ETHIX360 Privacy Policy

INTRODUCTION

At ETHIX360, we respect people's privacy, and we are committed to keeping your trust, which starts with helping you understand our privacy practices. This privacy policy applies to the personal information we may collect about you or that you may provide when you visit www.ethix360.com, our Website, the personal data we collect, how it's used and shared, and your choices regarding this data. We recommend that you read this along with our privacy overview, which highlights key points about our privacy practices. Any personal information you provide to us will never be sold and follows our strict privacy policy guidelines. By using this Website, you signify your acceptance of this Policy. If you do not agree to this Policy, please do not use our Website. Your continued use of the Website following the posting of changes to this Policy will be considered your acceptance of those changes.

OVERVIEW

The purpose of this overview is to provide you with a summary of the topics we cover in this Privacy Policy.

  • What personally identifiable information is collected from you through the Website, how it is used, and with whom it may be shared.

  • What choices are available to you regarding the use of your data.

  • The security procedures in place to protect the misuse of your information.

  • How you can correct any inaccuracies in the information. 

  • Address additional privacy regulations 

WHAT INFORMATION WE COLLECT

Personal Identification Information:

ETHIX360 may collect and use Users’ personal information for the following purposes: 

  • To improve customer service - The information you provide helps us respond to your customer service requests and support needs more efficiently.

  • To personalize user experience - We may use information in the aggregate to understand how our Users as a group use the services and resources provided on our Website. 

  • To improve our Website - We may use the feedback you provide to improve our products and services.

  • To send periodic emails - We may use the email address to send User information and updates about their order. It may also be used to respond to their inquiries, questions, and/or other requests. 

  • To provide requested information - We may also collect information when you provide it directly to us through our Website by filling out a request form when you download white papers, for a webinar our request information. The type of information we collected on these forms may include the following:

    • First Name

    • Last Name

    • Email Address

    • Phone Number

    • Company Name

    • Number of Employees

If User decides to opt-in to our mailing list, they will receive emails that may include company news, updates, related product or service information, etc. If at any time the User would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email or User may contact us via our Website.

Non-personal Identification Information:

We may collect non-personal identification information about Users whenever they interact with our Site. The non-personal identification information may include the browser name, the type of computer, and technical information about Users’ means of connection to our Sites, such as the operating system and the Internet service providers utilized and other similar information.

Web Browser Cookies:

Our Site may use "cookies" to enhance User experience. User'’ web browser places cookies on their hard drive for record-keeping purposes and sometimes to track information about them. The User may choose to set their web browser to refuse cookies or to alert you when cookies are being sent. If they do so, note that some parts of the Site may not function properly.

Collected From Third-Parties:

We may collect information about you from third parties or supplement the information we collect from you with additional records received from third parties. Information is collected from third parties in order to enhance our ability to serve you, tailor our content to you, and offer you information that we believe may be of interest to you. For example, we may collect information such as your email, phone number, and job title from an external. 

YOUR PERSONAL INFORMATION 

How We Use It:

We may use personal information collected from the Website to improve customer service, personalize user experience, improve our site and to send periodic emails.

How We Share It:

The information we collect from our Website is used to respond to your requests. ETHIX360 does not sell, rent, lease, trade, or share visitors' personal information other than as outlined in this Policy. When you provide us with your personal information or otherwise choose to sign up to receive email communications from us, we will use that information to send those communications to you. Individuals may "opt out" of receiving email communications through links available on emails received.

How We Protect It:

We adopt appropriate data collection, storage, and processing practices and security measures to protect against unauthorized access, alteration, disclosure, or destruction of your personal information, username, password, transaction information, and data stored on our Website.

How We Update It:

ETHIX360 respects your rights and control over your information. When information is requested, we will confirm whether we have the relevant information collected from you. Additionally, upon request, you can modify or delete any of your personal information that is inaccurate, incomplete or request its deletion.  During certain situations, we may not be able to fulfill your request. For example, if it impacts our regulatory obligations, affects legal matters, we cannot verify your identity, or it involves disproportionate cost or effort. Should this be the case, we will respond to your request within a reasonable timeframe and provide you with an explanation. To make such a request, send an email to subjectaccessrequest@ethix360.com. 

COUNTRY, STATE, AND INDUSTRY-SPECIFIC PRIVACY NOTICES 

European Economic Area, Switzerland or United Kingdom Citizen Rights:

Individuals who reside in the European Economic Area (EEA), including Switzerland and the United Kingdom (UK), have additional rights reserved under the General Data Protection Regulation (GDPR), the UK Data Protection Act, and/or e-Privacy Directive, as applicable. This section details those additional rights and information on how to exercise them:

  • You may request to access, correct, update, or request the deletion of your personal information based on information collected from accessing our Webinars.

  • You may request additional information related to the purposes for which we process your personal information, the categories of personal information we process, where we originally collected the information, who we share it with, and how long we will retain it.

  • You may object to our processing of your personal information, request that we restrict the processing of your personal information, or request portability.

  • You have the right to opt out of marketing communications we sent you at any time. You can do so by clicking the "unsubscribe" or "opt-out" link in the marketing emails we send to you. You may also opt out of other forms of marketing (such as postal or telemarketing).

  • Where we have collected and processed your personal information with your consent, you can withdraw your consent at any time. However, withdrawing your consent will not affect the lawfulness of any processing we conducted before your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

  • Upon your request, and where it is technically feasible, ETHIX360 will provide you with a copy of your personal information or transmit it directly to another controller.

  • You have the right to submit a complaint to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authorities.  Contact details are available here.

To make a request, please email us at subjectaccessrequest@ethix360.com with "Personal Information Request" in the subject line and provide us with full details about your request, including your contact information and any other detail you believe is important. Ethix360 will respond to an access request within 30 days of receiving such a request, or if we cannot, we will notify you and provide you with the reason for the delay.

California Citizen Rights:

If you are a California-based consumer, as that term is defined under California law, this section shall apply in addition to all other applicable rights and information contained in this privacy statement. We collect, use, and disclose the categories of personal information from the sources identified in this privacy statement. Our business purposes for such collection, use, and disclosure, along with any categories of third-party partners, are identified in this privacy statement. Individuals who reside in the state of California have additional rights reserved under the California Consumer Privacy Act and the California Shine the Light law:

  • You have the right to request that we provide you with the categories of personal information and the specific pieces of personal information we have collected and stored about you.

  • You have the right to request that we delete the personal information we, or our service providers, store about you.

  • If you elect to exercise any rights under this section of our Privacy Statement, we will not discriminate or retaliate against you.

  • We do not sell personal information.

  • To exercise your rights as a California consumer, please call us at +1 866-960-0965.  Also, be sure to check this Policy for updates as we will review it at least every 12 months and make updates as necessary. 

Student's and Children's Privacy:

(FERPA) -  In the United States, student and parent confidentiality is the law. Family Educational Rights and Privacy Act (FERPA) is a federal statute that ensures that parents have access to their children's educational records and protects the privacy rights of parents and children by limiting access to these records without parental consent.  FERPA protects and limits the unauthorized disclosure of personally identifiable student information (PII) from education records, such as SSNs, similar identifiers, and student ID numbers; electronic identifiers that, when combined with other information, grant access to a student's records; and educational performance records.

In cases of health and safety emergencies that represent an imminent danger to the student, other students, or other members of the school community, information may be released to authorized officials. For example, but not limited to:

  • To parents when the student is a dependent on the parents' federal income tax;

  • In connection with a health or safety emergency; 

  • When the student is a sex offender or officially considered a terrorism suspect;

  • When a postsecondary student under 21 has violated a law or an institution's rule regarding alcohol or a controlled substance.

(COPPA) - ETHIX360 complies with the Children's Online Privacy Protection Act of 1998 (COPPA).  We do not knowingly collect Personal Information or direct its Site to children under the age of 13. If we learn that a user of the Site is under 18 years old, we will promptly delete any personal information that the individual has provided to us.

42 CFR Part 2:

ETHIX360 complies with the federal confidentiality law and regulations that protect the privacy of substance use disorder (SUD) patient records by prohibiting unauthorized disclosures of patient records except in limited circumstances. The regulations implementing the law are at 42 CFR (Code of Federal Regulations) Part 2.

42 CFR Part 2 generally prohibits treatment programs and certain third-party recipients from disclosing patient identities or records without patient consent, except in the following circumstances:

  • Medical emergencies, 42 CFR § 2.51

  • Child abuse or neglect reports required by state law, 42 CFR § 2.12(c)(6)

  • Reporting a patient's crime on program premises or against program personnel, 42 CFR § 2.12(c)(5)

  • Qualified audit or evaluation of the program, 42 CFR § 2.53

  • Research requests, 42 CFR § 2.52

  • Qualified Service Organization Agreements, 42 CFR § 2.12(c)(4)

  • Court orders authorizing disclosure and use of the patient records, 42 CFR §§ 2.61-2.67

Both 42 CFR Part 2 and HIPAA – the Health Insurance Portability and Privacy Act of 1996 – protect patient privacy by regulating the way that patient information can be shared and disclosed. HIPAA applies to many types of patient information, not just SUD information, and generally is less protective of patient privacy than 42 CFR Part 2.

HIPAA also permits disclosures without patient consent for "treatment, payment, or healthcare operations." 45 CFR § 164.506. For patients with SUDs, these disclosures may lead to stigma and discrimination at the hands of their healthcare providers and the loss of insurance or even employment. 42 CFR Part 2 requires patient consent authorizing disclosure of SUD records for treatment, payment, or healthcare operations. 42 CFR § 2.33.

Swiss-U.S. Privacy Shield Framework:

ETHIX360 Incorporated complies with the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from Switzerland to the United States. ETHIX360 has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

ADDITIONAL IMPORTANT INFORMATION

Identity Verification Requirement:

By law we are required to verify that any request submitted was made by someone with the legal right to access the data. Before accessing or sharing any information according to a data subject access request, we may request that you provide us with additional information for us to verify your identity and legal authority.  Under certain circumstances we may not be able to fulfill your requests, such as where doing so would interfere with our regulatory or legal obligations, where we cannot verify your identity, or if your request involves disproportionate cost or effort; in any event, we will respond to your request within a reasonable time frame and as required by law, and provide you an explanation.

Data Security and Integrity:

ETHIX360 is concerned about the security of your data. We have implemented technical and organizational security measures that are designed to help protect your information from unauthorized access, disclosure, use, and modification. From time to time, we review our security procedures to consider appropriate new technologies and methods.

We follow generally accepted industry standards to protect the personal information submitted to us, both when transmitted and when stored. ETHIX360 has placed security measures and firewalls on all network servers in an attempt to prevent outside parties from accessing private information. However, no method of transmission over the Internet or method of electronic storage is 100% secure. If we learn of a security breach, we may attempt to notify you electronically so that you can take appropriate protective steps. We may also post a notice on the Website or send out email notifications if a security breach occurs. Depending on where you live, you may have a legal right to receive notice of a security breach in writing. If you have any questions about the security of your personal information, please email us at subjectaccessrequest@ethix360.com.

Data Retention:

How long we keep the personal information we collect depends on the type of information, the purpose for which it is used, how sensitive it is, and similar factors. In general, we will retain your personal information for the length of time reasonably needed to fulfill the purposes outlined in this privacy policy (including for as long as need to provide you or our customer with products and services), unless a longer retention period is required or permitted by law. We will also retain your information as long as necessary to resolve disputes and/or enforce our rights and agreements. We keep your account information for the Optimizely Services for as long as your employer's account is active and after that unless your employer requests deletion. Aggregated information may be stored indefinitely.

Updates:

From time to time, we may change this privacy policy to accommodate changes to our products, services, and companies, new technologies or industry practices, updated regulatory requirements, or for other purposes. Any updates will be made to our Website as needed and without prior notice to you to reflect changes in our personal information practices. We will post a prominent notice on our Site to notify you of any significant changes to our Privacy Statement and indicate when it was most recently updated. We encourage you to periodically review this page for the latest information on our privacy practices.

Questions or Concerns: 

If you have received an unwanted, unsolicited email sent by ETHIX360, please forward a copy of that email with your comments to info@ethix360.com for review.

If you have questions or complaints regarding our privacy statement or practices, please contact us at subjectaccessrequest@ethix360.com with "Privacy Question or Concern" in the subject line and provide detail on your question or complaint so that we may adequately respond.

Last modified: May 15th, 2020