GDPR Readiness Statement

Sciolytix, Inc. creates software that helps organizations hire and develop their people better, faster, and cheaper. We have two products: the ImpactSIMs™ Sales Assessment and DigitalChalk Learning Management System (LMS). The entity granting you access to Sciolytix’s software (“Organization”) is a Sciolytix customer that collects and processes your personal data. This privacy policy (“Privacy Policy”) governs Sciolytix’s processing of personal data you and/or the Organization has inputted into Sciolytix’s software application (“Software”) for the purpose of recruiting, training, and/or managing you.

Collection of Information

Sciolytix does not directly collect your personal data. Sciolytix processes data you and/or the Organization inputs into the Software for the purpose of recruiting, training, and/or managing you. Such data may include, but is not necessarily limited to, candidate data, employee data, contractor data, student data, training data, and performance data.

Usage of Data

Sciolytix will process the data only in accordance with the agreement between Sciolytix  and the Organization, including, but not necessarily limited to, providing technical or functional support, and ensuring the security of the Software. Please contact the Organization with any questions about its use of your personal data.

Contact and Queries

The Organization is a data controller. A (Data Controller”) determines the purposes for which and the means by which personal data is processed. Sciolytix  is a data processor of your personal data. A (“Data Processor”) processes personal data only on behalf of the controller and in accordance with the Data Controller’s instructions. All queries regarding your personal data should be directed to the Organization.

Website Usage Information

1. Cookies

For information on the cookies we use, and their functionality please refer to our cookie policy.

2. IP address and Clickstream data

Our servers automatically collect data about your internet protocol (“IP”) address when you visit a Sciolytix  webpage (“Website”). Our servers may log your IP address and sometimes your domain name when you request pages from a Website. Our servers may also record the referring page that linked you to us (e.g. another website or a search engine); the pages you visit on a Website; the website you visit after the Website; other information about the type of web browser, computer, platform, related software and settings you are using; any search terms you have entered on the Website or a referral website; and other data logged by our web servers. We use this information for internal system administration, to help diagnose problems with our servers, and to administer our Websites. Such information may also be used to gather broad demographic information, such as country of origin and Internet service provider. Personal data including IP addresses are not used to facilitate contact with users who have not provided their contact details to Sciolytix . Personal data is not shared with nor sold to any unauthorized third-party

Use, Disclosure, and Sharing of Personal Data

1. Service providers

We may use third-party partners to operate and maintain our Software and deliver our products and services in accordance with the agreement we have with the Organization. Third-party service providers are contractually restricted from using or disclosing your personal data except as necessary to perform services on our behalf or to comply with legal requirements. Data may be processed within or outside of the European Economic area, according to the contractual agreement and applicable laws.

2. Aggregated statistics

We may aggregate and anonymize non-personally identifiable data into statistics regarding user behavior such as overall patterns or demographic reports that do not describe or identify any individual user. This shall always be done in accordance with the agreement between the Organization and Sciolytix .

3. Legally compelled disclosures

We may disclose your personal data if required to do so by law or subpoena or if we believe that such action is necessary to: (a) conform to law applicable to Sciolytix  or our partners; (b) comply with a judicial or court order, or comply with legal processes served on us or Affiliated Parties; or (c) protect and defend our rights and property, Websites, and/or the users of the Websites.

4. Worldwide transfer and processing of Personal Data (applies unless otherwise agreed in writing between you or the Organization and Sciolytix )

Sciolytix  may use your data for the purposes described herein and per the agreement between Sciolytix  and the Organization. Depending on contractual requirements and applicable law, your data may be processed and transferred in and to the United States and other countries and territories listed herein, which may have different privacy laws from your country of residence, and which may afford varying levels of protection for your personal data. Regardless of the laws in place in these countries, we will treat the privacy of your information in accordance with this Privacy Policy and the agreement between Sciolytix  and the Organization.

Your access and correction rights

We offer individuals the opportunity to opt-out of personal data (or to provide explicit opt-in consent for sensitive information) being: (i) disclosed to a third party (other than to our service providers under contract or pursuant to lawful request as set forth below), or (ii) used for a purpose materially different from the purpose for which it was originally collected or subsequently authorized by you if such circumstances arise. You can also opt-out at any time from having your personal data used for direct marketing purposes by following the unsubscribe procedures indicated in the marketing emails. For further questions related to the above, you can contact us at privacy@sciolytix.com.

Where we process personal data on behalf of an Institution, we will work with that Institution to comply with any individual’s choices for limiting use or disclosure of personal data. 

You retain the right to submit and correct or delete your personal data by contacting the Organization.

Sciolytix Inc. is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

Data Privacy Framework

Sciolytix Inc.  has self-certified commitment with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.

Sciolytix, Inc.  has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.

Sciolytix , Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Sciolytix  Inc, commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Sciolytix Inc. at: privacy@sciolytix.com

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Sciolytix  Inc.  commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the customer relationship.

As required under the principles, when we receive information under the Data Privacy Framework and then transfer it to a third-party service provider acting as an agent on our behalf, we have certain liability under the Data Privacy Framework if the agent processes the information in a manner inconsistent with the Data Privacy Framework and we are responsible for the event giving rise to the damage.

We encourage you to contact us at privacy@sciolytix.com should you have a Data Privacy Framework related (or general privacy-related) complaint. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact the independent recourse mechanism listed below:

UK Information Commissioner's Office (ICO)

EU Data Protection Authorities (DPAs)

We have committed to cooperating and complying with the information and advice provided by an informal panel of data protection authorities in the European Economic Area, and/or the Swiss Federal Data Protection and Information Commissioner (as applicable) in relation to unresolved complaints (as further described in the Data Privacy Framework Principles). You may also contact your local data protection authority within the European Economic Area or Switzerland (as applicable) for unresolved complaints.

Under certain conditions, more fully described on the Data Privacy Framework website, including when other dispute resolution procedures have been exhausted, you may invoke binding arbitration.

Sciolytix  Inc.  is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Third-party websites

When you are on this Website you may have the opportunity to visit or link to other websites, including other websites operated by us or by unaffiliated third parties. These websites may collect personal data about you, and because this Privacy Policy does not address the information practices of those other websites, you should review the privacy policies of such other websites to see how they treat your personal data.

Privacy of minors

This Website is not directed at minors, as described under applicable law, we do not knowingly collect personal data from minors, as described under applicable law, on our Websites. If we become aware that we have inadvertently received personal data from a minor, as described under applicable law, on a Website, we will delete the information from our records.

Security

The security and privacy of personal data is of utmost importance to Sciolytix . We use commercially reasonable and industry-standard physical, managerial, and technical safeguards to preserve the integrity and security of your personal data. More information can be found here: https://www.Sciolytix.com/company/security.

GDPR Information Notice and Related Provisions

The General Data Protection Regulation 2016/679 (“GDPR”) is a regulation on data protection and privacy in the European Union and the European Economic Area (“E.E.A.”). It also addresses the transfer of personal data outside the E.U. and E.E.A. GDPR requires Data Processors to provide the following information:

1) Controller Identity and Contact Details

Sciolytix acts only as a processor. The Organization is the controller of your personal data and should provide you appropriate contact details.

2) Data Protection Officer

Sciolytix  has appointed a Data Protection Officer who can be reached at privacy@sciolytix.com. However, Sciolytix  acts only as a processor. The Organization is the Data Controller and should provide you appropriate contact details.

3) Purposes and Legal Basis for the Processing

Sciolytix  will process the data only in accordance with the agreement between Sciolytix  and the Organization, including, but not necessarily limited to, providing technical or functional support, and ensuring the security of the Software. Please contact the Organization with any questions about its use of your personal data.

4) Information Sharing

We may use third-party providers to help us to deliver our products and services. Third-party service providers are contractually restricted from using or disclosing the information, except as necessary to perform services on our behalf or to comply with legal requirements.

5) International Transfers

Depending on contractual requirements and applicable law, data can be processed within or outside of the European Economic area. All locations either benefit from an Adequacy Decision or from alternative suitable safeguards.

6) Data Retention

Sciolytix  will retain your data only as agreed between Sciolytix  and the Organization and in accordance with applicable laws to which Sciolytix  is subject.

7) Data Subject Rights

Sciolytix  acts only as a Data Processor. The Organization is the controller and should provide you appropriate contact details.

8) Automated Decision-making

Sciolytix  acts only as a processor and does not make decisions impacting you. The Organization is the controller and should provide you appropriate information regarding its decision-making process.

U.S. Specific Provisions

Where Sciolytix  is subject to U.S. privacy requirements the following applies:

1) Job Applicants and Employees

Sciolytix  collects or is provided personal data such as name, address, email address, and social security numbers from job applicants, employees, and contractors for, among other things, legitimate human resource business reasons such as payroll administration, filling employment positions, maintaining accurate benefits records, meeting governmental reporting requirements, security, health and safety management, performance management, company network access, and authentication. Sciolytix  does not engage in automated decision-making.

2) Customers

Personal data provided to Sciolytix  by the Organization and the processing of personal data is defined in the Collection of Information and Usage of Data sections of this policy.

3) Do Not Track.

Your browser may allow you to set a “Do not track” preference. Unless otherwise stated, our sites do not honor “Do not track” requests. However, you may elect not to accept cookies by changing the designated settings on your web browser. Please note that if you do not accept cookies, you may not be able to use certain functions and features of our Webpages.

Updates to our privacy statement

This Privacy Policy may be updated periodically and without prior notice to you to reflect changes in our online information practices. We will indicate at the top of the statement when it was most recently updated.

Language

The governing language of this Privacy Policy is English, which shall prevail over any other language used in any translated document.

GDPR Territorial Scope

The GDPR applies to all Data Controllers and Data Processors who collect, process and/or store personal data of Data Subjects who reside in the EU, regardless of the Data Controller’s or Data Processor’s location.

How does the GDPR define personal data?

Personal data is any information relating to a natural person (a ‘Data Subject’) that can be used to directly or indirectly identify that person.

Who does the GDPR consider a Data Controller?

A Data Controller is an individual or entity that determines the reason, purpose, terms and process by which personal data is captured and processed. If you are an individual or entity who uses the DigitalChalk LMS to deliver training to users who are registered for that training in your DigitalChalk organization, you are a Data Controller.

Who does the GDPR consider a Data Processor?

A Data Processor is an individual or entity that processes and stores personal data on behalf of a Data Controller. DigitalChalk is a Data Processor to those individuals and entities who use our services for the process of delivering training to users who are registered for that training in their DigitalChalk organization.

Obtaining Data Subject Consent

A Data Subject must be presented with the option to provide consent for collection, processing and storage of their personal information in an intelligible format in an easily accessible form. Consent must provide clear and distinguishable information, in plain language, that accurately describes the purpose for which consent is being granted. Additionally, consent must be withdrawable in an easily accessible form. DigitalChalk will have appropriate instruments in place to aid in proper navigation of these new GDPR consent requirements.

A Data Subject’s Right to Access, Update, Port and/or Request Deletion of Personal Information

A Data Subject has the right to obtain from the Data Controller confirmation as to whether personal data concerning them is being collected, processed, and/or stored, where these activities are taking place and for what purpose. Further, the controller must provide a copy of the Data Subject’s personal data, free of charge, in a common electronically readable format upon request from the Data Subject. Data Subjects also have the right to request that personal data being collected, processed and/or stored concerning them be updated and/or deleted upon request. DigitalChalk will have appropriate instruments in place to aid in proper navigation of these new GDPR consent requirements.

Sciolytix is committed to safeguarding personal information as we believe that such is paramount to our mutual success and to maintaining the trust relationship already forged with our customers. As such, we are aggressively preparing to deliver upon our obligations to the GDPR requirements. If you have any additional questions regarding the ways in which we are preparing for GDPR compliance, please contact us by email at: privacy@sciolytix.com.

this is a test