Privacy Commitment

This privacy policy is our way of providing you with details about the types of information we collect from you, why we collect your information, and how we use and share your information. Furthermore, we strive to make sure you are fully informed of your data subject rights. If you have any questions or concerns about this policy or about your rights regarding your information, we encourage you to contact us as provided below.

As used throughout this policy, we will refer to Prosci as either “Prosci,” “we” or “us,” and we will refer to our website, www.prosci.com, and our online portal, www.portal.prosci.com, collectively as the “Websites.” Also, we will refer to any services offered through our Websites, emails, or Prosci trainings collectively as the “Services.” Last, we will refer to the following types of information collectively as “Marketing” information: our blog posts, thought leadership articles, webinars, public training events, opportunities to participate in our research, customized information based on your experiences and interactions with our Websites and emails, and additional product information.

Information We Collect and How We Use It

We may collect and store information from you, including information that directly or indirectly identifies you, in connection with your use of our Services, including any information you transmit to or through the Services (“Personal Data”). For the purposes of our Services, Personal Data also includes personal data, as defined by the General Data Protection Regulation, personal information, as defined by the EU-U.S. Privacy Shield, and personal information, as defined by the California Consumer Privacy Act.  We use Personal Data we collect to provide the Service’s functionality, fulfill your requests, improve the Service’s quality, engage in research and analysis relating to the Service, personalize your experience, track usage of the Service, provide feedback to third-party businesses that are listed on the Service, display relevant advertising, market the Service, provide customer support, message you, back up our systems, allow for disaster recovery, enhance the security of the Service, and comply with legal obligations.

Please also note:

  1. Account Information

    If you create a Prosci account, we store and use the information you provide during the registration process and use of our SaaS applications, such as your full name, email address, zip code, physical address, job title, place of work, and other information you may provide, to assist in purchasing products and/or facilitating our Services, including our SaaS applications and training programs. Specifically, if you have access to the "Prework" application in the Prosci Portal, we may use the Personal Data that you input into the application to logistically prepare our team to deliver the corresponding Prosci training program. If you have access to our "Proxima" application in the Prosci Portal, we may anonymize your data (so that it is no longer Personal Data) and include it in an aggregated data set to be used for analysis and research purposes. Information that you give us via your Prosci account is processed on a third-party server in the United States.

  2. Communications

    When you use certain Prosci Services, you have the choice to explicitly opt-in to receive marketing communications from Prosci. You can manage some of your messaging preferences through your account settings. We may track your actions in response to the messages you receive from us or through the Service, such as whether you deleted, opened or forwarded such messages. We may also store information that you provide through communications to us, including from phone calls, letters, emails and other electronic messages, or in person in order to better assist you with our Services. Information we gather from your engagement with our marketing communications is used to analyze and improve future marketing efforts. Data that we gather on you via our communications is processed on our third-party inbound marketing and customer relationship management cloud software(s).

  3. Transactions

    If you initiate a transaction through our Websites, such as a material order or payment for a Prosci training program, we may collect and store information about you, such as your name, phone number, address, email, and payment information (such as a credit card number and expiration date), as well as any other information you provide to us, in order to process your transaction, send communications about them to you, and populate forms for future transactions. This information may be shared with our third-party payment processers, and third parties may share such information with us, for the same purposes. When you submit credit card numbers, we encrypt that information using industry standard technology.

  4. Activity

    We may store information about your use of our Websites or Services, such as your search activity, the pages you view, and the date and time of your visit. We also may store information that your computer or mobile device may provide to us in connection with your use of the Service, such as your browser type, type of computer or mobile device, browser language, IP address, and requested and referring URLs. Information we gather from your engagement with our Websites or Services is used to analyze and improve our offerings. Data that we gather on you via our Websites or Services is processed on our third-party inbound marketing and customer relationship management cloud software(s).

  5. Research Surveys

    If you participate in any of the Prosci research surveys, usually by invitation, we may collect unique identifiers such as first name, last name, email address, age, organization of employment, IP address, and other location data. Some pieces of Personal Data aid in helping our survey tool to function (IP Address), while other pieces of Personal Data (first name, last name, email address) are used to communicate to you about the status of a particular research study. Also, some pieces of Personal Data might be inherent to the topic of the given survey (age, organization of employment). All Personal Data collected via our research studies is stored in our third-party survey tool and can be deleted at any time. Before analysis, Prosci anonymizes the data set so that no Personal Data is stored on Prosci systems or servers. Analysis is only performed on the anonymized, aggregated data set. 

  6. Training Programs

    If you attend any of Prosci’s in-person training programs, Prosci personnel may take notes about the execution of the program. These notes may contain anecdotes about participants concerning their preferences on the logistical facets of the program (food, location, learning atmosphere, etc.). These anecdotal notes are made about the training class, in general, and not about specific individuals. Notes about our training programs are only used to advance the quality of future programs, are stored on our third-party customer relationship management software, and are only accessed by Prosci’s training and logistics personnel.

  7. Digital Badging

    If you attend a Prosci training program, it is very likely that you will have the option to receive a digital certification badge at the completion of the program. Prosci uses a third-party vendor to distribute our digital badges. Prosci or a Prosci Partner will always get the explicit consent of any participant before transferring their personal data (first name, last name, email address, program completion details) to our third-party vendor for distribution of the digital badge.

Cookies

We, and third parties with whom we partner, may use cookies and similar technologies ("Cookies") in connection with your use of our Services and Websites. A "cookie" is a text file that websites send to a visitor’s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. Cookies may reside, among other places, on your computer or mobile device, in emails we send to you, and on our web pages. Cookies may transmit information about you and your use of our Services and Websites. Cookies may be persistent or stored only during an individual session.

Performance and Functionality

Some cookies are required for technical reasons in order for our Websites to operate, and we refer to these as "essential" or "strictly necessary" cookies.

Analytics and Customization

Some cookies enable us to track and target the interests of our users to enhance their experience and to track how visitors use our Websites.

Notifications

Intended to allow or prevent notices of information or options that we think could improve your use of the Service.

Social Networking

These cookies are used to enable you to share pages and content that you find interesting on our Websites.

Reasons We Share Personal Data

We share your personal data with your consent or as necessary to complete any transaction or provide any product or Service you have requested or authorized. This includes sharing your personal data with our Sub-Processors, the Prosci family of businesses, and when we are legally bound to do so by law. 

  1. Sub-Processors

    We rely on entities that process information for a business purpose on our behalf (“Sub-Processors”) to perform certain services for us in connection with your use of our Services. Prosci's Sub-Processors are contractually bound to only process personal data in order to fulfill the contracted services. We may share information from or about you with our Sub-Processors so that they can perform their services or complete your requests. Our Sub-Processors may share information with us that they obtain from or about you in connection with providing their services or completing your requests. Sub-Processors may also share this information with their subsidiaries, joint ventures, or other companies under common control. A current list of Prosci's Sub-Processors can be found at www.prosci.com/legal/subprocessors. Prosci discloses the following categories of data for the following business or commercial purposes to our Sub-Processors:

    Identifiers

    (including a real name, alias, postal address, Internet protocol address, and email address)

    • Performing services on behalf of Prosci, including maintaining or servicing accounts, processing orders and transactions, processing payments, providing advertising or marketing services, providing analytic services
    • Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity

    Commercial Information

    (including records of products or services purchased, obtained or considered, or other purchasing or consuming histories or tendencies )

    • Performing services on behalf of Prosci, including maintaining or servicing accounts, processing orders and transactions, processing payments
    • Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity

    Internet Activity

    (associated with a consumer’s interaction with Prosci’s Services)

    • Performing services on behalf of Prosci, including maintaining or servicing accounts, providing advertising or marketing services, providing analytic services

    Professional/Employment Information

    (limited to a user’s place of work)

    • Helping enable Prosci to provide commercial Services to users
  2. Transfers to Prosci's Family of Businesses

    We may share information from or about you with other Prosci, Inc. entities (Prosci Canada, Prosci Australia, Prosci Latam), as well as companies that market and deliver Prosci open-enrollment training programs, training programs, and consulting services (Prosci “Affiliates”), and companies that offer training programs and consulting services onsite at client locations (Prosci “Authorized Training Providers”). We require that any entity that transfers Personal Data to or from Prosci honors this Privacy Policy.

    Some of the third parties described in this privacy policy, which provide services to us under contract, are based in other countries that may not have equivalent privacy and data protection laws to the country in which you reside. When we share information of customers in the European Economic Area, we make use of the EU-U.S. Privacy Shield Frameworks, European Commission-approved standard contractual data protection clauses, binding corporate rules for transfers to data processors, or other appropriate legal mechanisms to safeguard the transfer.

  3. Compelled Disclosure

    We reserve the right to disclose your Personal Data in order to comply with any valid law, court order, or legal process, including in response to any government or regulatory request. If we receive any such request, we will seek to provide only the information that is specifically requested and nothing more.

    We also reserve the right to disclose your information to a buyer or other party in the event of a merger, sale or other transfer of some or all of our assets. Should such a merger, sale or transfer occur, we will use reasonable efforts, including providing you with reasonable notices, to inform you of such action and any changes in this privacy policy.

Your Data Subject Rights

This privacy policy is our way of providing you with details about the types of information we collect from you, why we collect your information, and how we use and share your information. Furthermore, we strive to make sure you are fully informed of your data subject rights. If you have any questions or concerns about this policy or about this policy or about your rights regarding your information, please feel welcome to contact us as provided below.  You have the following data protection rights:

  1. To access the information we hold about you
  2. To have your information corrected or deleted (the right to be forgotten)
  3. To object to or restrict the processing of your personal data
  4. To have your personal data transferred to another organization
  5. To lodge a complaint to a supervisory authority

You can exercise any of your data subject rights by submitting this form, calling our toll-free phone number (1-800-700-2831), or emailing privacyandsecurity@prosci.com. After submitting your request to exercise your data privacy rights, Prosci will first verify your identity using one of the following methods:

  1. Whenever feasible, Prosci will match the identifying information provided by the data subject via their request (most likely name and email) to the personal data already maintained by Prosci.
  2. If Prosci is not able to verify the data subject from information already maintained by Prosci, we may request additional information, which will only be used for the purpose of identifying the data subject.

Prosci will use appropriate verification methods based on the type and sensitivity of the personal data requested to be disclosed. After verifying the identity of the data subject, Prosci will notify the data subject of receipt of the request within 10 days and respond to the request between 30 and 45 calendar days, depending on the governing jurisdiction of the data subject.

Data Retention

How long we keep information we collect about you depends on the type of information processed, as described in further detail below. After such time described below, we will either delete or anonymize your information or, if this is not possible, then we will securely store your information and isolate it from any further use until deletion is possible.

  1. Legitimate Interest

    We retain Personal Data that you provide to us where we have an ongoing legitimate business need to do so (for example, as long as is required to confirm your certification in our methodology, in order to contact you about our Services, or as needed to comply with our legal obligations, resolve disputes and enforce our agreements).

  2. No Legitimate Interest

    When we have no ongoing legitimate business need to process your Personal Data, we securely delete the information or anonymize it or, if this is not possible, then we will securely store your Personal Data and isolate it from any further processing until deletion is possible. We will delete this information from our databases at an earlier date if you so requested.

  3. Marketing Communications/Cookies

    If you have elected to receive Marketing communications from us, we retain information about your Marketing preferences for a reasonable period of time from the date you last expressed interest in our content, products or services, such as when you last opened an email from us or ceased using your Prosci account, or otherwise withdraw your consent to such processing activities. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.

EU-U.S. Privacy Shield

Prosci complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of Personal Data transferred from the European Union to the United States. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

Prosci is responsible for the processing of Personal Data it receives under the Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf. Prosci complies with the Privacy Shield Principles for all onward transfers of Personal Data from the EU, including liability for the onward transfer of Personal Data.

If you have any questions or concerns, please contact us via the contact information listed below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the EU-U.S. Privacy Shield Principles.

In the event we are unable to resolve your complaints or disputes, you may contact JAMS (https://www.jamsadr.com/eu-us-privacy-shield), an alternative dispute resolution provider located in the United States, for more information or to file a complaint. JAMS will investigate and assist you free of charge in resolving your complaint.

As further explained in the EU-U.S. Privacy Shield Principles, a binding arbitration option will also be made available to you in order to address residual complaints not resolved by any other means. Prosci is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

Although Prosci is still a member of the Privacy Shield Framework and abides by its principles, we no longer rely on it as the mechanism to transfer data from the European Union to the United States. Instead, Prosci relies on a variety of other mechanisms, including the EU-approved Standard Contractual Clauses and the article 49 derogations of the GDPR.

California Consumer Privacy Act

Prosci complies with the California Consumer Privacy Act (“CCPA”) and is committed to protecting information that identifies, relates to, describes, is capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular California consumer or household. Under the CCPA, California consumers have the following rights:

This privacy policy is our way of providing you with details about the types of information we collect from you, why we collect your information, and how we use and share your information. Furthermore, we strive to make sure you are fully informed of your data subject rights. California data subjects have the following data protection rights:

  • The right to know about the Personal Data Prosci collects about them and how it is used and shared
  • The right to delete Personal Data collected from them by Prosci (with some exceptions)
  • The right to opt-out of the sale of their Personal Data. To confirm, Prosci does NOT sell Personal Data.
  • The right to non-discrimination for exercising their CCPA rights

If a California consumer wishes to exercise any of the above privacy rights, they can submit their request via this form, our toll-free phone number (1-800-700-2831), or email (privacyandsecurity@prosci.com). If the data user is not able to make the request themselves, they may appoint an authorized agent to make the request on their behalf. If using an authorized agent, Prosci will require the agent to submit written permission from the consumer, with the exception of when the agent has documented power of attorney. After verifying the identity of the agent, Prosci will process the data user request.

Prosci does not sell consumer’s Personal Data. Prosci does disclose Personal Data to entities that process information for a business or commercial purpose on our behalf (“Sub-Processor”). Prosci discloses Personal Data to its Sub-Processors for the business purposes listed in the “Sub-Processor” section of this policy.

Children

Prosci does not knowingly collect, solicit or sell Personal Data from children under the age of 13. If we learn we have collected or received Personal Data from a child under the age of 13, we will delete that information. If you believe we might have any information from or about a child under the age of 13, please contact us as indicated below.

Security

The privacy of your information is important to us, and we have taken steps aligned with industry best practices to ensure that your information is secure from unauthorized access, use, alteration and disclosure. Please note that no electronic transmission of information can be entirely secure. We cannot guarantee that the security measures we have in place will never be defeated or fail, or that such measures will always be sufficient or effective, so please keep this in mind as you provide your information to us.

Modifications to this Privacy Policy

Any information that we collect is subject to the version of this privacy policy that was in effect at the time we collected such information. However, we may revise this privacy policy from time to time. If we make any meaningful changes to this privacy policy, we will inform you of those changes by sending you an email or other notification if we have your contact information, or by posting an updated version of this privacy policy on our website. We will also indicate when such changes will become effective.

Contact Us

If you have any questions about this privacy policy or our privacy practices, you may call us at +1-970-203-9332 or toll-free at 1-800-700-2831. You can also email us at privacyandsecurity@prosci.com, or write to us at:

Prosci, Inc.
Attn: Legal Department
2950 E. Harmony Road, Suite 130
Fort Collins, CO 80528
United States