Effective date: April 27, 2020
This page informs you of our policies regarding the collection, use and disclosure of personal data when you use our Services and the choices you have associated with that data.
Services includes the website www.caveon.com operated by Caveon, LLC and all other websites and internet-based services operated by Caveon, LLC, including but not limited to core.caveon.com, id.caveon.com, scorpion.caveon.com, sei.caveon.com, trydomc.com, and cespcert.org.
Personal Data means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).
Usage Data is data collected automatically either generated by the use of the Services or from the Services infrastructure itself (for example, the duration of a page visit).
Cookies are small files stored on your device (computer or mobile device).
Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed.
Data Processors (or Services Providers)
Data Processor (or Services Provider) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Services Providers in order to process your data more effectively.
Data Subject (or User)
Data Subject is any living individual who is using our Services and is the subject of Personal Data.
Any public or private school, college or university, teacher or professor that subscribes to and/or uses Caveon’s Do-It-Yourself Assessment Development, Delivery and Proctoring platform for the development, delivery and/or proctoring of any test or assessment. Education Subscribers are Data Controllers at all times in relation to their use of the Services.
Information Collection and Use
We collect several different types of information for various purposes to provide and improve our Services to you.
Types of Data Collected
While using our Services, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:
- Email address
- First name and last name
- Phone number
- Address, State, Province, ZIP/Postal code, City
- Cookies and Usage Data
We may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or the instructions provided in any email we send.
We may also collect information on how the Services are accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Services that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
We may use and store information about your location if you give us permission to do so (“Location Data”). We use this data to provide features of our Services, to improve and customize our Services.
You can enable or disable location services when you use our Services at any time by way of your device settings.
Tracking Cookies Data
Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies are also used such as beacons, tags and scripts to collect and track information and to improve and analyze our Services.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Services.
Examples of Cookies we use:
- Session Cookies. We use Session Cookies to operate our Services.
- Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
- Security Cookies. We use Security Cookies for security purposes.
Managing Your Information Preferences
Use of Data
Caveon, LLC uses the collected data for various purposes:
- To provide and maintain the Services
- To notify you about changes to the Services
- To allow you to participate in interactive features of the Services when you so elect
- As a Data Processor for Caveon customers, for processing in accordance with the legal instructions of the customer, in the customer’s capacity as the Data Controller
- To provide customer support
- To gather analysis or valuable information so that we can improve our Services
- To monitor the usage of our Services
- To detect, prevent and address technical issues
- To detect, prevent and respond to fraud and/or hacking
- To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information
Legal Basis for Processing Personal Data under the General Data Protection Regulation (GDPR)
Caveon may process your Personal Data because:
- We need to perform a contract with you or provide a Services that you requested
- We are following the instructions of a Caveon customer in the role of the Data Controller to perform a contract for the customer and your Personal Data was provided to Caveon for processing as part of the Services provided to the Caveon customer
- We need to perform a contract for a Caveon customer, and you have been identified as an authorized user of the Services that we are providing to the customer
- You have given us permission to do so
- The processing is in our legitimate interests and it is not overridden by your rights
- To comply with the law
Retention of Data
Caveon, LLC will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Services, or we are legally obligated to retain this data for longer periods.
Transfer of Data
Your information, including Personal Data, may be transferred to – and maintained on – computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.
If you are located outside United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to United States and process it there.
Disclosure of Data
Disclosure for Law Enforcement
Under certain circumstances, Caveon, LLC may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
Caveon, LLC may disclose your Personal Data in the good faith belief that such action is necessary to:
- To comply with a legal obligation
- To protect and defend the rights or property of Caveon, LLC
- To prevent or investigate possible wrongdoing in connection with the Services
- To protect the personal safety of users of the Services or the public
- To protect against legal liability
Security of Data
The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
Our Policy on “Do Not Track” Signals under the California Online Protection Act (CalOPPA)
We do not support Do Not Track (“DNT”). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.
You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.
We may employ third party companies and individuals to facilitate our Services (“Services Providers”), provide the Services on our behalf, perform related services or assist us in analyzing how our Services are used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
Links to Other Sites
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
We do not knowingly collect Personal Data through our website or cloud-based services from any person under the age of 13 and our Services are not marketed to users under the age of 13. We ensure that our customers and users are aware that they are not permitted to use our cloud-based services to collect Personal Data from any person under the age of 13. If you are aware that a child under the age of 13 has provided us with Personal Data through our website or cloud-based services, please contact us. If we become aware that we have inadvertently or unknowingly collected Personal Data from a child under the age of 13 through our website or cloud-based services, we will promptly remove that information from our servers.
CAVEON PRIVACY SHIELD POLICY
Caveon has subscribed to the Privacy Shield program, which covers both the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, and, therefore, Caveon has certified that it adheres to the EU-U.S. Privacy Shield Principles and the Swiss-U.S. Privacy Shield Principles, both of which include Supplemental Principles (collectively, the “EU-U.S. and Swiss-U.S. Privacy Shield Principles”) for Personal Data covered by the Policy. More information about the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield, including the list of certified organizations, can be found at www.privacyshield.gov. This Policy applies to Caveon. If there is any conflict between the terms in this Policy and the EU-U.S. and Swiss-U.S. Privacy Shield Principles, the EU-U.S. and Swiss-U.S. Privacy Shield Principles will govern.
Personal Data that is transferred to Caveon from the EEA and Switzerland falls into two categories: 1) Personal Data regarding personnel of Caveon’s customers in the EEA and Switzerland, such as name, email address, and telephone number; and 2) Personal Data from customers’ end users and data subjects in the EEA and Switzerland that Caveon processes on behalf of its customers, such as end user name, address, personal identifiers, assessment data, and other personal information provides to Caveon in order to perform the Services. In the case of the latter category, Caveon acts as a Data Processor and processes such information only under the instructions of its customers. This information is controlled by Caveon’s customers in the EEA and Switzerland.
Because the requirements of the Privacy Shield program vary depending on whether Caveon is acting as a processor on behalf of its customers or as a Data Controller, meaning that Caveon makes independent decisions about how that information will be used, Caveon’s policies and practices are described separately below.
CAVEON ACTING AS A DATA PROCESSOR ON BEHALF OF ITS CUSTOMERS
When Caveon acts as a Data Processor on behalf of its customers, the following policies apply to all data processing operations concerning Personal Data that has been transferred from the EEA and Switzerland to the United States.
Use of Personal Data
Caveon will process the Personal Data only for the purposes requested by the customer and in accordance with its contract with the customer.
Access and Correction
Caveon will assist the Data Controller (the customer) in responding to individuals exercising their rights under the Principles.
Agents and Services Providers
Caveon will not transfer Personal Data to third parties except where permitted or required by the customer and then in accordance with the EU-U.S. and Swiss-U.S. Privacy Shield Principles.
Notice & Choice
Because the Personal Data is under the control of Caveon’s customers, appropriate notice and choice to the individual are provided by Caveon’s customers. As the Data Processor, Caveon typically does not have a direct relationship with the customers’ end users or data subjects.
CAVEON ACTING AS A DATA CONTROLLER
Caveon may receive Personal Data from Data Subjects in the EEA and Switzerland in connection with the Services that Caveon offers through its websites and from individual members of the public who access Caveon’s website to obtain information about the company and its Services.
Use of Personal Data
Any Personal Data we receive as a Data Controller may be used by Caveon and its agents for the following purposes: communications, fulfilling transactions, analytics, and marketing. If we intend to use your information for a purpose that is materially different from these purposes or if we intend to disclose it to a third party (a non-agent) not previously identified, we will notify you and offer you the opportunity to opt out of such uses and/or disclosures where it involves non-sensitive information or opt-in where sensitive information is involved.
DISCLOSURES TO THIRD PARTIES
Your Personal Data may be disclosed:
- To third parties, to permit them to send you marketing communications, consistent with your choices.
- To a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).
DISCLOSURES TO AGENTS AND SERVICE PROVIDERS
We sometimes contract with other companies and individuals to perform functions or services on our behalf such as website hosting, data centers, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, auditing and other services. They may have access to Personal Data needed to perform their functions but are restricted from using the Personal Data for purposes other than providing services for us or to us. Caveon requires that its agents and service providers that have access to Personal Data received from the EEA and Switzerland provide the same level of protection as required by the EU-U.S. and Swiss-U.S. Privacy Shield Principles.
We are responsible for ensuring that our agents, service providers and other third parties to whom we disclose your Personal Data process the information in a manner consistent with our obligations under the EU-U.S. and Swiss-U.S. Privacy Shield Principles.
We use reasonable physical, electronic, and administrative safeguards to protect your Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the nature of the Personal Data and the risks involved in the processing that information.
DATA INTEGRITY AND PURPOSE LIMITATION
We limit the collection and use of Personal Data to the information that is relevant for the purposes of processing and will not process Personal Data in a way that is incompatible with the purposes for which the information has been collected or subsequently authorized by you. We take reasonable steps to ensure the personal information is reliable for its intended use, accurate, complete, and current to the extent necessary for the purposes for which we use the Personal Data.
Your Data Protection Rights under the General Data Protection Regulation (GDPR)
If you are a resident of the European Economic Area (EEA), you have certain data protection rights. Caveon, LLC aims to take reasonable steps to allow you to correct, amend, delete or limit the use of your Personal Data where we serve as a Data Controller.
If you wish to be informed about what Personal Data we hold about you in our capacity as a Data Controller and if you want it to be removed from our systems, please contact us.
In certain circumstances where Caveon serves as a Data Controller, you have the following data protection rights:
The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request deletion of your Personal Data directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.
The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
The right to object. You have the right to object to our processing of your Personal Data.
The right of restriction. You have the right to request that we restrict the processing of your personal information.
The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
The right to withdraw consent. You also have the right to withdraw your consent at any time where Caveon, LLC relied on your consent to process your personal information.
Please note that we may ask you to verify your identity before responding to such requests.
You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).
ENFORCEMENT AND DISPUTE RESOLUTION
If you have any questions or concerns, please write to us at the address listed below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the EU-U.S. and Swiss-U.S. Privacy Shield Principles.
In the event we are unable to resolve your complaints or disputes, you may contact JAMS (https://www.jamsadr.com/eu-us-privacy-shield), an alternative dispute resolution provider located in the United States, for more information or to file a complaint. JAMS will investigate and assist you free of charge in resolving your complaint.
As further explained in the EU-U.S. and Swiss-U.S. Privacy Shield Principles, a binding arbitration option will also be made available to you in order to address residual complaints not resolved by any other means. Caveon US is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
- By email: firstname.lastname@example.org