What information do we collect?
We collect information about you if you:
- use the Application;
- enquire about or purchase our Services (either in your own capacity, or as a representative for your employer); or
- use one of our Services (either for your own professional purposes (e.g. as an educator), or during the course of your employment for an organization (such as a hospital or other service provider or other educational facility) which utilizes our Services, or where you participate in a training program using our Services
- We will collect any and all information that you input. We may also collect your physical location through “geo-tagging,”
TYPES OF INFORMATION COLLECTED
The personal information we collect depends on the context of your interaction with the Company and can include:
- Identity data including first and last name, username, title
- Contact data including email address, postal address (billing or delivery), employer or organization details, phone number and other similar contact data
- Profile data including username and credentials such as job title and role such as RN, MD, RRT among others, passwords, password hints and other similar information for authentication and account access, purchases or orders made by you, feedback and survey responses
- Usage data including information about how you use our Website or Services such as Scenarios performed, team skill level performance, debriefing reports, and objectives selected for scenario.
- Demographic data such as location, country, and preferred language
- Payment data necessary to process your payment if you make purchases such as your credit card or other bank card number
- Transaction data such as details about payments to and from you and other details of products or services you have bought from us
- Technical Data including internet protocol (IP) addresses, login data, browser type and version, time zone and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Websites or Services
- Marketing and communication data including your preferences in receiving marketing from us and our third parties and your communication preferences
- (if relevant) employer’s name, hire date, department, and job title; details of any training or performance records and levels of competence obtained through your use of the Services and details of your access to and use of the Services.
We may aggregate or otherwise de-identify your personal information, so that we can use it for our own statistical, analytical, or benchmarking purposes. We do this to better understand how users interact with our website, or to understand and evaluate how our products are used, so that we can make evidence-based improvements to them. The de-identified information that we use for these purposes will not directly or indirectly reveal your identity.
Information you give us:
When you use the Websites or contact us in any way: You may give us information about yourself by filling in forms on our Websites or by corresponding with us by phone, email or otherwise. This includes information you provide when you submit documentation to us, register to use our Websites, enquire about or purchase our Services, subscribe to our Services, interact with our personnel, report a problem on our Websites or when you provide feedback. If you contact us through the Websites, we will keep a record of our correspondence.
When you use the Services: We receive and store information that you directly provide to us through your use of Services including any personal information that you provide to us when you register for the first time as a user of our Services.
Many Services are intended for use by our customer organizations and are in those cases, administered to you by your organization. We collect and process our customers’ information on their instructions and in accordance with our agreements with them. Your use of the Services may be subject to your organization’s policies, if any. If you use any Services under direction from an organization you have a connection with (such as an employer or a school), that organization will (1) control and administer your use of the Services and (2) access and process your personal information. If your organization administers your use of the Services, please direct your privacy enquiries to your organization. Your organization is the data controller of your personal information for such purposes, and we are the data processor. The Company is not responsible for the privacy or security practices of its customers and these may differ from those set out in this Privacy Statement.
Information we automatically collect about you:
When you use the Websites or the Services: We may automatically collect technical information including the Internet Protocol (IP) address used to connect your computer or tablet to the internet and your login information, browser type and version, time zone setting as well as information about your visit including pages visited. We will also collect information about your visit including the full Uniform Resource Locators (URL), clickstream to, through and from our Website (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information and any phone number used to call our customer service number.
Information we receive from third parties.
We also obtain personal information from third parties according to the practices described in this Statement together with any additional restrictions imposed by the source of the data. These third-party sources include:
- Customer organizations (please refer to the IMPORTANT NOTE above).
- Service providers that help us to determine a location based on your IP address or assist us with technical, payment and delivery services
HOW YOUR PERSONAL INFORMATION IS USED
Where you use the Services at the request of your employer, and we provide Services to your employer, we collect, use and share your personal information for the above purposes at the request of, and in accordance with the directions of your employer. Your employer is the data controller of your personal information for such purposes, and we are the data processor. Your employer has personal information protection policies and processes that may differ from the privacy notice you are currently reading and we recommend that you read such policies before accessing or using the Services.
If you have yourself individually subscribed to the Services, we collect, use and share your personal information for the above purposes for and on your behalf and we are the data processor of your personal information for such purposes.
We will not sell your personal information or share it with third parties for use in advertising or marketing of their products or services.
HOW WE SHARE YOUR INFORMATION
Where you use the Services at the request of your employer, and we provide services to your employer, we share your personal information with your employer for certain purposes as data processor of your employer – see “HOW YOUR PERSONAL INFORMATION IS USED” above.
We use third-party service providers (for example, AWS) to store and process your personal information. Where our Service is one that is being provided in conjunction with one of our partners, we will share personal information with that partner for the purpose of issuing certificates of competence endorsed by that partner. Our partners are required by us to provide substantially the same level of security and protection to your personal information as we ourselves are obliged to under this Privacy Statement.
We may share your personal information with our payment processing service providers in connection with the payment processing services that they perform for us in connection with processing your purchase of the Services. They are not authorized by us to use the information for their benefit.
Our service providers have to follow our express instructions when processing personal information you provide and they must comply with appropriate retention and security measures to protect such personal information and we do not allow them to use this information for their own purposes.
We may also share your personal information in response to a request by government or regulatory authorities, law enforcement or an order of the courts; to a potential acquirer of our business; and as permitted by applicable laws and regulations.
Links to other websites.
The Websites contain links and interactive features with various social media platforms, such as Facebook, YouTube, and Twitter. If you give information to these platforms, then your information will be registered on these platforms and will be available to anyone who uses the platforms. If you already use these platforms, their cookies may be set on your device when using our Websites and they may already have certain information about you which they may combine with information collected on our Websites. These features may enable integration and/or access to your social media accounts. We do not control those social media services, your profiles on those services, modify your privacy settings on those services or establish rules about how your information on those services will be used. You and the social media service providers are in control of those issues. You are encouraged to read all policies and information on the applicable social media services to learn more about how they handle your information before using any such features made available to you on the Websites. We are not responsible for any acts or omissions by any social media service provider or your use of features that come from their features or platform.
RETENTION OF YOUR PERSONAL INFORMATION
In the limited circumstances where we are the data controller of your personal information (see “How Your Personal Information Is Used” above for further details), we maintain your personal information only for as long as is it is necessary. In some circumstances we may store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting requirements. In specific circumstances we may also store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings
Where your employer or another organization is the data controller of your personal information, please refer to their personal information protection policies and processes for information about the relevant retention period(s).
DATA INTEGRITY AND SECURITY
We are committed to the privacy and confidentiality of the personal information in our control or possession (as the case may be). We are obliged to have appropriate physical, electronic and managerial protection measures in place to prevent unauthorized access, erasure, loss, use, processing or disclosure of your personal information, and we take reasonable steps to do so. We will continue to review and update our security measures where appropriate, as new technology becomes available.
Unfortunately, transmission of information via the Internet is not completely secure. Although we use reasonable measures to protect your personal information, we cannot guarantee the security of your personal information.
Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your personal information:
- To access personal information
- To correct / erase personal information
- To restrict the processing of your personal information
- To transfer your personal information
- To object to the processing of personal information
- To object to how we use your personal information for direct marketing purposes
- To obtain a copy of personal information safeguards used for transfers outside your jurisdiction
Importantly, in situations where we act as a data processor (for example, where we collect personal information from you through the use of our Services, as more fully described throughout this Privacy Statement) you should exercise your rights against the relevant data controller (for example, your employer, where your employer is the customer organization which has purchased our Services).
California Online Privacy Protection Act Compliance
Because we value your privacy we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act. We therefore will not distribute your personal information to outside parties without your consent.
Residents of the State of California, under certain provisions of the California Civil Code, have the right to request from companies conducting business in California a list of all third parties to which the company has disclosed certain personally identifiable information as defined under California law during the preceding year for third party direct marketing purposes. You are limited to one request per calendar year. In your request, please attest to the fact that you are a California resident and provide a current California address for our response. You may request the information in writing at Steps Insitu, LLC, ATTN: LEGAL, 200 Walt Whitman Avenue, P.O. Box 1267, Mount Laurel, NJ 08054 and firstname.lastname@example.org.
Childrens Online Privacy Protection Act Compliance
We are in compliance with the requirements of COPPA (Childrens Online Privacy Protection Act), we do not collect any information from anyone under thirteen (13) years of age. Our Application, products and services are all directed to people who are at least thirteen (13) years old or older.
Keeping Your Information Secure
We have implemented security measures we consider reasonable and Appropriate to protect against the loss, misuse and alteration of the information under our control. Please be advised, however, that while we strive to protect your personally identifiable information and privacy, we cannot guarantee or warrant the security of any information you disclose or transmit to us online and are not responsible for the theft, destruction, or inadvertent disclosure of your personally identifiable information. In the unfortunate event that your “personally identifiable information” (as the term or similar terms are defined by any Applicable law requiring notice upon a security breach) is compromised, we may notify you by email (at our sole and absolute discretion) to the last email address you have provided us in the most expedient time reasonable under the circumstances; provided, however, delays in notification may occur while we take necessary measures to determine the scope of the breach and restore reasonable integrity to the system as well as for the legitimate needs of law enforcement if notification would impede a criminal investigation. From time to time we evaluate new technology for protecting information, and when Appropriate, we upgrade our information security systems.
Contact and Opt-Out Information