Topcademi for Business Privacy Statement
This Topcademi For Business Privacy Statement updated on February 10, 2021.
In the course of providing Topcademi for Business (“TFB”) services and related services to its corporate, non-profit organization and governmental customers (“Customers”), Topcademi will receive and have access to personal data of individual users to whom customers grant access (“Users”). For the purposes of this privacy statement, Customers are data controllers and Topcademi is a data processor. Topcademi’s processing of User data and the security measures implemented to protect such data are detailed in and governed by a written agreement between Topcademi and each of its Customers.
As a data processor, Topcademi will access, store and use the personal data of individual Users solely for the purpose of providing the TFB services to its Customers and will process the data as instructed by its Customers.
As data controllers, Customers decide which of their employees or other authorized personnel are given access to the TFB services. They do this by designating one or more TFB account administrators or group administrators (“Administrator”) who have the ability to customize the Customer account, manage individual User accounts, access the TFB Insights tool and related reporting features, access the TFB Administrator tools, and, when instructed by the Customer, populate the Customer account with Customer-provided courses. Customers are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, relating to the collection of personal information relating to individual Users selected by Customers for accessing the TFB services. Topcademi has no direct relationship with individual Users, who should contact Customers (their employer) for assistance with any requests or questions relating to the processing of their personal information.
For avoidance of doubt, this Privacy Statement does not apply to:
- any processing of data for the purpose of marketing the TFB service to enterprise and corporate prospects;
- any other offerings available at Topcademi.com separate from the TFB services, for which the Topcademi Privacy Policy is applicable. A User may already have a account with Topcademi to access Topcademi’s marketplace educational content, and data processed as a result of the use of the Topcademi marketplace from a User account is governed by the Topcademi Privacy Policy.
In the event where Topcademi makes any material changes to the manner in which it processes User data to provide its services to Customers, it will notify Customers.
Topcademi for Business Privacy Statement
- Information about Users collected and stored by Topcademi
- Purpose of User Data Processing
- Cookies and other Tracking Technologies
- Sharing User Information with Sub-Processors
- Processing of User Data outside of the EEA
1. Information about Users collected and stored by Topcademi
- When a User is given access to the TFB services by the Administrator, a User may set up an individual User account and Topcademi will collect information provided by the User or the Administrator. The Customer can customize the type of data requested to create an account, which may include the following:
- first name, last name, and email address required
- photo, areas of interest, job skills, goals, and role (optionally provided by User or Customer)
- other personal data, as allowed by the Customer
A unique identifying number is assigned by Topcademi upon the creation of a User account.
- Individual User account information may be set to private or public, as selected by Users. If set to public, the information is searchable via search engines and viewable by anyone, including by other Users and the Customer.
- Administrators may assign a User to a group membership
- Customers may select to integrate with TFB a Single Sign On (SSO) identity provider to enable Users to log in to TFB User accounts without the need to disclose passwords to Topcademi. In such case Users may log in by providing their individual SSO credentials to the SSO identity provider, which will authenticate them and allow or deny access to the Customer account. In such case, SSO identity providers share with Topcademi a unique cookie ID and authentication “token” information to recognize the User as an authorized user of Customer.
- At the option of the Customer, the TFB service may enable Administrators and Users to interact with others, including with instructors, teaching assistants, other students, and the Customer, by posting reviews on a course, sending messages to or chatting with others, posting questions or answers, or posting other content. Such public or shared content is stored by Topcademi and may be publicly available or viewable by others, including Administrators, Users, or instructors and teaching assistants, depending on where such content is posted.
- At the option of the Customer, Administrators may enable the ability to “Share to Slack.” This optional feature allows Users to manually or automatically post a message to the Customer’s own instance of the Slack messaging service. To enable this optional functionality, Customer's Slack administrators must grant Topcademi the ability to read the full list of public channels, private channels, and users in the Customer’s Slack instance. These lists may include individuals in Customer’s Slack instance who are not TFB Users. Slack user lists and channels are briefly cached before being automatically purged from Topcademi's systems.
- Topcademi stores information relating to the activities of Users as they use and interact with the TFB services, such as courses enrolled in and viewed (and information relating to these courses); interactions with instructors, teaching assistants, Administrators, and other Users; and progress within a course; as well as answers, essays and other items submitted by Users to satisfy the course requirements. This information is linked to a User’s unique account ID and is shared with Customers via the Customer Account reporting tools or upon request of the Customer.
- The TFB service enables Users to contact the Topcademi Support Team for assistance or to report a problem, concern, potential abuse or other issues regarding the TFB services or other users. Topcademi may collect and store the User’s name, email address, location, operating system, IP address as well as the User’s activity on the Topcademi platform and communications with the Topcademi help desk team. Topcademi may request additional information from Users in order to resolve any issue reported by a User or by another user.
- When a User uses the TFB services, Topcademi collects and stores certain information by automated means: (a) technical information about the User’s computer or wireless device, such as IP address, operating system type and version, unique device ID, browser, browser language, domain, and other operating systems or platform information. This information is collected through the use of server log files and tracking technologies, such as: (i) cookies, which are small files that websites send to a computer or wireless device to uniquely identify a browser or mobile device or to store information in a browser setting; and (ii) other tracking technologies (see below for more detailed information).
- IP addresses received from browsers or devices of Users may be used to determine the approximate location of Users.
- If a Customer makes purchases via credit card, Topcademi collects certain data about the purchase (such as name and zip code) as necessary to process the order. Customers must provide certain payment and billing data directly to Topcademi’s payment processing partners, including name, credit card information, billing address, and zip code. For security, Topcademi does not collect or store sensitive cardholder data, such as full credit card numbers or card authentication data. In case of any fraud the Topcademi shall not be responsible and liable for any compensation.
2. Purpose of User Data Processing and Retention Period
Topcademi processes the information collected about Users and Administrators for the purpose of providing the TFB services to its Customers, specifically:
- Providing, administering, and facilitating access to the TFB services, for Customers and Users, and managing Customer or User account preferences
- Fulfilling Customer’s instructions with respect to personal data of Users
- Displaying and sending via email notifications to Users for:
- Responding to User questions or concerns
- Making notifications to Users at the request of the Customer
- Sending Users administrative messages and information, including confirmation of account creation, course enrolment, course progress and notifications of responses from instructions to User questions
- Providing information to Users about courses available to Users, available and new TFB service features; personalized course recommendations, which Users can opt out of at any time
- Sending push notifications to User wireless devices to provide updates and other relevant messages, which can be managed from the “options” or “settings” page for the mobile application.
- Enabling communications among Users and instructors or teaching assistants
- Soliciting feedback to improve TFB User experience
- Resolving User support requests or claims
Email Preferences
Users can individually opt out of receiving non-transactional emails by: (i) following the unsubscribe instructions provided in the email communication; or (ii) managing User account email preferences. A Customer can also instruct Topcademi to configure email preference settings for all Users of a Customer.
Retention of Personal Data
Topcademi will retain the data of Users for as long as instructed by the Customer. Topcademi will delete certain or all personal data relating to Users upon request of the Customer. Topcademi may retain aggregated or anonymized data as set forth below.
Use of aggregated data
In addition, User data is aggregated with other Topcademi marketplace user data to enable Topcademi to improve its products and services and develop new products and services, including:
- Reviewing and analysing User browser and wireless device technical information
- Reviewing user activity across TFB and the Topcademi marketplace (for example, Topcademi analyses trends and User traffic and usage information to identify which courses are most popular)
- Facilitating the technical functioning of the TFB services and Topcademi marketplace, including to troubleshoot and resolve issues, secure the TFB services, and prevent fraud and abuse
- Developing a personalized course content recommendation engine
When User data is used for the above purposes, it is aggregated and/or anonymized so that no personal data of Users is processed.
3. Cookies and other Tracking Technologies
Like many online platforms, Topcademi and its analytics vendors use server log files and automated data collection tools, such as browser cookies, pixel tags, scripts and web beacons. These tools are used for analytics purposes to enable Topcademi to understand how Users interact with the TFB services. Topcademi and its analytics vendors may tie the information gathered by these means to the unique account ID of Users.
Cookies are small text files placed onto a computer or device while browsing the Internet. Cookies are used to collect, store and share bits of information about User activities. Topcademi uses both session cookies and persistent cookies.
- A session cookie is used to identify a particular visit to the TFB services and collect information about interaction with the TFB service. These cookies expire after a short time, or when the User closes their web browser after using the TFB service. Topcademi uses these cookies to identify a User during a single browsing session, such as when you log into the TFB services. This helps Topcademi improve the TFB service as well as improve the Users’ browsing experience.
- A persistent cookie will remain on a User’s device for a set period of time specified in the cookie. Topcademi uses these cookies to identify and recognize a specific User over a longer period of time. They allow Topcademi to:
- analyse the usage of the TFB services (e.g. what links Users click on) in order to improve our TFB offering
- test different versions of the TFB services to see which particular features or content Users prefer to optimize the TFB services
- provide a more personalized experience to Users with more relevant content and course recommendations and
- allow Users to more easily log in to use the TFB services. Persistent cookies include:
- preferences cookies to remember information about a User’s browser and settings preferences, such as preferred language. Preference cookies make User experience more functional and customized
- authentication and security cookies to enable a User to log in or stay logged in and access the TFB service, to protect User accounts against fraudulent log-ins by others, and help detect, fight, and protect against abuse or unauthorised usage of User accounts.
- functional cookies to make the experience of using the TFB service better, like remembering the sound volume level selected by the User.
Topcademi uses tracking technology to: (i) determine if a certain page was visited (e.g. the landing page of an advertisement for TFB services that is displayed on third party sites) or whether an email sent by Topcademi was opened or clicked on by a User; and (ii) to customize the learning experience of individual Users by recommending specific courses and other content.
Cookie list
Topcademi will retain the data of Users for as long as instructed by the Customer. Topcademi will delete certain or all personal data relating to Users upon request of the Customer. Topcademi may retain aggregated or anonymized data as set forth below.
User Preferences with respect to cookies and other tracking technologies
A User can set his or her web browser to notify about the placement of new cookies, limit the type of cookies or reject cookies altogether; if enabled, a User may not be able to use some or all of the features of the TFB services (for example, may not be able to log in). General information about cookies and how to disable them can be found at www.allaboutcookies.org.
Various browsers may offer their own management tools for removing HTML5 LSOs. Users can manage Flash LSOs here. To manage flash cookies, visit the Adobe website and make changes at the Global Privacy Settings Panel.
Most modern web browsers give you the option to send a Do Not Track signal to the websites you visit, indicating that you do not wish to be tracked. However, there is no accepted standard for how a website should respond to this signal, and we do not take any action in response to this signal. Instead, in addition to publicly available third-party tools, we offer you the choices described in this policy to manage the collection and use of information about you.
4. Sharing User Information with Sub-Processors
In order to provide the TFB services to its Customers, Topcademi shares data regarding Users with a number of third party service providers. These companies are contractually required to use User data solely as directed by Topcademi for the purpose of providing services to Topcademi.
- Instructors who upload courses on the Topcademi platform and made available through the TFB services as well as their teaching assistants, who may receive names and account profile information of Users, to enable them to respond to user questions and feedback.
- Other service providers of Customer, as instructed by Customer.
- To perform its services, Topcademi leases servers from data centers operated by Knorish via Amazon Web Services (AWS) and located in the United States. Topcademi also contracts with Knorish platform for Amazon Web Services (AWS) for hosting services, and certain content and User data relating to TFB is hosted via AWS’s cloud hosting solutions.
- Topcademi’s help center platform vendor (Zendesk as of the effective date of this Privacy Statement) hosts and stores all communications between Administrators or Users and the Topcademi support team. Zendesk is contractually required to store and process User related data solely as directed by Topcademi for the purpose of providing services to Topcademi. Topcademi also partners with Intercom, a chat messaging tool for support to Users and Administrators and for collecting their feedback, as well as in-app messages such as feature announcements or onboarding for new users.
- Topcademi shares User information with third party companies, i.e., convertkit, getresponse etc., that perform email services to enable Topcademi to send email communications to Users and to manage email preference settings of Users.
- Administrators of existing Customers are able to access our list of current sub-processors on the left sidebar of this page while logged in to Topcademi for Business.
- Topcademi shares User information with third party companies that perform data analysis services to enable Topcademi to better understand how Users use the TFB service. These companies include Chartio, Google Analytics and Hotjar. To prevent Google Analytics from collecting information for analytics, a User may install the Google Analytics Opt-Out Browser by clicking here, and may also use Mixpanel’s opt out by clicking here.
Any other sharing of User data is subject to the consent and instructions of Customer.
5. That if any employee of the Topcademi commits any breach of the privacy policy then the Topcademi shall not be responsible for any criminal act and shall not be liable for any loss occurred due to such criminal act of the employee. That the Topcademi shall bring criminal action against the erring employee of the Topcademi on behalf of the customer if the customer so instructs and may also file suit for any loss and no separate power of attorney will be required.
6. Processing of User Data outside of the EEA
All data processing described in this Privacy Statement occurs in the United States, Ireland and, for R&D purposes, Turkey. If personal data processed by Topcademi originates from a User or Administrator in the EEA, Topcademi will ensure, that such processing will only take place if: (a) the non-EEA country in question ensures an adequate level of data protection; (b) the transfer is made pursuant to a Data Processing Agreement (“DPA”) executed between Topcademi and the Customer and subject to the standard contractual clauses designed to facilitate transfers of personal data from the EEA to all third countries that have been adopted by the European Commission (known as the, “Model Clauses”), which have been incorporated into the DPA.