaining personal information to fulfill our obligations under service agreements. Personal Information is then archived for time periods required or necessitated by law or legal considerations. When archival is no longer required, Personal Information is deleted from our records.
You may request to disable your BrainStorm account at any time by contacting your admins. This means your user profile will no longer be visible on the Services. However, for the purposes mentioned above, we may need to retain information within our internal systems.
We retain Personal Information that we are required to retain to meet our regulatory obligations including tax records and transaction history. We regularly review our retention policy to ensure compliance with our obligations under data protection laws and other regulatory requirements. We regularly audit our databases and archived information to ensure that Personal Information is only stored and archived in alignment with our retention policies.
BrainStorm uses technical and organizational measures to protect the personal information that we store, transmit, or otherwise process, against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. We regularly consider appropriate new security technology and methods as we maintain and develop our software and systems.
BrainStorm hosts the Platform in Microsoft’s cloud computing service known as Azure. Full details on Azure’s data center may be found here. We work to protect the security of your information during transmission by using Secure Sockets Layer (SSL) software, which encrypts information you input. However, no method of transmission or storage is 100% secure. While we strive to use commercially reasonable and appropriate means to protect your personal information, we cannot guarantee its absolute security.
If you have any questions about security on our website, you can e-mail us at security@brainstorminc.com with "Questions about Data Security" in the subject line.
Your Personal Information may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide your Personal Information to us, we will transfer your Personal Information to the United States and process it there. When we transfer your Personal Information, we will take all reasonable steps to ensure that your privacy rights continue to be protected.
In the case of transfers of data out of the European Economic Area or the United Kingdom, we have committed to comply with the DPF and, where appropriate, implement Standard Contractual Clauses. We endeavor to utilize third-party service providers from the United States that have certified with the DPF and provide adequate protections that are compliant with the EU General Data Protection Regulation (“GDPR”), such as implementing Standard Contractual Clauses or Binding Corporate Rules.
BrainStorm complies with the DPF as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information transferred from the European Economic Area, United Kingdom, and Switzerland to the United States in reliance on the DPF. BrainStorm has certified to the Department of Commerce that it adheres to the DPF with respect to such information. If there is any conflict between the terms in this Privacy Policy and the DPF, the DPF shall govern. To learn more about the DPF, and to view our certification, please visit https://www.dataprivacyframework.gov/.
As part of its participation in DPF, BrainStorm is subject to the investigatory and enforcement powers of the Federal Trade Commission. Organizations participating in the Frameworks must respond within 45 days of receiving a complaint. If you have not received a timely or satisfactory response to your question or complaint, please contact the JAMS Program. Their website can be accessed at: https://www.jamsadr.com/dpf-dispute-resolution.
Please note that this independent dispute resolution body is designated to address complaints and provide appropriate recourse free of charge to the individual. If an individual’s complaint cannot be resolved through BrainStorm’s internal processes, BrainStorm will cooperate with JAMS pursuant to the JAMS International Mediation Rules, available on the JAMS website at https://www.jamsadr.com/international-mediation-rules/. JAMS mediation may be commenced as provided for in the relevant JAMS rules. The mediator may propose any appropriate remedy, such as deletion of the relevant personal data, publicity for findings of noncompliance, payment of compensation for losses incurred as a result of noncompliance, or cessation of processing of the personal information of the individual who brought the complaint. The mediator or the individual also may refer the matter to the Federal Trade Commission. Under certain circumstances, individuals also may be able to invoke binding arbitration to address complaints about BrainStorm’s compliance with the DPF.
In compliance with the DPF, individuals have the right to access personal information and to correct, amend, restrict, or delete that information where it is inaccurate, or has been processed in violation of the DPF principles, except where the burden or expense of providing access is disproportionate to the risks to the individual’s privacy in the case in questions, or where the rights of persons other than the individual will be violated.
The DPF ensures compliance with the EU General Data Protection Regulation, which grants rights to individuals in their personal data. These rights include the right to (i) request access to and rectification or erasure of their Personal Information; (ii) obtain restriction of processing or to object to the processing of their Personal Information; (iii) ask for a copy of their Personal Information to be provided to them, or a third party, in a digital format; and (iv) lodge a complaint about the processing of their Personal Information with their local data protection authority. If you wish to exercise one of the above-mentioned rights, please send us your request to the contact details set out below. To delete your personal information from the Platform software application, you can must contact the admins for your company’s instance of the Platform. To access your personal information from the Platform software application, you can select the REQUEST DATA button available under the Privacy & Data menu. You may also access software features to action certain rights, as described under the “All Users” section below.
Personal Information subject rights under the CCPA and other state privacy laws may also apply to certain individuals and households. These rights include the right to: (i) know what Personal Information is being collected about them, (ii) know whether their Personal Information is sold or disclosed at to whom, (iii) say no to the sale of Personal Information, (iv) access their Personal Information, and (v) equal service and price, even if they exercise their privacy rights. If you wish to exercise one of the above-mentioned rights, please send us your request to the contact details set out below. To access your personal information from the Platform software application, you can select the REQUEST DATA button available under the Privacy & Data menu. You may also access software features to action certain rights, as described under the “All Users” section below.
BrainStorm respects and honors privacy rights and provides features for managing Personal Information that are available to all users.
Where we rely upon consent as a legal basis for processing, you may withdraw your consent at any time. Please note the withdrawal of your consent does not affect the lawfulness of processing based on consent before withdrawal.
This document is effective as of the date indicated at the top of this Privacy Policy under “Last Updated”. This document may be amended from time to time.
Inquiries may be made by contacting us through any of the following means:
Email: security@brainstorminc.com
Mailing Address:
Attn: Data Protection Officer
BrainStorm, Inc.
Ten South Center Street
American Fork, UT 84003
United States of America
Copyright ©2024 BrainStorm, Inc All rights reserved
